Advanced in AI Security Management (AAISM)

Participants should have:

• Should hold the ISACA CISM or ISC2 CISSP certification
• Proven experience in security or advisory roles
• Foundational understanding of AI system assessment, implementation, and maintenance

Target audience

This course is designed for:

• Experienced information security managers and consultants
• Governance, risk, and compliance professionals working with AI technologies
• Cybersecurity leaders responsible for securing enterprise AI environments
• Organisations seeking to establish or mature AI security management practices

By the end of this course, learners will be able to:

• Demonstrate proficiency in managing AI-specific governance frameworks and program structures
• Evaluate AI risk management strategies and develop effective treatment plans
• Assess AI technologies, architectures, and controls for secure and ethical use
• Align AI governance with enterprise security policies and regulatory standards
• Establish risk metrics (KRIs and KPIs) for ongoing AI oversight and reporting
• Design and implement AI security programs consistent with ISACA and ANSI standards
• Support business continuity and incident response planning specific to AI-driven environments

Domain 1. AI governance and program management

• Stakeholder considerations, frameworks, and regulatory requirements
• Organisational structure, roles, and governance models
• Defining charters and establishing AI steering committees
• Risk appetite, tolerance, and framework alignment
• Selecting and applying appropriate AI governance frameworks
• Developing AI business use cases and managing privacy implications
• Establishing AI strategies, policies, and procedures
• Responsible and acceptable use of AI systems
• Managing AI assets and data lifecycles
• Creating AI asset inventories and data management protocols
• Model documentation, classification, and storage practices
• Implementing AI data protection and destruction measures
• Building an AI security management program
• Establishing documented plans, team roles, and proficiency standards
• Integrating AI-enabled security tools and performance metrics
• Developing KRIs and KPIs to measure AI security effectiveness
• Managing business continuity and incident response for AI
• Implementing AI-specific detection, notification, and escalation processes
• Designing AI response playbooks and red-button protocols
• Defining recovery objectives (RTO and RPO) from an AI perspective

Domain 2. AI risk management

• Conducting AI risk assessments and defining acceptable risk thresholds
• Performing impact, conformity, and privacy impact assessments (PIAs)
• Developing treatment plans and documenting AI-specific risk responses
• Implementing AI-focused penetration testing, vulnerability testing, and red teaming
• Managing adversarial and insider threats within AI ecosystems
• Identifying AI-enabled threats, deepfakes, and synthetic data misuse
• Applying threat intelligence to AI-based attack chains and anomaly detection
• Managing AI vendor and supply chain risk
• Conducting due diligence and defining accountability between provider and deployer
• Managing dependencies in AI software packages and libraries
• Establishing SLAs, ownership, and IP considerations for AI systems
• Implementing access control, liability, and vendor monitoring processes

Domain 3. AI technologies and controls

• Designing AI security architecture aligned with secure-by-design principles
• Managing AI change control and secure development lifecycles (SDL)
• Securing infrastructure-as-code and model interconnectivity
• Managing AI model lifecycles, including selection, training, validation, and regression testing
• Implementing technical evaluation, verification, and validation (TEVV) of AI models
• Applying data management controls to mitigate data poisoning, bias, and accuracy issues
• Managing privacy, ethical, trust, and safety controls within AI systems
• Ensuring explainability, consent, transparency, and fairness in AI decision-making
• Maintaining human oversight (human-in-the-loop) in automated processes
• Applying trust and safety measures such as content moderation and harm prevention
• Monitoring environmental impact and ensuring data minimisation and anonymisation
• Designing and implementing AI security controls and continuous monitoring processes
• Mapping AI security threats to controls and metrics
• Implementing control life cycles and self-assessments (CSA)
• Delivering AI security awareness training to drive organisational readiness

Exams and assessments

This course includes the ISACA AAISM™ certification exam voucher, which is taken post-course.

• Duration: 150 minutes
• Format: 90 multiple-choice questions
• Passing score: 450 out of 800
• Domain weighting:

  • Domain 1: AI governance and program management (31%)

  • Domain 2: AI risk management (31%)

  • Domain 3: AI technologies and controls (38%)

Hands-on learning

Learners will participate in interactive discussions, applied case studies, and guided practice exercises to contextualise AI governance and risk management. Through real-world security management scenarios, participants will enhance their ability to design and evaluate AI security programs that align with organisational strategy and compliance objectives.