
Welcome to the course, and thank you for joining.
Use this course in two ways: first, to understand how AI changes security practice, and second, to recognize how each certification frames those changes
This lecture explains why AI governance has become a foundational cybersecurity and trust issue across modern organizations. It explores accountability, decision ownership, transparency expectations, and the practical need to align AI use with security, ethics, business goals, and defensible oversight.
This lecture focuses on identifying what actually counts as an AI asset, including models, datasets, prompts, agents, vector stores, and supporting services. It shows how classification supports security ownership, risk analysis, protection priorities, and exam-style thinking across multiple ISC2 pathways.
This lecture examines how AI depends on data throughout collection, preparation, training, inference, retention, and disposal. It highlights why poor governance weakens trust, privacy, compliance, and model security, and how lifecycle discipline supports control design and operational resilience.
This lecture introduces the foundational architectural concepts needed to secure AI systems. It explains trust boundaries, component relationships, dependency flows, and the difference between securing a traditional application and securing an AI-enabled environment with models, pipelines, and dynamic behavior.
This lecture explores how to embed security into AI system design rather than adding controls later. It covers secure design choices, abuse resistance, dependency awareness, and ways to reduce exposure across training, deployment, interaction, and model-driven decision processes.
This lecture explains how access control principles apply to the unique components of AI systems. It examines permissions, role design, identity boundaries, API exposure, agent behavior, and how improper access can lead to misuse, data leakage, or unsafe model actions.
This lecture examines how encryption protects sensitive AI-related data during storage, transfer, and processing. It connects cryptographic protection to model inputs, inference outputs, training datasets, secrets, and regulated information that must remain secure throughout the AI lifecycle.
This lecture explains how AI gateway controls help reduce misuse and abuse at the interaction layer. It covers prompt firewalls, usage restrictions, filtering logic, and rate or token controls that help manage exposure, reduce prompt-based attacks, and improve operational discipline.
This lecture introduces the threat landscape surrounding AI-specific weaknesses, including evasion, poisoning, manipulation, and exploitation of system behavior. It helps learners understand how attackers target AI differently from traditional systems and why new defensive thinking is required.
This lecture explains how organizations evaluate whether AI systems are trustworthy, controlled, and aligned with policy or regulatory expectations. It covers assurance activities, audits, impact assessments, evidence gathering, and the importance of documenting how AI risks are understood and managed.
This lecture explores how privacy issues arise in AI design, deployment, and operation. It addresses sensitive data use, inference risks, personal information handling, and the importance of embedding privacy considerations into governance, architecture, controls, and monitoring activities.
This lecture explains how security incidents involving AI may differ from those involving conventional systems. It examines detection, triage, containment, recovery, and lessons learned when the issue involves model misuse, unsafe outputs, data exposure, or compromised AI components.
This lecture focuses on the need to monitor AI systems over time rather than assuming they remain safe after deployment. It covers changes in behavior, emerging threats, misuse patterns, control drift, and the operational importance of sustained visibility and review.
This lecture explains why organizations must be able to trace where AI data came from, how it was transformed, and how decisions were influenced. It connects lineage and traceability to accountability, investigations, assurance activities, and confidence in AI-enabled processes.
This lecture examines how explainability and interpretability affect trust, governance, and secure decision-making in AI systems. It also highlights the importance of meaningful human oversight when AI influences business, security, or risk-sensitive actions at scale.
This lecture provides a strategic view of the evolving regulatory environment surrounding AI. It helps learners understand how legal and compliance expectations influence governance decisions, control design, oversight structures, and enterprise risk management across jurisdictions.
This lecture focuses on practical monitoring and logging considerations for AI interactions. It explains what operational teams should observe, how prompt activity can reveal misuse or policy violations, and why audit trails matter for security operations and troubleshooting.
This lecture explores how AI can support practical security operations, including triage, alert handling, analysis support, and repetitive workflow execution. It also discusses the need to validate outputs and maintain human judgment when automation affects security decisions.
This lecture explains how vulnerability management changes when models, pipelines, agents, and external AI services become part of the environment. It covers discovery, prioritization, remediation thinking, and the challenge of handling weaknesses that are not purely software defects.
