AAISM
Coming Soon
Expected availability announced soon
This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.
AAISM
AAISM equips senior information security leaders with advanced AI governance, risk management, and control implementation techniques, enabling them to secure AI-driven initiatives and integrate AI safely into security operations.
150
Minutes
90
Questions
450/800
Passing Score
${'member': 459, 'non_member': 599}
Exam Cost
Who Should Take This
CISM, CISSP, or equivalent senior security managers who oversee enterprise security programs and possess deep knowledge of risk frameworks are ideal candidates. They seek to master AI-specific threat modeling, control design, and governance processes to protect critical assets while leveraging AI to enhance detection and response capabilities.
What's Covered
1
All domains and objectives in the ISACA Advanced in AI Security Management (AAISM) exam: Domain 1 AI Governance and Program Management
2
, Domain 2 AI Risk and Opportunity Management
3
, and Domain 3 AI Technologies and Controls
What's Included in AccelaStudy® AI
Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats
Course Outline
28 learning goals
1
Domain 1: AI Governance and Program Management
3 topics
AI security strategy and policy
- Design AI security strategies that integrate with enterprise security programs and address AI-specific threats, vulnerabilities, and compliance requirements.
- Develop AI security policies covering acceptable AI use, model governance, data handling for AI training, and third-party AI service procurement requirements.
- Apply stakeholder engagement practices to build cross-functional support for AI security initiatives across business, technology, and compliance teams.
AI data governance and privacy
- Evaluate data governance frameworks for AI security including training data provenance, data quality controls, and data poisoning prevention mechanisms.
- Apply privacy-preserving techniques to AI systems including differential privacy, federated learning, and data anonymization for secure model training.
- Analyze AI data lifecycle security requirements from collection through deletion to ensure compliance with privacy regulations and organizational policies.
AI incident response and awareness
- Design AI-specific incident response procedures addressing model compromise, data poisoning incidents, adversarial attacks, and AI system failures.
- Apply AI security awareness training programs to educate employees on secure AI usage, prompt injection risks, data leakage through AI tools, and social engineering via AI.
- Evaluate organizational AI security maturity by assessing governance structures, control implementation, and incident readiness against industry frameworks.
2
Domain 2: AI Risk and Opportunity Management
3 topics
AI threat landscape and risk assessment
- Analyze the AI threat landscape including adversarial machine learning attacks, model extraction, data poisoning, prompt injection, and AI-powered social engineering.
- Apply AI-specific threat modeling methodologies to identify attack surfaces, threat vectors, and potential impacts across AI system components.
- Evaluate AI security risk assessment processes to determine adequacy of risk identification, likelihood estimation, and impact analysis for AI-specific threats.
AI supply chain and third-party risk
- Evaluate AI supply chain security risks including pre-trained model vulnerabilities, third-party API dependencies, open-source component risks, and vendor lock-in.
- Apply vendor security assessment procedures for AI service providers including model hosting, AI-as-a-service platforms, and training data providers.
- Design AI supply chain risk management strategies that address model provenance verification, dependency monitoring, and vendor continuity planning.
AI-enhanced security operations
- Evaluate opportunities to leverage AI for security operations including AI-powered threat detection, automated incident triage, and predictive vulnerability analysis.
- Apply AI integration strategies for security tools including SIEM enrichment, SOAR automation, and AI-driven security analytics while managing associated risks.
- Recommend AI adoption strategies for security programs that balance automation benefits with reliability requirements and human oversight needs.
3
Domain 3: AI Technologies and Controls
3 topics
AI model security
- Apply model security controls including model access restrictions, model signing, inference rate limiting, and output filtering to protect deployed AI models.
- Evaluate adversarial robustness testing techniques to assess model resilience against evasion attacks, data poisoning, and model inversion attacks.
- Design model protection strategies including watermarking, fingerprinting, and intellectual property safeguards for proprietary AI models.
AI infrastructure security
- Apply security controls for AI infrastructure including GPU cluster security, model training pipeline protection, and MLOps platform hardening.
- Evaluate AI system access controls including model API authentication, authorization for training environments, and privileged access management for ML engineers.
- Implement AI system monitoring and logging controls that capture model inputs, outputs, access patterns, and anomalous behavior for security analysis.
- Analyze secure deployment patterns for AI systems including containerized model serving, API gateway security, and network isolation for AI workloads.
Generative AI security
- Evaluate generative AI security risks including prompt injection, jailbreaking, data leakage through prompts, and hallucination-induced security failures.
- Apply security controls for generative AI deployment including input validation, output filtering, content moderation, and guardrail implementation.
- Design organizational policies for secure generative AI adoption including approved tool lists, data handling restrictions, and acceptable use guidelines.
Scope
Included Topics
- All domains and objectives in the ISACA Advanced in AI Security Management (AAISM) exam: Domain 1 AI Governance and Program Management (31%), Domain 2 AI Risk and Opportunity Management (31%), and Domain 3 AI Technologies and Controls (38%).
- Advanced-level AI security management including AI security policy development, AI threat landscape assessment, AI security architecture, AI incident response, and integration of AI into security operations.
- AI governance and program management: AI security strategy, AI policy development, AI security awareness, data governance for AI security, AI incident response planning, and cross-functional AI security coordination.
- AI risk and opportunity management: AI threat modeling, adversarial AI attacks, AI supply chain risk, AI vulnerability assessment, AI security testing, and leveraging AI to enhance security operations.
- AI technologies and controls: model security, training data protection, AI infrastructure security, AI access controls, secure AI deployment, AI monitoring and logging, and privacy considerations in AI systems.
- Integration of AI with enterprise security including AI-powered threat detection, AI-driven security orchestration, and secure use of generative AI tools within the organization.
Not Covered
- General IT audit procedures and audit program management (covered by CISA and AAIA).
- General information security management not specific to AI (covered by CISM).
- AI risk governance frameworks and risk program management (covered by AAIR).
- Deep AI model development and machine learning engineering beyond security implications.
- Vendor-specific AI security platform administration and configuration.
Official Exam Page
Learn more at ISACA
AAISM is coming soon
Adaptive learning that maps your knowledge and closes your gaps.
Create Free Account to Be Notified