Exam AAISM Topic 2 Question 129 Discussion
Actual exam question for ISACA's AAISM exam
Question #: 129
Topic #: 2
Question #: 129
Topic #: 2
Which of the following is the MOST effective action an organization can take to address data security risk when using generative AI features in an application?
Suggested Answer: C Vote an answer
AAISM directs organizations to manage third-party AI risks through contractual and technical controls that explicitly govern data use, retention, training/fine-tuning, isolation, and deletion. The most effective data- security action when consuming generative AI features is to require enforceable opt-out provisions that prohibit the provider from using the organization's data for training or secondary purposes and that mandate retention limits and secure deletion. Third-party audit reports (A) provide assurance but do not guarantee provider behavior for your specific data; awareness policies (B) are necessary but insufficient to control external processing; IP ownership guidelines (D) address legal rights, not data-security risk.
References: AI Security Management™ (AAISM) Body of Knowledge - Third-Party/Procurement Controls; Data Use & Retention Clauses; Training/Fine-tuning Opt-Out; Secure Deletion and Purpose Limitation.
References: AI Security Management™ (AAISM) Body of Knowledge - Third-Party/Procurement Controls; Data Use & Retention Clauses; Training/Fine-tuning Opt-Out; Secure Deletion and Purpose Limitation.
by Jerome at Jul 11, 2026, 11:40 AM
Contact Us
If you have any question please leave me your email address, we will reply and send email to you in 12 hours.
Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday
Support: Contact now
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).