DiVA

diva-portal.org

Digitala Vetenskapliga Arkivet

EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Evaluating the Efficiency, Effectiveness, and Completeness of GPT-Generated Information Security Policies
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
2024 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

This paper evaluates the efficiency, effectiveness, and completeness of information security policies (ISPs) generated by OpenAI’s GPT-4 model compared to those crafted by human experts, focusing on Small and midsize enterprises (SMEs) and smaller public organizations. The study reveals that GPT-4 can generate ISPs that closely match the quality of expert-generated ones, demonstrating no significant difference in efficiency, effectiveness, and completeness. The comparative analysis and double-blind evaluation by an expert panel suggest that employing GPT-generated drafts as a preliminary step, followed by expert auditing and customization, could be a viable strategy for organizations, mainly due to the time-consuming and costly nature of developing ISPs. Furthermore, our results highlight the potential applicability of using GPTs to generate ISPs in Swedish, broadening the usability of AI in crafting security policies across different languages. However, while GPT-4 can produce initial drafts efficiently, the study indicates a need for these AI-generated documents to undergo a thorough review by information security experts to ensure they meet specific organizational requirements and keep pace with evolving cyber threats. This approach promises a novel and cost-effective method for SMEs and smaller public organizations to develop robust information security frameworks.
Place, publisher, year, edition, pages
2024.
Keywords [en]
Information security, IT security, IT-security policies, ChatGPT, GPT4, Artificial intelligence, Policy
National Category
Information Systems
Identifiers
URN: urn:nbn:se:su:diva-242702OAI: oai:DiVA.org:su-242702DiVA, id: diva2:1955593
Available from: 2025-04-30 Created: 2025-04-30

Open Access in DiVA

fulltext(1488 kB)36 downloads
File information
File name FULLTEXT01.pdfFile size 1488 kBChecksum SHA-512
a6ca6efdba42d186cf2061d05167df9e7a886d08bb5ee6523d515de861722b0b3d53dd8d4db5b24bc468806ac974b4b770fdfe8828e32d2ee0443e87b48f3921
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Malm Wiklund, OskarStrandberg, Måns
By organisation
Department of Computer and Systems Sciences
Information Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 36 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 44 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.46.0
|
WCAG
|
About DiVA Portal
|
About the DiVA Consortium