This page in Swedish

Research projects

Improving Information Security Policy Design using AI

About this project

Project information

Project status

In progress 2024 - 2029

Contact

Fredrik Karlsson

Research subject

Research environments

In contemporary organisations, information and information systems are critical business assets, making it unsurprising that information security is a significant concern. However, information security cannot be maintained through technical solutions alone. Operational information security policies (ISPs), which outline the acceptable procedures employees must adhere to daily when utilising an organisation's information assets, also play a vital role in ensuring information security. At the same time, poorly designed ISPs can negatively affect employees' information security behaviour.

Although there is widespread consensus on the importance of ISPs, research shows that existing ISPs are often difficult to comprehend, particularly regarding actionable advice. This project explores how Artificial Intelligence can support information security managers in designing ISP content. Artificial Intelligence encompasses a range of technologies, with one example being large language models. At present, large language models are integrated into tools used by programmers to write code, functioning as pair programming co-pilots by reviewing and suggesting improvements to the code. Another example is the use of large language models to assist requirements engineers in eliciting software requirements. Drawing inspiration from such applications of large language models, similar functionality can be incorporated into information security management systems software to support information security policy design, specifically by training large language models to analyse and enhance information security policies. To achieve this, we utilise speech act theory as a foundation for identifying and guiding improvements in different parts of information security policies.

The project is funded by the National Graduate School of Management and IT.

Research funding bodies

  • The Swedish Research School on Management and IT (MIT)