Which risk treatment is MOST appropriate when an organization's AI system presents residual risk within tolerance and impacts non-critical functions?
Risk treatment decisions are driven by two factors: whether the residual risk falls within or outside tolerance, and the criticality of the affected function. When both conditions---risk within tolerance AND non-critical function impact---are met, formal risk acceptance is the appropriate and proportionate treatment.
Why A is Correct: According to ISACA AAIR risk treatment guidance, documented formal risk acceptance is the appropriate response when residual risk is within defined tolerance for non-critical functions. Risk acceptance acknowledges the identified exposure, documents the organization's conscious decision to accept it, and establishes accountability for that decision. This proportionate response avoids over-investing in controls for risk that the organization has determined is acceptable.
Why B is Wrong: Recommending increases to tolerance thresholds is a governance manipulation rather than a risk treatment. Adjusting thresholds upward to accommodate risk does not address the risk; it merely reclassifies it as acceptable. This approach undermines risk governance integrity.
Why C is Wrong: Enhancing monitoring to detect deviations represents additional control investment that may be disproportionate for risk that is already within tolerance affecting non-critical functions. Enhanced monitoring is more appropriate when risk is near the tolerance boundary or when trends indicate potential future breach.
Why D is Wrong: Periodic vulnerability scanning is a security assurance activity that identifies technical weaknesses. It represents an ongoing control measure rather than the appropriate risk treatment decision for a residual risk that is already within tolerance.
Which of the following is the MOST important reason for a risk practitioner to classify AI risk using threat actor profiles?
Threat actor profiling characterizes the motivations, capabilities, and likely attack methods of potential adversaries. In AI risk management, understanding who the likely attackers are and what they seek enables the design of controls specifically matched to the actual threat landscape.
Why B is Correct: According to ISACA AAIR threat-based risk management guidance, the most important reason for threat actor profiling is to tailor controls to adversary motivations and capabilities. Different threat actors---nation-state attackers, criminal organizations, competitors, insiders, activists---have different objectives (espionage vs. financial gain vs. disruption), capabilities (sophisticated vs. opportunistic), and methods. Controls calibrated to actual threat actor profiles are significantly more effective than generic controls that may not address the specific threats the organization actually faces.
Why A is Wrong: Aligning AI threats with IT control taxonomy is a governance integration activity that improves control consistency but does not capture the threat actor-specific tailoring value of profiling. Taxonomy alignment is an administrative benefit; threat-tailored controls are a security effectiveness benefit.
Why C is Wrong: Response metrics for cybersecurity incidents are developed for incident management planning. Threat actor profiling informs control design and incident response strategies but is not primarily used to develop response metrics.
Why D is Wrong: Prioritizing external threats over internal threats is a security strategy choice that threat actor profiling does not prescribe. Many AI attacks, including insider threats and social engineering, are internal. Profiling should result in appropriate prioritization based on actual threat likelihood, not a blanket prioritization of external threats.
An election oversight body is considering the use of AI to identify irregularities in voting patterns. Which of the following is the MOST important risk to evaluate?
AI systems trained on historical data inherit the biases, patterns, and structural inequities embedded in that data. In electoral contexts, historical voting patterns may reflect systemic disenfranchisement, gerrymandering, or demographic manipulation---biases that an AI system could amplify and legitimize through its outputs.
Why B is Correct: According to ISACA AAIR bias and fairness guidance applied to high-stakes public sector AI, the amplification of historical data biases poses the greatest risk in electoral irregularity detection. If the AI system treats historically suppressed voting patterns as the normal baseline, it may flag legitimate turnout increases in previously underrepresented communities as irregularities---producing discriminatory, biased outputs with severe democratic consequences.
Why A is Wrong: Voter location identification is a privacy concern but represents a specific data element risk. Comprehensive privacy controls can mitigate location exposure without resolving the systemic bias risk.
Why C is Wrong: Contextual drift---the model performing differently in new electoral contexts than in training contexts---is a technical risk that is relevant but addressable through validation testing. Bias amplification is a more fundamental concern embedded in the historical data itself.
Why D is Wrong: Political distrust of AI represents a stakeholder acceptance challenge. While significant for implementation success, it is a communication and change management concern rather than the primary technical and ethical risk from the AI system itself.
A risk practitioner assesses a new AI system and determines that the risk is within the organization's risk tolerance. Which of the following is the BEST recommendation to ensure system controls remain effective over time?
Even when an AI system is initially assessed as within risk tolerance, its risk profile evolves as the system encounters new data, the operational environment changes, and model performance drifts. Controls that were effective at deployment may become insufficient as these changes accumulate.
Why C is Correct: The ISACA AAIR operational monitoring guidance identifies continuous monitoring for data and performance drift as the most important mechanism for maintaining control effectiveness over time. Drift detection provides early warning when the AI system begins behaving differently from its validated state---enabling timely control adjustments before risk tolerance is breached. This is particularly critical because AI systems can degrade gradually in ways not visible without active monitoring.
Why A is Wrong: Framework alignment establishes the control baseline but does not actively verify that controls remain effective as the system evolves. Frameworks provide structure; monitoring provides assurance.
Why B is Wrong: Security and risk awareness training is an important human capability development activity but does not detect technical changes in AI system behavior. Training does not substitute for technical monitoring.
Why D is Wrong: Periodic compliance reviews occur at scheduled intervals and may miss drift that develops between review cycles. Continuous monitoring provides real-time detection that periodic reviews cannot match.
An organization uses multiple external data sources to train its AI models. Which of the following is the risk practitioner's BEST recommendation to protect the organization from data poisoning attacks?
Data poisoning attacks involve malicious modification of training data to degrade model performance or introduce backdoors. With multiple external data sources, the attack surface for introducing poisoned data is broad and requires proactive, continuous detection at the ingestion stage.
Why B is Correct: The ISACA AAIR adversarial AI guidance identifies continuous monitoring and anomaly detection at the data ingestion pipeline as the most effective defense against data poisoning. By monitoring incoming data in real time for statistical anomalies, unexpected distributions, or known poisoning patterns, organizations can detect and block malicious data before it contaminates training datasets. This preventive approach is superior to reactive detection after poisoning has occurred.
Why A is Wrong: Reactive data integrity reviews triggered by model drift occur after poisoning has already affected model behavior. By this stage, the model may have been deployed and made harmful decisions. Prevention during ingestion is superior to post-drift investigation.
Why C is Wrong: Model code and deployment artifact controls address security of the software pipeline but do not protect training data from external poisoning. Data integrity requires data-layer controls, not code security.
Why D is Wrong: Regularization reduces overfitting to training noise but does not detect or prevent deliberate poisoning attacks. A sufficiently targeted poisoning attack can introduce systematic bias that regularization techniques cannot mitigate.
Currently there are no comments in this discussion, be the first to comment!