Enhancing Productivity with AI During the Development of an ISMS: Case Kempower

TL;DR

This paper explores how Kempower utilized generative AI to efficiently develop and implement an ISMS, significantly reducing resource consumption in line with ISO27001 standards.

Contribution

It demonstrates the practical application of generative AI in streamlining ISMS creation and implementation within an organizational context.

Findings

Generative AI reduced the time and resources needed for ISMS development.

Stakeholders reported increased efficiency and ease in creating ISMS documentation.

The approach was effective across different levels of cybersecurity and AI experience.

Abstract

Investing in an Information Security Management System (ISMS) enhances organizational competitiveness and protects information assets. However, introducing an ISMS consumes significant resources; for instance, implementing an ISMS according to the ISO27001 standard involves documenting 116 different controls. This paper discusses how Kempower, a Finnish company, has effectively used generative AI to create and implement an ISMS, significantly reducing the resources required. This research studies how the use of generative AI can enhance the process of creating an ISMS. We conducted seven semi-structured interviews held with various stakeholders of the ISMS project, who had varying levels experience in cyber security and AI.