This lecture introduces the major frameworks and standards shaping AI governance and risk management. It explains how these references help organizations structure policies, controls, assurance methods, and compliance decisions in a disciplined and repeatable way.
This lecture explains the core principles behind managing AI risk in an enterprise setting. It helps learners distinguish technical issues from governance concerns and shows how risk thinking connects security, compliance, ethics, resilience, and operational decision-making.
This lecture focuses on how to assess AI-related risk in a structured and defensible way. It explores threat scenarios, control gaps, impact reasoning, stakeholder input, and the practical steps needed to move from concern to documented risk treatment.
This lecture examines how to translate AI risks into concrete control decisions. It discusses preventive, detective, and corrective measures, along with the challenge of tailoring controls to systems that are probabilistic, data-dependent, and often influenced by third-party components.
This lecture explains how external providers, cloud platforms, and AI vendors affect compliance obligations and control confidence. It also addresses data sovereignty, jurisdictional concerns, and the importance of evaluating whether third-party arrangements support secure and lawful AI use.
This lecture explores how bias and robustness issues can become governance, risk, and compliance concerns. It highlights why organizations must monitor fairness, stability, and resilience over time, especially when AI outputs affect people, decisions, or regulated processes.
This lecture explains how organizations can determine whether AI security controls are actually working. It examines metrics, indicators, evidence sources, and the importance of measuring security performance in a way that supports leadership reporting and continuous improvement.
This lecture examines how AI systems depend on models, libraries, datasets, platforms, and services that may come from multiple sources. It explains why supply chain exposure matters and how cloud-connected AI increases dependency risk, validation needs, and trust concerns.
This lecture focuses on the security and governance risks introduced by external AI vendors and service providers. It explores due diligence, contract awareness, dependency mapping, service limitations, and how provider weaknesses can directly affect cloud security posture.
This lecture explains the core concepts behind retrieval-augmented generation, embeddings, and vector storage in modern AI systems. It helps learners understand why these components matter for data exposure, access control, architecture, and secure use of knowledge-driven AI in cloud environments.
This lecture focuses on verifying whether AI guardrails actually perform as intended under realistic conditions. It examines testing logic, failure scenarios, bypass attempts, and the operational need to validate claims about safety, policy enforcement, and abuse resistance.
This lecture examines prompt engineering from both a defensive and offensive perspective. It shows how prompts can support secure use cases while also becoming an attack surface, making this topic highly relevant to secure design, misuse cases, and application behavior.
This lecture explores the security implications of AI-enabled developer tools, browser assistants, command-line integrations, and plugins. It helps learners understand how convenience features can affect code quality, data exposure, dependency trust, and secure software practices.
This lecture introduces practical knowledge sources that help security professionals understand AI threat patterns and emerging weaknesses. It explains how structured repositories and industry initiatives can support testing, design reviews, secure development, and more informed risk discussions.
This lecture focuses on how poor-quality, untrusted, or poorly governed data can undermine AI-enabled software. It connects provenance, integrity, and lifecycle discipline to application assurance, trustworthy output, and the long-term maintainability of secure AI-supported systems.
This course contains the use of AI, and is designed for cybersecurity, cloud, governance, risk, compliance, and application security professionals who want to understand how AI security guidance maps across CISSP, SSCP, CGRC, CCSP, and CSSLP. It is especially valuable for learners who already have security experience and want one clear bridge course that explains both the shared foundation and the certification-specific differences.
A practical bridge course covering AI governance, controls, cloud risk, secure development, and operational security across five ISC2 paths
Rather than repeating overlapping material across multiple certification paths, this course gives you a shared core foundation in AI security that applies across all five roles, then shows you the specific differences that matter for each certification track. You will explore AI governance, asset identification, data lifecycle management, secure design, access control, encryption, privacy, assurance, incident response, continuous monitoring, and traceability. You will also examine the unique AI concerns that matter most in governance and compliance, cloud security, secure software development, and day-to-day security operations.
Whether you are preparing for an exam, updating your professional knowledge, or trying to understand how AI affects your current security responsibilities, this course will help you bridge the gap with structured, certification-relevant guidance. It is a practical, focused learning experience built for modern cybersecurity professionals who want clarity without unnecessary repetition.