A company uses a third party AI service to summarize internal incident reports for executives. Reports include sensitive employee and investigation details. The vendor states data may be retained temporarily to improve model performance. Legal and HR raise concerns, but leadership values insight speed. What is the MOST appropriate action to take FIRST? A. Encrypt all reports before submission to the AI service B. Perform a data classification and usage review for the AI workflow C. Require the vendor to sign stricter confidentiality clauses D. Limit AI access to only closed incident reports Come back for the answer tomorrow, or study more now!

We’re excited to invite the Study Group to another masterclass with May Brooks on the 11th, 7PM UAE As always, registration is free for Study Group members. These sessions have been a great opportunity to go deeper on key concepts and get May’s perspective and corrections in real time. As always free for Study Group members, you can sign up here. Looking forward to seeing you there!

An organization deploys an AI based alerting system that automatically suppresses repeated low severity security alerts to reduce analyst fatigue. During a later breach investigation, leadership questions whether suppressed alerts should have been retained. What is the MOST appropriate governance concern the security manager should address FIRST? A. Accuracy and tuning thresholds of the AI detection model B. Alignment of alert suppression with evidence retention requirements C. Analyst training on interpreting AI generated alerts D. Cost effectiveness of the AI system compared to manual review

A financial institution implements a workflow system where users submit transactions, an application service validates them, and a separate approval service finalizes execution. Auditors require proof that users cannot bypass the workflow or modify transactions directly in the database. What is the MOST appropriate architectural control to meet this requirement? A. Mandatory access control enforced at the database layer B. Constrained interfaces enforcing well formed transactions C. Role based access control with least privilege assignments D. Dual control requiring two administrators for approvals Come back for the answer tomorrow, or study more now!

A company integrates a third party SaaS platform with its internal systems using single sign on. During review, security finds the vendor provisions user roles automatically based on email domain, without management approval. The business values rapid onboarding. What is the MOST appropriate action for the security manager to take FIRST? A. Disable SSO integration until manual approvals are enforced B. Require documented access approval and role assignment controls C. Increase monitoring and audit logging for SaaS user activity D. Conduct a penetration test against the SaaS access controls Come back for the answer tomorrow, or study more now!