AAISM · Question #103
An organization is designing an AI-based credit risk assessment system that will integrate with sensitive financial datasets. Which of the following would BEST support the implementation of security-b
The correct answer is D. Applying threat modeling specific to AI components before deployment. Security by design in AI requires establishing risk-informed requirements at the earliest stages of the lifecycle and systematically translating them into architectural controls. Conducting AI-specific threat modeling before deployment is the highest-leverage action because it id
Question
An organization is designing an AI-based credit risk assessment system that will integrate with sensitive financial datasets. Which of the following would BEST support the implementation of security-by-design principles in the AI system's architecture?
Options
- ASegmenting AI services across containers to manage resource constraints
- BRestricting access to AI models using IP allow lists to reduce public exposure
- CIntegrating differential privacy mechanisms into model training to limit data leakage
- DApplying threat modeling specific to AI components before deployment
How the community answered
(27 responses)- A7% (2)
- B4% (1)
- C22% (6)
- D67% (18)
Explanation
Security by design in AI requires establishing risk-informed requirements at the earliest stages of the lifecycle and systematically translating them into architectural controls. Conducting AI-specific threat modeling before deployment is the highest-leverage action because it identifies assets (data, models, pipelines), trust boundaries (feature stores, training/inference services), threat events (poisoning, evasion, model extraction), and attack paths unique to ML systems. The outputs (abuse/misuse cases, control objectives, verification plans) then drive selection and prioritization of controls such as privacy-enhancing techniques, access controls, isolation, monitoring, and assurance testing.
Topics
Community Discussion
No community discussion yet for this question.