Pass the Isaca AI-Centric Security Management AAISM Questions and answers with CertsForce

AAISM defines model inversion attacks as those where adversaries use queries or synthetic data to reconstruct sensitive information or approximate the inner workings of a model. By exploiting outputs, attackers attempt to reverse engineer training data or model functionality. Distillation refers to compressing models, not adversarial attacks. Prompt attacks relate to manipulating language model inputs, and poisoning occurs when adversaries corrupt training data rather than infer from outputs. The scenario describes attackers using synthetic data to reveal hidden characteristics, which aligns directly with inversion attacks.

AAISM directs organizations to embed security, safety, and compliance controls at design time (“secure-by-design” and “shift-left”), ensuring requirements for robustness, privacy, and governance are defined as non-functional constraints on architecture, data sourcing, model choices, and evaluation criteria before any model is trained. Deferring these requirements to training, testing, or deployment increases residual risk and rework, and weakens traceability of control coverage.

AAISM highlights unbounded consumption (token/payment exhaustion, unmetered tool calls, prompt bombs) as a key LLM risk affecting cost and availability. Controls include request quotas, max tokens, rate-limits, budget guards, circuit breakers, and cost-aware routing. Excessive agency (A) relates to unsupervised actions; sensitive disclosure (B) and prompt leakage (C) are confidentiality risks, not primary drivers of runaway compute spend.

The AAISM framework explains that embedding unique identifiers—such as digital watermarks or model fingerprints—enables organizations to trace and verify model provenance. This technique is used for tracking ownership and intellectual property rights over models, particularly when sharing, licensing, or distributing AI systems. While identifiers may support certain security functions, their primary control objective is ownership verification, not preventing access, bias removal, or adversarial detection. The correct alignment with AAISM controls is tracking ownership.

AAISM classifies learning paradigms by the presence of labeled targets. Creating categories (labels) and training on them is supervised learning, where input features are mapped to known outputs and optimization minimizes prediction error against ground truth. Unsupervised (B) discovers structure without labels; reinforcement (A) optimizes behavior via rewards; “machine learning” (C) is the broad field, not the specific technique.

According to AAISM governance principles, the risk appetite of the organization is the most important factor in selecting appropriate frameworks for AI governance. Risk appetite defines the level of risk an organization is willing to accept in pursuit of its objectives, ensuring frameworks are aligned with strategic goals. Risk tolerance and thresholds are operational measures derived from appetite, and the risk register is a documentation tool. The foundational consideration for framework alignment is the organization’s risk appetite.

Restricting access to sensitive data and artifacts (e.g., training data, feature stores, model weights, prompts, system designs) using least-privilege, segregation, encryption, and monitoring is the most effective way to protect trade secrets throughout the AI lifecycle. Patents require public disclosure, trademarks protect branding (not secrets), and output watermarks help provenance/abuse deterrence but do not secure underlying proprietary know-how.

AAISM governance practices identify ownership and accountability as the most critical element in any centralized AI inventory. An AI inventory provides oversight by cataloging all AI assets within an organization, and assigning responsibility ensures that each system has clear governance, monitoring, and compliance coverage. While use cases, training data, and registries are valuable metadata, they do not guarantee accountability. Without defined ownership, no party is responsible for addressing risk, bias, or incidents. Therefore, the most important information to include is ownership and accountability details for each AI system.

AAISM emphasizes that when model drift occurs, the best response is not a quick fix but rather to revisit an earlier phase of the AI life cycle to address data quality, retraining, or evaluation processes. Simply taking the model offline halts functionality without resolution, while adjusting hyperparameters or issuing emergency changes treats the symptom rather than the root cause. Proper governance requires returning to the design or training phases to re-establish stability, accuracy, and compliance of the model. Thus, the correct approach is to return to an earlier AI lifecycle phase.

Evasion attacks manipulate inputs to induce misclassification while leaving the model unchanged. AAISM prescribes adversarial robustness controls, with adversarial training as a primary measure: incorporate adversarially perturbed examples into training/validation to harden decision boundaries and improve resilience across threat models (e.g., Lp-bounded perturbations). Monitoring (A) is detective, not preventive. Restricting parameter access (C) protects confidentiality but does not mitigate input-space attacks. Differential privacy (D) addresses training data leakage, not robustness to adversarial inputs.