Search Icon
Submissions

Vision: Comparison of AI-assisted Policy Development Between Professionals and Students

Rishika Thorat (Purdue University), Tatiana Ringenberg (Purdue University)

AI-assisted cybersecurity policy development has the potential to reduce organizational burdens while improving compliance. This study examines how cybersecurity students and professionals develop ISO29147-aligned vulnerability disclosure policies (VDPs) with and without AI. Through this project, we will evaluate compliance, ethical accountability, and transparency of the policies through the lens of Kaspersky’s ethical principles.

Both students and professionals will produce policies manually and with AI, reflecting on utility and reliability. We will analyze resulting policies, prompts, and reflections through regulatory mapping, rubric-based evaluations, and thematic analysis. This project aims to inform educational strategies and industry best practices for integrating AI in cybersecurity policy development, focusing on expertise, collaboration, and ethical considerations.

We invite feedback from the Usable Security and Privacy community on participant recruitment, evaluation criteria, ethical frameworks, and ways to maximize the study’s impact on academia and industry.

Paper

View More Papers

Do We Really Need to Design New Byzantine-robust Aggregation...

Minghong Fang (University of Louisville), Seyedsina Nabavirazavi (Florida International University), Zhuqing Liu (University of North Texas), Wei Sun (Wichita State University), Sundararaja Iyengar (Florida International University), Haibo Yang (Rochester Institute of Technology)

Read More

BitShield: Defending Against Bit-Flip Attacks on DNN Executables

Yanzuo Chen (The Hong Kong University of Science and Technology), Yuanyuan Yuan (The Hong Kong University of Science and Technology), Zhibo Liu (The Hong Kong University of Science and Technology), Sihang Hu (Huawei Technologies), Tianxiang Li (Huawei Technologies), Shuai Wang (The Hong Kong University of Science and Technology)

Read More

Ctrl+Alt+Deceive: Quantifying User Exposure to Online Scams

Platon Kotzias (Norton Research Group, BforeAI), Michalis Pachilakis (Norton Research Group, Computer Science Department University of Crete), Javier Aldana Iuit (Norton Research Group), Juan Caballero (IMDEA Software Institute), Iskander Sanchez-Rola (Norton Research Group), Leyla Bilge (Norton Research Group)

Read More

On-demand RFID: Improving Privacy, Security, and User Trust in...

Youngwook Do (JPMorganChase and Georgia Institute of Technology), Tingyu Cheng (Georgia Institute of Technology and University of Notre Dame), Yuxi Wu (Georgia Institute of Technology and Northeastern University), HyunJoo Oh(Georgia Institute of Technology), Daniel J. Wilson (Northeastern University), Gregory D. Abowd (Northeastern University), Sauvik Das (Carnegie Mellon University)

Read More