ISACA Certified AI Security Manager — Question 2

An organization's CIO provided the AI steering committee with a list of AI technologies in use and tasked them with categorizing the technologies by risk. Which of the following should the committee do FIRST?

Answer options

• A. Begin grouping similar AI products and solutions together.
• B. Ensure the AI technologies are included in the asset inventory.
• C. Assess risk levels based on risk appetite and regulatory requirements.
• D. Identify vulnerabilities related to the technologies in use.

Correct answer: B

Explanation

The correct answer is B because having the AI technologies listed in the asset inventory is crucial for tracking and managing them effectively before assessing risks. The other options, while important, should follow the establishment of a clear inventory to ensure proper categorization and risk assessment can take place.