Exam AAISM Topic 2 Question 129 Discussion

Actual exam question for ISACA's AAISM exam
Question #: 129
Topic #: 2
Which of the following is the MOST effective action an organization can take to address data security risk when using generative AI features in an application?

Suggested Answer: C Vote an answer

AAISM directs organizations to manage third-party AI risks through contractual and technical controls that explicitly govern data use, retention, training/fine-tuning, isolation, and deletion. The most effective data- security action when consuming generative AI features is to require enforceable opt-out provisions that prohibit the provider from using the organization's data for training or secondary purposes and that mandate retention limits and secure deletion. Third-party audit reports (A) provide assurance but do not guarantee provider behavior for your specific data; awareness policies (B) are necessary but insufficient to control external processing; IP ownership guidelines (D) address legal rights, not data-security risk.
References: AI Security Management™ (AAISM) Body of Knowledge - Third-Party/Procurement Controls; Data Use & Retention Clauses; Training/Fine-tuning Opt-Out; Secure Deletion and Purpose Limitation.

by Jerome at Jul 11, 2026, 11:40 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

Contact Us

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday

Support: Contact now 

日本語 Deutsch 繁体中文 한국어