Free Isaca AAISM Exam Dumps May 2026

Data lineage records and monitors the end-to-end journey of data---sources, movements, transformations, storage locations, uses, and dependencies---providing traceability, auditability, and accountability across the AI lifecycle. ''Origin'' is a single point (provenance), ''transformation'' is one step within the flow, and ''processing'' is a general activity rather than a governance record of the entire path.

===========

AAISM guidance states that when adopting AI, the most important step is to conduct a risk assessment and update the enterprise risk register. This ensures AI-specific risks are identified, documented, and integrated into the organization's existing governance structures. Benchmarking peers provides context but does not address internal risk. Implementing methodologies and frameworks are important, but they precede or follow the assessment process. The decisive step that connects adoption to enterprise risk governance is updating the risk register with AI-specific risks.

AAISM Study Guide -- AI Risk Management (Integration with Enterprise Risk Management)

ISACA AI Security Management -- Risk Assessment and Register Updates

AAISM defines data poisoning as the insertion of malicious or corrupted data into training (or fine-tuning) pipelines to degrade or bias model behavior, thereby compromising output integrity in production. While poisoning occurs during development/training (C), its primary objective is the downstream integrity impact on predictions/outputs (D). Options A and B relate to confidentiality threats (e.g., inversion or leakage), not poisoning.