Pass the Isaca AI-Centric Security Management AAISM Questions and answers with CertsForce

When setting RPOs and RTOs for AI systems, especially generative AI, the critical factor is the restoration of training data and model artifacts within the recovery window. Without this, restored systems may function inaccurately or incompletely, undermining business continuity.

AAISM risk management principles emphasize:

Recovery objectives must align with data protection requirements for both training and inference data.

The ability to restore large-scale training datasets is primary, since downtime without them leads to operational and compliance risks.

Computational efficiency and hardware consistency are secondary considerations, but not the primary drivers of RPO/RTO definitions.

Thus, ensuring backup and restore capabilities of training datasets directly within RTO is the primary requirement.

AAISM highlights that model cards are a governance tool designed to document ethical considerations, limitations, fairness constraints, data sources, and suitability of use cases for AI models—especially when they affect individuals' rights, opportunities, or access to services.

Their greatest value is providing transparency and ethical clarity, ensuring stakeholders understand risks, bias considerations, and how decisions impact users.

Deployment instructions (B) are not part of model cards. They do not reduce data needs (C), nor is model type selection (D) their primary purpose.

AAISM identifies fairness constraints (e.g., constrained optimization, debiasing objectives, conditional generation controls, and post-processing calibrations) as the most direct, measurable method to mitigate disparate outcomes in generative systems. While data augmentation can help with coverage, and adversarial training improves robustness, fairness constraints explicitly target distributional fairness and outcome equity in generated content, aligning with governance and compliance goals.

The AAISM study material highlights blockchain as a control mechanism for managing deepfake risk because it provides immutable verification of digital media provenance. By anchoring original data signatures on a blockchain, organizations can verify authenticity and detect tampered or synthetic content. Data tagging helps organize but does not guarantee authenticity. MFA and adaptive authentication strengthen identity security but do not address content manipulation risks. Blockchain’s immutability and traceability make it the recognized technology for mitigating deepfake challenges.

AAISM categorizes the manipulation of an LLM at inference time, where crafted inputs cause outputs to serve attacker objectives, as an evasion attack. Evasion attacks exploit weaknesses in the model’s decision-making boundaries by altering queries to produce compromised or misleading outputs. Privilege escalation refers to unauthorized access rights, data poisoning targets the training phase, and model inversion reconstructs training data. In this case, manipulation of outputs to align with an attacker’s goals reflects an evasion attack.

AAISM and healthcare privacy regulations (HIPAA-like guidance within AAISM contexts) stress that documented destruction of sensitive data is required when decommissioning systems.

A certificate of destruction ensures:

• proof of lawful data disposal

• auditability

• regulatory compliance

• defensibility during inspections

Post-destruction risk assessments (A) are not primary compliance evidence. Backup tests (B) are operational tasks, not decommissioning proof. Policy updates (C) are future improvements.

AAISM emphasizes that open-source AI models present elevated data leakage risks because internal data may flow into external, uncontrolled repositories or be used for further training. Governance bodies must prioritize the risk of data exposure, model reuse, data retention uncertainty, and uncontrolled model behavior.

While accuracy (B) and support (C) are important operational considerations, they are not the primary governance risk. Employee privacy rights (D) matter but are encompassed within the broader risk of data leakage.

AAISM requires that risk thresholds/tolerances be set by aligning threat likelihood and impact with the organization’s business context and risk appetite. Determining “acceptable” risk starts with assessing business impact of credible threats (e.g., prompt injection leading to data exfiltration, policy evasion, or harmful actions), then translating this into control intensity and thresholds. Hard input restrictions (A) and static output caps (C) are blunt measures that may degrade utility without ensuring alignment to risk appetite. Monitoring (B) is essential for detection, but it does not, by itself, define what level of risk is acceptable.

AAISM states that when evaluating external AI vendors, independently issued third-party audit reports (SOC, ISO, AI assurance assessments) provide the strongest evidence of implemented controls because they are objective, repeatable, and externally verified.

Peer reviews (A) lack formality, internal red-team reports (C) are non-independent, and whitepapers (D) are marketing documents without assurance value.

AAISM identifies training-data diversity and provenance assurance as primary treatments against data poisoning. Sourcing data from multiple, independently governed providers, combined with ingestion validation and anomaly screening, reduces the chance that a single compromised source can skew model behavior and improves cross-source consistency checks. Transparency, break-glass, and awareness are valuable but do not directly reduce poisoning exposure at the training boundary.