nerdexam
Isaca

AAISM · Question #82

An organization is adopting an agentic AI solution from an external vendor to support its internal IT operations. To evaluate the security posture of this system, which of the following provides the M

The correct answer is D. Third-party audit reports. Third-party audit reports provide independent assurance that the vendor's stated controls are designed and operating effectively against recognized criteria. Such attestations (e.g., audit/assurance frameworks) are traceable, repeatable, and verifiable, and they support supply- c

AI Security Assurance and Resilience

Question

An organization is adopting an agentic AI solution from an external vendor to support its internal IT operations. To evaluate the security posture of this system, which of the following provides the MOST reliable and independently verifiable evidence of implemented security controls?

Options

  • AInternal red team testing reports
  • BIndustry benchmarking peer review
  • CGeneral AI security whitepapers
  • DThird-party audit reports

How the community answered

(31 responses)
  • A
    3% (1)
  • B
    10% (3)
  • C
    6% (2)
  • D
    81% (25)

Explanation

Third-party audit reports provide independent assurance that the vendor's stated controls are designed and operating effectively against recognized criteria. Such attestations (e.g., audit/assurance frameworks) are traceable, repeatable, and verifiable, and they support supply- chain risk reviews and contractual assurance. Internal red-team reports are not independent, industry "peer reviews" are not control attestations, and whitepapers are marketing/educational materials without evidence of control operation.

Topics

#Third-party risk management#Security assurance#Vendor security evaluation#Independent verification

Community Discussion

No community discussion yet for this question.

Full AAISM Practice