Domain 1 – AI Governance and Program Management
Stakeholder Governance, Frameworks, and Regulatory Requirements
- Organizational governance structures for AI
- AI-related roles and responsibilities
- Charter and steering committee structures
- Stakeholder identification and engagement
- Risk appetite and tolerance for AI systems
- AI frameworks, standards, and regulations
- Privacy and compliance considerations
Participants learn how to establish structured governance programs for secure enterprise AI adoption.
AI Strategies, Policies, and Procedures
- AI strategy development
- Consumer versus enterprise AI considerations
- Buy-versus-build decisions
- Responsible AI usage policies
- Acceptable use frameworks
- AI implementation procedures
- Ethics and governance considerations
AI Asset and Data Lifecycle Management
- AI asset inventories and management
- Model cards and documentation
- Data handling and classification
- Data protection and storage controls
- Data augmentation and cleaning
- Secure destruction and lifecycle management
Focus is placed on securing data and AI assets throughout the operational lifecycle.
AI Security Program Development and Business Continuity
- AI security program planning and management
- Roles, responsibilities, and proficiencies
- AI-enabled security tooling integration
- Security metrics and reporting
- AI incident detection and classification
- AI-specific business continuity and disaster recovery
- AI incident response playbooks and “break-glass” procedures
Domain 2 – AI Risk Management
AI Risk Assessment and Treatment
- AI impact and conformity assessments
- Privacy impact assessments (PIAs)
- Risk documentation and treatment plans
- AI risk thresholds and tolerances
- AI KRIs and KPIs
Participants learn how to identify and manage AI-specific operational and governance risks.
AI Security Threats and Vulnerability Management
- Penetration testing and vulnerability assessments
- Red teaming for AI systems
- Adversarial threats and AI-enabled attack chains
- Threat intelligence and anomaly detection
- Deepfakes and insider threats
- AI agents and autonomous systems risks
AI Vendor and Supply Chain Security
- Vendor due diligence and accountability models
- AI software package and library dependencies
- Third-party and supply chain risks
- Ownership and intellectual property considerations
- Access controls and liability management
- Vendor monitoring and risk oversight
Participants strengthen supply chain resilience and third-party governance capability for AI ecosystems.
Domain 3 – AI Technologies and Controls
AI Security Architecture and Secure Design
- Secure-by-design principles
- Secure development lifecycle (SDL)
- Infrastructure-as-code security
- Data flow protection
- Base model approval and governance
- AI architectural interconnectivity and dependencies
AI Lifecycle Security and Data Controls
- AI model selection and validation
- Model testing and evaluation
- TEVV (Testing, Evaluation, Verification & Validation)
- Data poisoning and bias management
- Accuracy and integrity controls
- Data governance and quality assurance
Privacy, Ethics, Trust & Safety Controls
- Explainability and transparency
- Privacy rights and consent management
- Automated decision-making controls
- Human-in-the-loop governance
- Trust and safety moderation
- Environmental and societal impact considerations
- Data minimization and anonymization
Security Controls and Continuous Monitoring
- AI security monitoring metrics
- Security control selection and implementation
- Continuous monitoring approaches
- Technical security safeguards
- Threat control mapping
- AI security awareness and training
Participants learn how to maintain secure and resilient AI operational environments.
.png)
.png)
