Exam Vouchers: ISACA Advanced in AI Security Management™ (AAISM™) Exam Voucher (AAISM-EXAM)

With the significant potential of artificial intelligence comes new threats and vulnerabilities. ISACA Advanced in AI Security Management™ (AAISM™) is the first and only AI-centric security management certification designed to help experienced IT professionals reinforce the enterprise’s security posture and protect against AI-specific threats. You’ll be able to manage the evolving security risk related to AI, implement policy, and ensure its responsible and effective use across the organization.

Be there when AI security decisions are made

ISACA’s new certification is designed to supplement certified security managers with the ability to identify, assess, monitor and mitigate risk associated with enterprise AI solutions. Professionals will deliver assurance in key practice areas, including:

- AI Governance and Program Management

- AI Technologies and Controls

- AI Risk Management

The ISACA Advanced in AI Security Management™ (AAISM™) exam consists of 90 questions covering three job practice domains, all testing your knowledge and ability on real-life job practices leveraged by AI security management professionals.

Target Audience:

- ACTIVE CISM OR CISSP HOLDERS

- PROVEN EXPERIENCE IN SECURITY OR ADVISORY ROLES

- SOME EXPERTISE ASSESSING, IMPLEMENTING AND MAINTAINING AI SYSTEMS

31% DOMAIN 1 – AI GOVERNANCE AND PROGRAM MANAGEMENT

This Domain demonstrates your ability to advise stakeholders on implementing AI security solutions through appropriate and effective policy, data governance, program management and incident response.

• STAKEHOLDER CONSIDERATIONS, INDUSTRY FRAMEWORKS, AND REGULATORY REQUIREMENTS
• AI-RELATED STRATEGIES, POLICIES, AND PROCEDURES
• AI ASSET AND DATA LIFE CYCLE MANAGEMENT
• AI SECURITY PROGRAM DEVELOPMENT AND MANAGEMENT
• BUSINESS CONTINUITY AND INCIDENT RESPONSE

31% DOMAIN 2 – AI RISK MANAGEMENT

This Domain confirms your skill at assessing and managing risks, threats, vulnerabilities and supply chain issues related to the enterprise-wide adoption of AI.

• AI RISK ASSESSMENT, THRESHOLDS, AND TREATMENT
• AI THREAT AND VULNERABILITY MANAGEMENT
• AI VENDOR AND SUPPLY CHAIN MANAGEMENT

38% DOMAIN 3 – AI TECHNOLOGIES AND CONTROLS

This Domain focuses on optimizing AI security and highlights your knowledge of security technologies, techniques and controls tailored to AI systems.

• AI SECURITY ARCHITECTURE AND DESIGN
• AI-RELATED STRATEGIES, POLICIES, AND PROCEDURES
• DATA MANAGEMENT CONTROLS
• PRIVACY, ETHICAL, TRUST AND SAFETY CONTROLS
• SECURITY CONTROLS AND MONITORING

Supporting Tasks

• Collaborate on charter, roles, and responsibilities for governance and management of AI to align with business objectives.
• Establish and maintain AI-specific security policies and procedures to inform the development and implementation of AI standards and guidelines.
• Ensure the responsible use of AI by utilizing leading practices, ethical principles, regulatory requirements, and industry frameworks.
• Participate in or oversee the AI risk management life cycle, including impacts on enterprise risk.
• Identify and assess the AI threat landscape.
• Monitor for internal and external AI-related factors to identify the need for reassessment of risk.
• Design and implement testing and vulnerability management of AI solutions.
• Conduct AI impact assessments and ensure conformity with regulatory requirements.
• Embed, monitor, and verify AI security requirements when utilizing vendor AI-enabled solutions.
• Design and implement security architecture specifically for AI.
• Advise on the integration of AI architecture as part of enterprise architecture.
• Design, implement, and regularly review AI security controls to treat risk to an acceptable level.
• Establish and maintain processes to identify, inventory, and classify data and assets related to AI.
• Identify and treat security risk associated with data used in the AI life cycle.
• Establish and maintain AI-specific processes to investigate, document, and report on AI security incidents in accordance with regulatory and contractual requirements.
• Establish and maintain AI incident handling processes, including containment, notification, escalation, eradication, and recovery.
• Address AI security risk as part of business continuity and disaster recovery planning.
• Define and monitor security metrics for AI solutions used throughout the organization.
• Review and implement AI security tools as part of the information security program.
• Conduct risk-based human oversight of AI inputs/outputs including trust and safety, quality, explainability, and robustness.
• Develop and maintain AI-specific security awareness training and acceptable use guidelines.
• Advise on security risk and controls related to the AI solution development life cycle within an organization.