AI Act

AAISM: Advanced in AI Security Management

The ISACA advanced credential for security managers building an AI security programme. AI threat modelling, secure model lifecycle, AI security operations. Three-day intensive, CISM recommended as foundation.

ISACAExpert3 daysLiveSelf-pacedIn-house
  • Practitioner-led, taught by a working CISO
  • Exam & certificate included
  • Re-sit covered if needed

Right fit if you are.

  • CISOs and deputy CISOs taking on AI security oversight.
  • Security programme managers building the AI security workstream.
  • Security architects designing AI-system security controls.
  • GRC managers integrating AI risk into the security programme.

NOT for. When to skip it.

We'd rather you keep your money than buy the wrong path.

  • Pure red-team / offensive AI practitioners. AAISM covers governance and management, not pentesting.
  • Hands-on ML engineers wanting to learn security. CISSP or a specialised AI-security technical course fits better.
  • Security managers without prior management experience (under three years).

What you'll be able to do

  • 1Design and govern an AI security programme aligned with ISO 42001 and the AI Act.
  • 2Run AI threat modelling (prompt injection, model poisoning, adversarial examples, data exfiltration via inference).
  • 3Operate AI security in production: monitoring, incident response, model drift, supply-chain risk for foundation-model dependencies.
  • 4Integrate AI security into the broader ISMS (ISO 27001) and AIMS (ISO 42001) programmes.
  • 5Translate AI security posture for board and audit committee consumption.

Upcoming public sessions

Open-enrolment cohorts. Pick a date and book your seat. Want a private cohort for your team instead? Request an in-house quote.

No confirmed live cohort right now. You can still:

Buyers always ask

Is CISM required to take AAISM?+

CISM is strongly recommended. The AAISM curriculum assumes security-management fluency (governance, programme management, incident response). Without that foundation, the management-level discussions in the cohort will be hard to follow.

Equivalents accepted in practice: CISSP, ISO 27001 Lead Implementer with management experience, or three years operating a security programme. Cyber Academy will assess prerequisites case-by-case before enrolment.

How does AAISM differ from ISO 42001 Lead Implementer?+

ISO 42001 Lead Implementer (PECB) builds the AIMS management system. AAISM (ISACA) is narrower and more security-focused: it covers AI-specific security controls (threat modelling, secure model lifecycle, AI incident response, supply-chain risk for AI dependencies) that the AIMS standard does not detail.

A typical implementation path: ISO 42001 Lead Implementer to build the AIMS, AAISM to operate the security workstream within it.

What AI threats does AAISM cover?+

Prompt injection (direct and indirect), training-data poisoning, model evasion via adversarial examples, model inversion, membership inference, data exfiltration via output, supply-chain attacks via foundation models and AI plugins, AI agent escalation. Plus the operational side: monitoring model drift, detecting prompt-injection attempts in production, AI-specific incident response runbooks.

How long is the AAISM exam?+

Three hours, scenario-based plus multiple-choice. Computer-based at a PSI testing centre. Same scoring scale as other ISACA credentials.

Ready to get certified?

Taught by a practicing CISO. Prices shown up front. Certified or refunded.