Evaluate the use of Artificial Intelligence (AI) and Natural Language Processing (NLP) to bridge the gap between security policies and employees in large enterprises

Brockman, Lisa (2024) Evaluate the use of Artificial Intelligence (AI) and Natural Language Processing (NLP) to bridge the gap between security policies and employees in large enterprises. Masters thesis, Dublin, National College of Ireland.

Preview	PDF (Master of Science) Download (935kB) | Preview
Preview	PDF (Configuration Manual) Download (484kB) | Preview

Abstract

Security policies are crucial for establishing the security posture of an enterprise, with significant number of research papers attributing a reduced level of compliance to those enterprises where there is not sufficient dissemination, communication, understanding and clarity of ask.

The factors contributing to a reduced level of compliance are by and large thought to be people problems, rather than technical ones. Despite significant research into these factors, the key challenge which persists is bridging the gap between the security policies of the enterprise and the employees who need to comply with them. The importance of having a securely educated workforce cannot be underestimated. A 2020 research paper from Stanford University found that approximately 88% of all data breaches are caused by employee mistakes, in many cases attributed to a lack of security policy knowledge, with 45% of employees attributing distraction as the top reason for falling for security threats such as phishing. The study went on to conclude that employees report they are primarily focused on the job they have been hired to do, rather than having the time to find, read, understand, and comply with security policies.

An opportunity to bridge this gap requires the simplification of the process for employees to find security policy information and avoid having to read through pages and pages of “security speak” to attempt to decipher an answer to their problem.

This research paper evaluated the potential for the use of Artificial Intelligence (AI) and Natural Language Processing (NLP) to bridge the gap by carrying out a full literature review on both the factors affecting successful security policy adoption, and the state of the art in Chatbots. A technical model for an enterprise specific security policy Chatbot was designed, implemented, and trained on a limited set of ISO27001 policies. The Chatbot: PolicyPal, was also fine tuned during an iterative set of phases to continuously improve the quality and accuracy of the answers provided by the Chatbot. At the end of the fine-tuning phase, the PolicyPal was able to answer 72% of test cases effectively, with the remaining 28% being partially effective.

Item Type:	Thesis (Masters)
Supervisors:	Name Email Pantridge, Michael UNSPECIFIED
Subjects:	Q Science > QA Mathematics > Electronic computers. Computer science T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science Q Science > QH Natural history > QH301 Biology > Methods of research. Technique. Experimental biology > Data processing. Bioinformatics > Artificial intelligence Q Science > Q Science (General) > Self-organizing systems. Conscious automata > Artificial intelligence P Language and Literature > P Philology. Linguistics > Computational linguistics. Natural language processing Q Science > QA Mathematics > Computer software > Computer Security T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions:	School of Computing > Master of Science in Cyber Security
Depositing User:	Ciara O'Brien
Date Deposited:	05 Jun 2025 09:32
Last Modified:	05 Jun 2025 09:32
URI:	https://norma.ncirl.ie/id/eprint/7744

Actions (login required)

View Item