Your company's HR department deploys a resume-screening AI tool without consulting security or legal. A rejected applicant files a discrimination complaint claiming the tool filtered out candidates based on age. Who should the CISO escalate to FIRST? A. The AI vendor to request bias testing documentation B. Legal counsel to assess regulatory exposure from the unauthorized deployment C. The HR director to immediately disable the tool D. Internal audit to begin a full algorithmic fairness review Come back for the answer tomorrow, or study more now!

ISC2 published this yesterday. It maps out exactly how AI security concepts show up across the CISSP exam. This is NOT a new exam outline. The current outline (April 2024) already has AI baked in. But this document spells out the specifics so you know what to expect. The big picture: AI isn't a separate topic. It's woven into everything from risk management (Domain 1) to software development security (Domain 8). A few things that stood out to me: - You need to know about protecting training data and model weights (Domain 2) - Prompt injection and adversarial attacks are fair game (Domain 3) - AI red teaming is now part of security testing (Domain 6) - Managing identities for AI agents and service accounts - least privilege still applies (Domain 5) - Model drift and AI in the SOC are covered in operations (Domain 7) If you're studying right now, don't panic. Most of this maps to concepts you already know -- just applied to AI systems. But you should absolutely be familiar with terms like data poisoning, adversarial attacks, algorithmic bias, model drift, and prompt injection. On our end we're going to keep weaving more AI-focused questions into the https://cissp.app and bringing more of this into our study group discussions. I attached the PDF if you want to read the full thing.

Your SOC integrates an AI-driven SOAR platform that auto-remediates low-severity alerts. After three months, analysts notice the model's false positive rate has doubled and it is closing legitimate incidents without investigation. What should the SOC manager address FIRST? A. Revert to manual triage until the model is retrained on updated threat data B. Evaluate the model for drift and establish ongoing performance monitoring baselines C. Escalate to the vendor and demand a root cause analysis under the SLA D. Increase analyst headcount to manually review all auto-closed incidents Come back for the answer tomorrow, or study more now!

Hey everyone, We've got another masterclass coming up with May Brooks next Tuesday. If you don't know May, she's a CISSP instructor who's helped a ton of people pass the exam, and she's been a great partner to our community. This is a live session where she breaks down how top scorers actually think through exam questions, how they eliminate traps, and what separates people who pass from people who don't. If you've been studying and want to sharpen your approach before exam day, this is worth your time. When: Tuesday, April 7th at 11:00 AM Eastern / 8:00 AM Pacific Where: 👉Register here Cost: Free for study group members!

A development team integrates a third-party open-source library that processes customer PII. Six months later, a critical vulnerability is disclosed in that library. The vendor has not released a patch. Business stakeholders resist removing the library because it powers a revenue-generating feature. What is the MOST appropriate action? A. Implement compensating controls around the vulnerable component and document the accepted risk B. Fork the library and develop an internal patch C. Escalate to the risk owner for a formal risk acceptance decision D. Immediately remove the library and disable the affected feature Come back for the answer tomorrow, or study more now!