About This Course
On this ISACA Advanced in AI Security Management™ (AAISM™) course, the industry’s first AI-specific security management certification, you’ll gain an understanding of AI governance and program management, AI risk management and AI technologies and controls.
Course Syllabus
-
- Stakeholder Considerations, Industry Frameworks, and Regulatory Requirements
- Organizational Structure and Overall Governance
- Roles and Responsibilities
- Charter and Steering Committee
- Identifying Stakeholder
- Risk Appetite and Tolerance
- Frameworks, Standards, and Regulations
- Selecting appropriate Frameworks
- Business and Use Cases for AI
- Privacy Considerations
- AI-related Strategies, Policies, and Procedures
- AI Strategy
- Consumer v. Enterprise
- Buy vs. Build
- AI Policies
- Responsible Use
- Acceptable Use
- AI Procedures
- Implementation
- Manuals
- Ethic
- AI Asset and Data Life Cycle Management
- AI Asset and Data Inventory
- Inventory management
- Model cards
- Data handling, classification, discovery
- Data Augmentation and Cleaning
- Data Storage
- Data Protection
- Destruction
- AI Security Program Development and Management
- Documented Program Plan
- Security team, roles, responsibilities, and proficiencies
- Alignment to existing info sec
- Use of AI-enabled security tools in the program
- Metrics and management
- KRIs and KPIs for AI use with regard to the security
- Management reporting
- Business Continuity and Incident Response
- Incident detection
- Notification
- Incident classification
- Criticality and severity
- Resiliency
- Business Continuity Plan
- Red-button requirements for compliance
- Incident response playbooks specifically for AI
- Break glass policies/ go no go
- Authority
- RTO RPO – AI perspective
- Disaster recovery
- Testing
- Stakeholder Considerations, Industry Frameworks, and Regulatory Requirements
- AI Risk Assessment, Thresholds, and Treatment
- Impact assessment
- Conformity assessment
- PIAs
- Risk documentation
- Acceptable levels of risk
- Treatment plans
- KRIs and KPIs for AI us
- AI-related Strategies, Policies, and Procedures
- PEN test
- Vulnerability tests
- Red teaming
- AI related vulnerabilities
- Adversarial threats
- Threat intelligence
- AI-enabled threats/Attack chains
- Anomalies
- Threat landscape
- Deep fakes
- Insider threat
- AI agents
- AI Vendor and Supply Chain Management
- Dependencies of software packages and libraries
- Vendor due diligence and contracts
- SLAs
- Vendor usage
- Accountability models
- Provider vs. deployer
- Third, fourth, and fifth parties
- Ownership and intellectual property
- Access controls
- Liability
- Vendor monitoring for risk and change
- AI Security Architecture and Design
- Change management
- SDL
- Secure by design
- Securing infrastructure as code
- Data flows
- Approved base models
- Interconnectivity and interaction with architecture
- AI Life Cycle (e.g., model selection, training, and validation)
- Testing models interconnectivity
- Linkages between models
- Regression
- Model testing
- Progression
- TEVV
- Model accuracy testing and evaluation
- Data Management Controls
- Data collection
- Data control
- Data Poisoning
- BIAS
- Accuracy
- Data position requirements
- Privacy, Ethical, Trust and Safety Controls
- Explainability
- Privacy controls – like right to be forgotten, data subject rights
- Consent
- Transparency
- Decision making
- Fairness
- Ethics
- Automated decision making
- Human in the loop
- Trust and safety – content moderation
- Potential harm
- Environmental impacts
- Data minimization and anonymization
- Security Controls and Monitoring
- Security monitoring metrics
- Selecting the right controls
- Implementing controls
- Self-assessment of controls (CSA)
- Control life cycle
- Continuous monitoring
- KPIs and KRIs for security controls and monitoring
- Technical controls
- Threat controls mapping
- Security awareness training
Course Packages
Remote Instructor Led
Self Paced E-Learning
All You Need to Know
- Experienced IT security professionals who hold CISM® or CISSP® certifications
- Those with proven experience in security or advisory roles
- Those with expertise in assessing, implementing and maintaining AI systems
Before attending this course, you should have:
- An active CISM or CISSP certification;
- Proven experience in security or advisory roles;
- Some expertise in assessing, implementing, and maintaining AI systems.
The course fee includes, in addition to the course days:
– the course slides,
– a set of exercises in digital format,
The official ISACA Manuals are not included in the course fee, but can be requested additionally during registration: their purchase is not mandatory but highly recommended for passing the exam.
Why Choose Profice?
Official Partner
Authorized Training Partner delivering official certified curriculum
Expert Instructors
Certified professionals with 10+ years of real-world experience
Hands-on Labs
Real-world projects and 24/7 lab environment access
95% Pass Rate
Industry-leading certification exam success rate
Lifetime Support
Ongoing mentorship and community access after course completion
Job Assistance
Dedicated placement support with 500+ hiring partners
Profice is an official training partner delivering globally recognized certifications.