nerdexam
Isaca

AAISM · Question #43

Security and assurance requirements for AI systems should FIRST be embedded in the:

The correct answer is A. Model design phase. AAISM directs organizations to embed security, safety, and compliance controls at design time ("secure-by-design" and "shift-left"), ensuring requirements for robustness, privacy, and governance are defined as non-functional constraints on architecture, data sourcing, model choic

AI Security Design and Implementation

Question

Security and assurance requirements for AI systems should FIRST be embedded in the:

Options

  • AModel design phase
  • BModel training phase
  • CModel testing phase
  • DModel deployment phase

How the community answered

(24 responses)
  • A
    88% (21)
  • B
    4% (1)
  • D
    8% (2)

Explanation

AAISM directs organizations to embed security, safety, and compliance controls at design time ("secure-by-design" and "shift-left"), ensuring requirements for robustness, privacy, and governance are defined as non-functional constraints on architecture, data sourcing, model choices, and evaluation criteria before any model is trained. Deferring these requirements to training, testing, or deployment increases residual risk and rework, and weakens traceability of control coverage.

Topics

#AI secure design#Security by design#Requirements engineering#AI system lifecycle

Community Discussion

No community discussion yet for this question.

Full AAISM Practice