Pass the Isaca AI-Centric Security Management AAISM Questions and answers with CertsForce

AAISM emphasizes that the right to audit is the most critical contractual safeguard when outsourcing AI services. This allows the contracting organization to independently verify that the vendor is applying appropriate protections to training data, meeting compliance obligations, and upholding privacy requirements. Pseudonymization is a technical method, monitoring is operational, and certifications provide external assurance, but none give the direct, enforceable oversight that audit rights provide. In vendor contracts, the right to audit is the primary safeguard for data protection and governance.

AAISM emphasizes that the primary objective of responsible AI is to establish and maintain trust in AI-driven decisions and predictions. Trust is achieved through transparency, accountability, fairness, and governance. While confidentiality and integrity are critical technical objectives, they are not the overarching purpose of responsible AI service provision. Autonomy and learning ability are features of AI, but without trust, adoption and compliance falter. The correct answer is that responsible AI services must focus on building trust in AI outcomes.

Hidden triggers are adversarial backdoors planted in AI models, activated only by specific inputs. The AAISM materials specify that the best mitigation is to use adversarial training, which deliberately exposes the model to potential trigger inputs during training so it can learn to neutralize or resist them. Retraining with diverse data reduces bias but does not address hidden triggers. Differential privacy is focused on privacy preservation, not adversarial resilience. Monitoring outputs can help with detection but is reactive rather than preventative. The proactive solution highlighted in the study guide is adversarial training.

AAISM directs that when harmful or biased behavior is observed in a production AI system, the organization should enter a formal incident/variance handling workflow that begins with root cause analysis (RCA) to identify the source of deviation (data drift, concept drift, feature leakage, pipeline changes, control failures) and determine proportionate risk treatments. Immediate retraining (Option A) without RCA risks reinforcing the same bias; audits (Option C) are key activities within RCA rather than the action that frames the response; a kill switch (Option D) is reserved for conditions where risk exceeds the defined tolerances and immediate harm prevention is required.

AAISM classifies model inversion as a privacy/information-leakage threat where adversaries infer or reconstruct sensitive training data or attributes from model outputs—directly jeopardizing confidential information targeted by APTs. While data poisoning, unauthorized tuning, and model distillation present material risks (integrity, governance/IP theft), the scenario’s stated objective—accessing confidential information—most directly maps to inversion. Accordingly, AAISM prioritizes defenses such as output regularization, confidence suppression/calibration, overfitting controls, privacy-preserving techniques, and strict access/telemetry on inference interfaces.

AAISM risk management guidance clarifies that the organization’s risk tolerance is the most important factor in determining how much monitoring is needed. Risk tolerance specifies the amount of risk the organization is willing to accept and defines the threshold for triggering monitoring or mitigation activities. Risk appetite is broader and strategic, while tolerance sets the operational limits. The number of users may influence scale, and compensating controls may affect resilience, but neither dictates monitoring intensity as directly as risk tolerance.

Data splitting partitions a labeled dataset into training, validation, and test subsets to enable unbiased model tuning and evaluation. Training (A) consumes the training split; annotating (B) adds labels; learning (D) is a general term for model optimization, not a data management step.

The model card is a governance artifact that communicates intended use, performance characteristics, limitations, fairness considerations, and ethical notes of an ML model.

AAISM governance materials highlight that stakeholder trust comes from transparency and explainability. While hyperparameters and data quality controls are technical details, they lack stakeholder-facing clarity. Model prototyping is part of development but not a governance record.

Model cards are explicitly recommended to:

Provide explainability and context for decision-making.

Demonstrate governance, transparency, and compliance.

Enable stakeholders (regulators, auditors, business leaders) to trust the system.

Therefore, the model card is the artifact that best enhances trust.

AAISM governance guidance specifies that alignment between AI system adoption and organizational risk appetite is achieved by defining and monitoring acceptable levels of system risk. This ensures that generative AI operations remain within boundaries approved by leadership and compliance frameworks. While KPIs track performance, they do not ensure alignment with risk tolerance. AI impact assessments help identify risks but do not maintain continuous oversight. A risk register records risks but does not dynamically enforce acceptable thresholds. The most effective governance approach is to establish and monitor acceptable AI system risk levels.

The greatest immediate risk from unsanctioned use of public or open-source generative AI tools is data leakage—employees may paste confidential or regulated information into third-party systems, resulting in loss of confidentiality, regulatory exposure, and loss of intellectual property. AAISM emphasizes that when AI use occurs outside approved channels, the top control priority is preventing exfiltration of sensitive data via prompts, attachments, and context sharing. Monitoring and policy are necessary enablers, but leakage is the highest-impact failure mode in the short term; hallucinations primarily affect accuracy, not confidentiality.