Isaca ISACA Advanced in AI Security Management (AAISM) Exam AAISM Question # 39 Topic 4 Discussion
AAISM Exam Topic 4 Question 39 Discussion:
Question #: 39
Topic #: 4
An aerospace manufacturing company that prioritizes accuracy and security has decided to use generative AI to enhance operations. Which of the following large language model (LLM) adoption plans BEST aligns with the company’s risk appetite?
A.
Developing a public LLM to automate critical functions
B.
Purchasing an LLM dataset on the open market
C.
Contracting LLM access from a reputable third-party provider
D.
Developing a private LLM to automate non-critical functions
AAISM recommends aligning AI adoption with organizational risk appetite by limiting blast radius, protecting sensitive data, and staging adoption in lower-risk domains first. Building a private LLM for non-critical functions preserves data control, enables tighter governance (access control, logging, evaluation), and confines any model errors away from safety- or mission-critical operations. A public LLM for critical functions (A) is misaligned with a high-assurance posture; buying open-market datasets (B) raises provenance and licensing risk; third-party access (C) can be appropriate but still introduces vendor/visibility limits and data residency concerns that may not meet aerospace security needs.
[References: AI Security Management™ (AAISM) Body of Knowledge — Risk Appetite Mapping to AI Use Cases; Criticality Segmentation; Data Control & Deployment Models. AAISM Study Guide — Phased Adoption for High-Assurance Environments; Private vs. Hosted LLM Trade-offs; Governance, Evaluation, and Containment Patterns.]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit