Domain 1 — AI Governance and Program Management (31%)
This Domain demonstrates your ability to advise stakeholders on implementing AI security solutions through appropriate and effective policy, data governance, program management and incident response.
A–STAKEHOLDER CONSIDERATIONS, INDUSTRY FRAMEWORKS, AND REGULATORY REQUIREMENTS
B–AI-RELATED STRATEGIES, POLICIES, AND PROCEDURES
C–AI ASSET AND DATA LIFE CYCLE MANAGEMENT
D–AI SECURITY PROGRAM DEVELOPMENT AND MANAGEMENT
E–BUSINESS CONTINUITY AND INCIDENT RESPONSE
Domain 2 — AI Risk Management (31%)
This Domain confirms your skill at assessing and managing risks, threats, vulnerabilities and supply chain issues related to the enterprise-wide adoption of AI.
A–AI RISK ASSESSMENT, THRESHOLDS, AND TREATMENT
B–AI THREAT AND VULNERABILITY MANAGEMENT
C–AI VENDOR AND SUPPLY CHAIN MANAGEMENT
Domain 3 — AI Technologies and Controls (38%)
This Domain focuses on optimizing AI security and highlights your knowledge of security technologies, techniques and controls tailored to AI systems.
A–AI SECURITY ARCHITECTURE AND DESIGN
B–AI-RELATED STRATEGIES, POLICIES, AND PROCEDURES
C–DATA MANAGEMENT CONTROLS
D–PRIVACY, ETHICAL, TRUST AND SAFETY CONTROLS
E–SECURITY CONTROLS AND MONITORING
Supporting Tasks
- Collaborate on charter, roles, and responsibilities for governance and management of AI to align with business objectives.
- Establish and maintain AI-specific security policies and procedures to inform the development and implementation of AI standards and guidelines.
- Ensure the responsible use of AI by utilizing leading practices, ethical principles, regulatory requirements, and industry frameworks.
- Participate in or oversee the AI risk management life cycle, including impacts on enterprise risk.
- Identify and assess the AI threat landscape.
- Monitor for internal and external AI-related factors to identify the need for reassessment of risk.
- Design and implement testing and vulnerability management of AI solutions.
- Conduct AI impact assessments and ensure conformity with regulatory requirements.
- Embed, monitor, and verify AI security requirements when utilizing vendor AI-enabled solutions.
- Design and implement security architecture specifically for AI.
- Advise on the integration of AI architecture as part of enterprise architecture.
- Design, implement, and regularly review AI security controls to treat risk to an acceptable level.
- Establish and maintain processes to identify, inventory, and classify data and assets related to AI.
- Identify and treat security risk associated with data used in the AI life cycle.
- Establish and maintain AI-specific processes to investigate, document, and report on AI security incidents in accordance with regulatory and contractual requirements.
- Establish and maintain AI incident handling processes, including containment, notification, escalation, eradication, and recovery.
- Address AI security risk as part of business continuity and disaster recovery planning.
- Define and monitor security metrics for AI solutions used throughout the organization.
- Review and implement AI security tools as part of the information security program.
- Conduct risk-based human oversight of AI inputs/outputs including trust and safety, quality, explainability, and robustness.
- Develop and maintain AI-specific security awareness training and acceptable use guidelines.
- Advise on security risk and controls related to the AI solution development life cycle within an organization.
