Home » Courses » Certification Courses » AI Certificates » Certified AI Security Risk Management Auditor (CAISRMA)

Certified AI Security Risk Management Auditor (CAISRMA)

Length: 2 Days
Print Friendly, PDF & Email

Certified AI Security Risk Management Auditor (CAISRMA) Certification Program by Tonex

Machine Learning Operations (MLOps) Security Fundamentals Training by Tonex

Duration: 2 Days | Format: In-person / Virtual / Hybrid
Level: Intermediate to Advanced
Credential: Certification + Exam + Digital Badge

The CAISRMA certification equips AI professionals, security teams, risk officers, and compliance stakeholders with the tools and knowledge to manage security risks across the AI lifecycle. It covers threat modeling, risk assessment methodologies, AI-specific vulnerabilities (e.g., model inversion, poisoning, prompt injection), and alignment with NIST AI RMF, ISO/IEC 42001, MITRE ATLAS, and OWASP LLM Top 10.

Learning Objectives

By completing CAISRM, participants will be able to:

  • Apply structured risk assessment to AI and ML systems across development, deployment, and monitoring.
  • Identify and classify security threats specific to AI models, pipelines, and data.
  • Conduct AI threat modeling and impact assessments using STRIDE, DREAD, MITRE ATLAS.
  • Mitigate vulnerabilities related to LLMs, RAG systems, adversarial ML, and supply chain AI risks.
  • Map AI risks to enterprise frameworks like NIST AI RMF, ISO/IEC 27005, and ISO/IEC 42001.
  • Establish AI security risk registers, controls, and governance practices.
  • Contribute to secure-by-design and risk-aware AI system development.

Target Audience:

  • AI/ML security engineers
  • Cybersecurity and risk management professionals
  • Governance, risk, and compliance (GRC) leaders
  • Product owners and DevSecOps teams working with AI
  • Security architects and threat modelers
  • Technical auditors and AI assurance professionals
  • Government and defense teams overseeing AI programs

Program Modules:

Day 1 – AI Security Risk Landscape & Governance

Module 1: Foundations of AI Security Risks

  • Unique risk surface of AI: data, models, behaviors
  • Security vs ethical vs regulatory risks
  • AI misuse, abuse, and system compromise examples
  • MITRE ATLAS and OWASP LLM Top 10 review

Module 2: AI Security Risk Frameworks

  • NIST AI RMF: Map, Measure, Manage, Govern
  • ISO/IEC 42001 and 23894 (AI Management System + Risk Guidance)
  • Aligning AI risk with ISO 27005 and NIST SP 800-30
  • Creating an AI risk governance structure

Day 2 – Risk Assessment, Modeling, and Mitigation

Module 3: Threat Modeling for AI Systems

  • STRIDE and DREAD tailored to AI pipelines
  • AI-specific threat scenarios (e.g., prompt injection, training data leakage, model inversion)
  • LLM + RAG risk modeling using dataflow diagrams and attack trees
  • Risk scoring, prioritization, and remediation planning

Module 4: Controls & Mitigation Techniques

  • Controls across AI lifecycle: ingestion, training, deployment, monitoring
  • Secure-by-design principles for AI pipelines
  • RAG-specific access control, output validation, and chunk security
  • Adversarial robustness, LLM content filtering, and API hardening

Auditor Workshops: Risk Management, Compliance, and Tools

Risk Register & Risk Response Planning

  • Building and maintaining an AI security risk register
  • Mapping risks to controls and response workflows
  • Ownership, SLAs, escalation criteria
  • Integration with GRC platforms and enterprise dashboards

Monitoring, Testing, and Continuous Risk Evaluation

  • AI red teaming, adversarial testing, and monitoring practices
  • Tools: Microsoft Counterfit, IBM ART, SecML, Truera, Robust Intelligence
  • Third-party model risk: supplier assessment, model provenance, attestations
  • Creating feedback loops and risk heat maps

Capstone Case Study & Simulation

  • Simulated AI system: participants assess threats, assign scores, and propose mitigations
  • Final team presentations and feedback

Certification Exam Domains:

DomainWeight
AI Security Risk Concepts & Frameworks15%
Threat Modeling & Vulnerability Identification20%
Risk Assessment Methodologies15%
Controls & Mitigation Strategies15%
Risk Governance & Register Management15%
Monitoring & Continuous Risk Management10%
Compliance, Documentation, and Oversight10%

Certification Exam:

  • Format: 60–75 multiple choice + scenario-based questions
  • Duration: 90 minutes
  • Passing Score: 70%
  • Credential: Certified AI Security Risk Management (CAISRM)
  • Validity: 3 years
  • CEUs: 24
  • Digital badge issued via Badge.ink or other platforms

Request More Information