nerdexam
Isaca

AAISM · Question #145

An aerospace manufacturer prioritizing accuracy and security wants to use generative AI. Which LLM adoption plan BEST aligns with its risk appetite?

The correct answer is A. Developing a private LLM to automate non-critical functions. A private LLM keeps all data, model weights, and inference on-premises or within the organization's controlled infrastructure, which is critical for an aerospace manufacturer handling sensitive, export-controlled, or proprietary data. Developing it for non-critical functions furt

AI Security Risk Management

Question

An aerospace manufacturer prioritizing accuracy and security wants to use generative AI. Which LLM adoption plan BEST aligns with its risk appetite?

Options

  • ADeveloping a private LLM to automate non-critical functions
  • BContracting LLM access from a reputable third-party provider
  • CDeveloping a public LLM to automate critical functions
  • DPurchasing an LLM dataset on the open market

How the community answered

(36 responses)
  • A
    47% (17)
  • B
    31% (11)
  • C
    17% (6)
  • D
    6% (2)

Explanation

A private LLM keeps all data, model weights, and inference on-premises or within the organization's controlled infrastructure, which is critical for an aerospace manufacturer handling sensitive, export-controlled, or proprietary data. Developing it for non-critical functions further reduces risk by limiting blast radius if something goes wrong. Option B (third-party provider) requires sending data externally, violating the security posture. Option C (public LLM for critical functions) is the worst choice-public exposure and critical function automation together represent maximum risk. Option D (purchasing a dataset) doesn't provide an LLM at all; it's just data.

Topics

#LLM Deployment Models#AI Risk Management#Data Security#Organizational Risk Appetite

Community Discussion

No community discussion yet for this question.

Full AAISM Practice