This two-day accelerated course provides a comprehensive foundation in AI-specific security management. The ISACA Advanced in AI Security Management (AAISM™) certification equips security leaders with the knowledge and capability to govern, secure, and manage enterprise AI systems. Learners gain a deep understanding of AI governance, AI risk management, and the technologies and controls that underpin secure and ethical AI operations.
Interested in attending? Have a suggestion about running this event near you?
Register your interest now
Description
- Domain 1.
- AI governance and program management
- Stakeholder considerations, frameworks, and regulatory requirements
- Organisational structure, roles, and governance models
- Defining charters and establishing AI steering committees
- Risk appetite, tolerance, and framework alignment
- Selecting and applying appropriate AI governance frameworks
- Developing AI business use cases and managing privacy implications
- Establishing AI strategies, policies, and procedures
- Responsible and acceptable use of AI systems
- Managing AI assets and data lifecycles
- Creating AI asset inventories and data management protocols
- Model documentation, classification, and storage practices
- Implementing AI data protection and destruction measures
- Building an AI security management program
- Establishing documented plans, team roles, and proficiency standards
- Integrating AI-enabled security tools and performance metrics
- Developing KRIs and KPIs to measure AI security effectiveness
- Managing business continuity and incident response for AI
- Implementing AI-specific detection, notification, and escalation processes
- Designing AI response playbooks and red-button protocols
- Defining recovery objectives (RTO and RPO) from an AI perspective
- Domain 2.
- AI risk management
- Conducting AI risk assessments and defining acceptable risk thresholds
- Performing impact, conformity, and privacy impact assessments (PIAs)
- Developing treatment plans and documenting AI-specific risk responses
- Implementing AI-focused penetration testing, vulnerability testing, and red teaming
- Managing adversarial and insider threats within AI ecosystems
- Identifying AI-enabled threats, deepfakes, and synthetic data misuse
- Applying threat intelligence to AI-based attack chains and anomaly detection
- Managing AI vendor and supply chain risk
- Conducting due diligence and defining accountability between provider and deployer
- Managing dependencies in AI software packages and libraries
- Establishing SLAs, ownership, and IP considerations for AI systems
- Implementing access control, liability, and vendor monitoring processes
- Domain 3.
- AI technologies and controls
- Designing AI security architecture aligned with secure-by-design principles
- Managing AI change control and secure development lifecycles (SDL)
- Securing infrastructure-as-code and model interconnectivity
- Managing AI model lifecycles, including selection, training, validation, and regression testing
- Implementing technical evaluation, verification, and validation (TEVV) of AI models
- Applying data management controls to mitigate data poisoning, bias, and accuracy issues
- Managing privacy, ethical, trust, and safety controls within AI systems
- Ensuring explainability, consent, transparency, and fairness in AI decision-making
- Maintaining human oversight (human-in-the-loop) in automated processes
- Applying trust and safety measures such as content moderation and harm prevention
- Monitoring environmental impact and ensuring data minimisation and anonymisation
- Designing and implementing AI security controls and continuous monitoring processes
- Mapping AI security threats to controls and metrics
- Implementing control life cycles and self-assessments (CSA)
- Delivering AI security awareness training to drive organisational readiness
- Exams and assessments
- This course includes the ISACA AAISM™ certification exam voucher, which is taken post-course.
- Duration:150 minutes
- Format:90 multiple-choice questions
- Passing score:450 out of 800
- Domain weighting:
- Domain 1:
- AI governance and program management (31%)
- Domain 2:
- AI risk management (31%)
- Domain 3:
- AI technologies and controls (38%)
- Hands-on learning
- Learners will participate in interactive discussions, applied case studies, and guided practice exercises to contextualise AI governance and risk management. Through real-world security management scenarios, participants will enhance their ability to design and evaluate AI security programs that align with organisational strategy and compliance objectives.
Audience
This course is designed for:
- Experienced information security managers and consultants
- Governance, risk, and compliance professionals working with AI technologies
- Cybersecurity leaders responsible for securing enterprise AI environments
- Organisations seeking to establish or mature AI security management practices