Advanced in AI Security Management (AAISM)

This two-day accelerated course provides a comprehensive foundation in AI-specific security management. The ISACA Advanced in AI Security Management (AAISM™) certification equips security leaders with the knowledge and capability to govern, secure, and manage enterprise AI systems. Learners gain a deep understanding of AI governance, AI risk management, and the technologies and controls that underpin secure and ethical AI operations. This course aligns with ISACA’s globally recognised frameworks, empowering professionals to identify, assess, monitor, and mitigate AI-related risks while ensuring responsible and compliant adoption of AI across the organisation.

Key takeaways

By the end of this course, learners will be able to:

  • Demonstrate proficiency in managing AI-specific governance frameworks and program structures
  • Evaluate AI risk management strategies and develop effective treatment plans
  • Assess AI technologies, architectures, and controls for secure and ethical use
  • Align AI governance with enterprise security policies and regulatory standards
  • Establish risk metrics (KRIs and KPIs) for ongoing AI oversight and reporting
  • Design and implement AI security programs consistent with ISACA and ANSI standards
  • Support business continuity and incident response planning specific to AI-driven environments

Prerequisites

Participants should have:

  • Should hold the ISACA CISM or ISC2 CISSP certification
  • Proven experience in security or advisory roles
  • Foundational understanding of AI system assessment, implementation, and maintenance

Target audience

This course is designed for:

  • Experienced information security managers and consultants

Domain 1. AI governance and program management

  • Stakeholder considerations, frameworks, and regulatory requirements
  • Organisational structure, roles, and governance models
  • Defining charters and establishing AI steering committees
  • Risk appetite, tolerance, and framework alignment
  • Selecting and applying appropriate AI governance frameworks
  • Developing AI business use cases and managing privacy implications
  • Establishing AI strategies, policies, and procedures
  • Responsible and acceptable use of AI systems
  • Managing AI assets and data lifecycles
  • Creating AI asset inventories and data management protocols
  • Model documentation, classification, and storage practices
  • Implementing AI data protection and destruction measures
  • Building an AI security management program
  • Establishing documented plans, team roles, and proficiency standards
  • Integrating AI-enabled security tools and performance metrics
  • Developing KRIs and KPIs to measure AI security effectiveness
  • Managing business continuity and incident response for AI
  • Implementing AI-specific detection, notification, and escalation processes
  • Designing AI response playbooks and red-button protocols
  • Defining recovery objectives (RTO and RPO) from an AI perspective

Domain 2. AI risk management

  • Conducting AI risk assessments and defining acceptable risk thresholds
  • Performing impact, conformity, and privacy impact assessments (PIAs)
  • Developing treatment plans and documenting AI-specific risk responses
  • Implementing AI-focused penetration testing, vulnerability testing, and red teaming
  • Managing adversarial and insider threats within AI ecosystems
  • Identifying AI-enabled threats, deepfakes, and synthetic data misuse
  • Applying threat intelligence to AI-based attack chains and anomaly detection
  • Managing AI vendor and supply chain risk
  • Conducting due diligence and defining accountability between provider and deployer
  • Managing dependencies in AI software packages and libraries
  • Establishing SLAs, ownership, and IP considerations for AI systems
  • Implementing access control, liability, and vendor monitoring processes

Domain 3. AI technologies and controls

  • Designing AI security architecture aligned with secure-by-design principles
  • Managing AI change control and secure development lifecycles (SDL)
  • Securing infrastructure-as-code and model interconnectivity
  • Managing AI model lifecycles, including selection, training, validation, and regression testing
  • Implementing technical evaluation, verification, and validation (TEVV) of AI models
  • Applying data management controls to mitigate data poisoning, bias, and accuracy issues
  • Managing privacy, ethical, trust, and safety controls within AI systems
  • Ensuring explainability, consent, transparency, and fairness in AI decision-making
  • Maintaining human oversight (human-in-the-loop) in automated processes
  • Applying trust and safety measures such as content moderation and harm prevention
  • Monitoring environmental impact and ensuring data minimisation and anonymisation
  • Designing and implementing AI security controls and continuous monitoring processes
  • Mapping AI security threats to controls and metrics
  • Implementing control life cycles and self-assessments (CSA)
  • Delivering AI security awareness training to drive organisational readiness

This course includes the ISACA AAISM™ certification exam voucher, which is taken post-course.

  • Duration: 150 minutes
  • Format: 90 multiple-choice questions
  • Passing score: 450 out of 800
  • Domain weighting:

    • Domain 1: AI governance and program management (31%)

    • Domain 2: AI risk management (31%)

    • Domain 3: AI technologies and controls (38%)

 

FAQ – AAISM: Advanced in AI Security Management

Hva inkluderer kurset
Kurset inkluderer eksamensvoucher til AAISM-sertifiseringen samt eksamensforberedende materiell.

Hvor lenge varer kurset?
Kurset går over 2 intensive dager og gjennomføres enten som virtuelt kurs eller klasseromskurs.

Hvordan gjennomføres kurset?
Kurset er instruktørledet og kombinerer teori, case-studier og praktiske øvelser. Deltakerne arbeider med realistiske scenarioer knyttet til AI governance, risikostyring og sikkerhet i moderne virksomheter.

Hvem passer kurset for?
Kurset er utviklet for erfarne fagpersoner som arbeider med sikkerhet, risiko og styring av AI-løsninger:

  • Information security managers og konsulenter
  • Governance, risk og compliance professionals
  • Cybersecurity leaders
  • Arkitekter og rådgivere innen AI og sikkerhet

Hva lærer jeg i løpet av kurset?
Kurset gir kompetanse til å styre, sikre og håndtere risiko knyttet til AI-systemer. Etter kurset vil du kunne:

  • Etablere governance-modeller for AI i virksomheten
  • Identifisere og håndtere AI-relatert risiko
  • Vurdere AI-teknologier og sikkerhetskontroller
  • Implementere AI-sikkerhetsprogrammer
  • Definere og måle risiko gjennom KPIer og KRIer
  • Sikre ansvarlig og etisk bruk av AI
  • Integrere AI i eksisterende sikkerhets- og compliance-rammeverk

Hvilke temaer dekkes i kurset?
Kurset dekker tre hovedområder:

  • AI governance og programstyring
  • AI risk management
  • AI technologies og security controls

Får jeg sertifisering etter kurset?
Ja. Kurset inkluderer eksamensvoucher til ISACA Advanced in AI Security Management (AAISM™). Eksamen gjennomføres online etter kurset.

Hvordan foregår eksamen?
Eksamen består av:

  • 90 flervalgsspørsmål
  • 150 minutters varighet
  • Beståttgrense på 450 av 800 poeng

Hvilke forkunnskaper anbefales?
Det anbefales at deltakerne har CISM- eller CISSP-sertifisering, samt erfaring med sikkerhet og grunnleggende forståelse av AI-systemer.

Hva gjør dette kurset unikt?
Kurset kombinerer AI, sikkerhet og governance i ett spesialisert program. Det gir en sjelden mulighet til å bygge kompetanse innen sikker og ansvarlig bruk av AI i virksomheter.

 

AI & Security

Cybersecurity Governance & Risk

Advanced Security & Operations

Other relevant courses

AWS Security Essentials
19. May
1 days
Classroom Virtual
Security Engineering on AWS
20. May
3 days
Classroom Virtual