Investing in an Information Security Management System (ISMS) enhances organizational competitiveness and protects information assets. However, introducing an ISMS consumes significant resources; for instance, implementing an ISMS according to the ISO27001 standard involves documenting 116 different controls. This paper discusses how Kempower, a Finnish company, has effectively used generative AI to create and implement an ISMS, significantly reducing the resources required. This research studies how the use of generative AI can enhance the process of creating an ISMS. We conducted seven semi-structured interviews held with various stakeholders of the ISMS project, who had varying levels experience in cyber security and AI.

翻译：投资于信息安全管理体系（ISMS）能够增强组织竞争力并保护信息资产。然而，引入ISMS会消耗大量资源；例如，根据ISO27001标准实施ISMS需要记录116项不同的控制措施。本文探讨了芬兰公司Kempower如何有效利用生成式AI来创建和实施ISMS，从而显著减少了所需资源。本研究探讨了生成式AI的使用如何能够优化ISMS的创建流程。我们对该ISMS项目的七位不同利益相关者进行了半结构化访谈，这些受访者在网络安全和AI领域具有不同程度的经验。