Location
Hilton Hawaiian Village, Honolulu, Hawaii
Event Website
https://hicss.hawaii.edu/
Start Date
3-1-2024 12:00 AM
End Date
6-1-2024 12:00 AM
Description
In today's digital age, information security is of utmost importance. Many organizations are adopting information security management systems and pursuing certifications like ISO 27001. However, the process of creating and maintaining these policies is often manual and time-consuming. Organizations must merge requirements from different frameworks and stay updated with evolving regulations. To address these challenges, we propose a novel approach that leverages large language models, specifically fine-tuning a pre-trained BERT model. Our research focuses on automatically identifying and matching cybersecurity requirements, particularly those outlined in ISO 27001. This approach aims to support the merging of requirements from various frameworks into a unified policy and ensure the consistency of company-specific policies with updated frameworks over time. By utilizing advanced natural language processing techniques and the power of BERT, we aim to streamline the process of policy creation and maintenance, reducing manual effort and enabling organizations to stay compliant with changing regulations.
Recommended Citation
Hirschmeier, Stefan, "CISO-BERT: Matching Information Security Requirements by Fine-Tuning the BERT Language Model" (2024). Hawaii International Conference on System Sciences 2024 (HICSS-57). 2.
https://aisel.aisnet.org/hicss-57/da/security/2
CISO-BERT: Matching Information Security Requirements by Fine-Tuning the BERT Language Model
Hilton Hawaiian Village, Honolulu, Hawaii
In today's digital age, information security is of utmost importance. Many organizations are adopting information security management systems and pursuing certifications like ISO 27001. However, the process of creating and maintaining these policies is often manual and time-consuming. Organizations must merge requirements from different frameworks and stay updated with evolving regulations. To address these challenges, we propose a novel approach that leverages large language models, specifically fine-tuning a pre-trained BERT model. Our research focuses on automatically identifying and matching cybersecurity requirements, particularly those outlined in ISO 27001. This approach aims to support the merging of requirements from various frameworks into a unified policy and ensure the consistency of company-specific policies with updated frameworks over time. By utilizing advanced natural language processing techniques and the power of BERT, we aim to streamline the process of policy creation and maintenance, reducing manual effort and enabling organizations to stay compliant with changing regulations.
https://aisel.aisnet.org/hicss-57/da/security/2