ISACA AAISM - Advanced in AI Security Management Guide

ISACA's AAISM credential is designed for security professionals managing complex AI systems. it combines risk management and technical controls.

What is 'Prompt Injection'?

Answer : A security vulnerability where an attacker manipulates an LLM's output by injecting instructions that override its original system prompt.

Can be used to bypass safety filters or extract sensitive configuration details.

Define 'Model Stealing' (Extraction Attack).

Answer : Using a large number of queries to a target model to build a clone or approximation of its logic and intellectual property.

Allows competitors to steal expensive proprietary AI logic for the cost of API calls.

How does 'Differential Privacy' help in AI security?

Answer : It adds mathematical noise to data before training to ensure individual data points cannot be identified, while preserving group patterns.

The gold standard for protecting privacy in high-scale machine learning datasets.

What is an 'Evasion Attack'?

Answer : Modifying an input (like an image or email) so subtly that it is invisible to humans but causes the AI to misclassify it.

Used to bypass spam filters or fool facial recognition and autonomous driving systems.

What is the primary focus of 'AI Threat Modeling'?

Answer : Expanding traditional security threat models to include AI-specific attack vectors like training data poisoning and membership inference.

Essential for building resilient AI architectures by design.

Related Certifications

• ISACA CISM - Certified Information Security Manager
• ISACA CISA - Certified Information Systems Auditor
• ISACA CRISC - Certified in Risk and Information Systems Control
• ISACA CGEIT - Certified in the Governance of Enterprise IT
• ISACA Advanced in AI Audit (AAIA)