Isaca Updated AAISM Exam Questions and Answers by alby

Security by design in AI requires establishing risk-informed requirements at the earliest stages of the lifecycle and systematically translating them into architectural controls. Conducting AI-specific threat modeling before deployment is the highest-leverage action because it identifies assets (data, models, pipelines), trust boundaries (feature stores, training/inference services), threat events (poisoning, evasion, model extraction), and attack paths unique to ML systems. The outputs (abuse/misuse cases, control objectives, verification plans) then drive selection and prioritization of controls such as privacy-enhancing techniques, access controls, isolation, monitoring, and assurance testing. While differential privacy (C) is a strong control for leakage risk, it is one control choice among many and should be selected as a result of threat modeling. IP allow lists (B) and container segmentation (A) are valuable hardening measures but are narrower and do not replace the lifecycle-wide governance and design traceability that threat modeling enables.

AAISM materials make clear that the best safeguard against sensitive information being leaked through the outputs of LLMs is data sanitization. This involves filtering, redacting, or masking sensitive content before the model can use it, thereby preventing unintended disclosure in outputs. Encryption protects confidentiality in storage and transmission but does not stop output leaks. Adversarial testing helps identify vulnerabilities but does not prevent exposure by itself. Least privilege access restricts who can interact with the model but does not sanitize the content of its outputs. The control most directly tied to preventing leakage is implementing data sanitization techniques.

According to AAISM technical content, supervised learning models reduce false positives by learning from historical labeled data that distinguishes between legitimate activity and actual threats. This training enables the model to recognize patterns and improve its discrimination ability over time. Grouping patterns (A) describes clustering, an unsupervised method. Real-time feature engineering (B) and generating new labeled data (D) are advanced techniques but not the fundamental supervised learning approach. The essence of supervised learning is leveraging labeled data to minimize misclassification, including false positives.

AAISM instructs that acceptable risk thresholds must be determined using business impact analysis. This aligns with the broader enterprise risk management principle of defining tolerances based on:

• potential harm

• regulatory exposure

• financial impact

• operational disruption

Monitoring (A) detects attacks but does not set thresholds. Blocking special characters (B) is unrealistic and overly restrictive. Static thresholds (D) ignore business context and practicality.