nerdexam
Isaca

AAISM · Question #103

An organization is designing an AI-based credit risk assessment system that will integrate with sensitive financial datasets. Which of the following would BEST support the implementation of security-b

The correct answer is D. Applying threat modeling specific to AI components before deployment. Security by design in AI requires establishing risk-informed requirements at the earliest stages of the lifecycle and systematically translating them into architectural controls. Conducting AI-specific threat modeling before deployment is the highest-leverage action because it id

AI Security Design and Implementation

Question

An organization is designing an AI-based credit risk assessment system that will integrate with sensitive financial datasets. Which of the following would BEST support the implementation of security-by-design principles in the AI system's architecture?

Options

  • ASegmenting AI services across containers to manage resource constraints
  • BRestricting access to AI models using IP allow lists to reduce public exposure
  • CIntegrating differential privacy mechanisms into model training to limit data leakage
  • DApplying threat modeling specific to AI components before deployment

How the community answered

(27 responses)
  • A
    7% (2)
  • B
    4% (1)
  • C
    22% (6)
  • D
    67% (18)

Explanation

Security by design in AI requires establishing risk-informed requirements at the earliest stages of the lifecycle and systematically translating them into architectural controls. Conducting AI-specific threat modeling before deployment is the highest-leverage action because it identifies assets (data, models, pipelines), trust boundaries (feature stores, training/inference services), threat events (poisoning, evasion, model extraction), and attack paths unique to ML systems. The outputs (abuse/misuse cases, control objectives, verification plans) then drive selection and prioritization of controls such as privacy-enhancing techniques, access controls, isolation, monitoring, and assurance testing.

Topics

#Security-by-design#Threat modeling#AI architecture security#Secure development lifecycle

Community Discussion

No community discussion yet for this question.

Full AAISM Practice