Enhancing Productivity with AI During the Development of an ISMS : Case Kempower
Niemeläinen, A., Waseem, M., & Mikkonen, T. (2025). Enhancing Productivity with AI During the Development of an ISMS : Case Kempower. In D. Pfahl, J. G. Huerta, J. Klünder, & H. Anwar (Eds.), Product-Focused Software Process Improvement : 25th International Conference, PROFES 2024, Tartu, Estonia, December 2–4, 2024, Proceedings (pp. 60-74). Springer. Lecture Notes in Computer Science. https://doi.org/10.1007/978-3-031-78386-9_5
Published in
Lecture Notes in Computer ScienceDate
2025Access restrictions
Embargoed until: 2025-12-02Request copy from author
Copyright
© The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2025
Investing in an Information Security Management System (ISMS) enhances organizational competitiveness and protects information assets. However, introducing an ISMS consumes significant resources; for instance, implementing an ISMS according to the ISO27001 standard involves documenting 116 different controls. This paper discusses how Kempower, a Finnish company, has effectively used generative AI to create and implement an ISMS, significantly reducing the resources required. This research studies how the use of generative AI can enhance the process of creating an ISMS. We conducted seven semi-structured interviews held with various stakeholders of the ISMS project, who had varying levels experience in cyber security and AI.
Publisher
SpringerParent publication ISBN
978-3-031-78385-2Conference
International Conference on on Product-Focused Software Process ImprovementIs part of publication
Product-Focused Software Process Improvement : 25th International Conference, PROFES 2024, Tartu, Estonia, December 2–4, 2024, ProceedingsISSN Search the Publication Forum
0302-9743Publication in research information system
https://converis.jyu.fi/converis/portal/detail/Publication/244292230
Metadata
Show full item recordCollections
License
Related items
Showing items with similar title or keywords.
-
Frameworks for software threats and security in secure DevOps
Leppänen, Tiina (2022)Tämä artikkeligradu pohjautuu kahteen tietoturvallista ohjelmistokehitystä tutkivaan artikkeliin. Ensimmäisen artikkelin tavoitteena on kehittää kyber-turvallisuuden prosesseja tutkimalla ja arvioimalla valittujen uhkamallien ... -
Towards Practical Cybersecurity Mapping of STRIDE and CWE : a Multi-perspective Approach
Honkaranta, Anne; Leppänen, Tiina; Costin, Andrei (FRUCT Oy, 2021)Cybersecurity practitioners seek to prevent software vulnerabilities during the whole life-cycle of systems. Threat modeling which is done on the system design phase is an efficient way for securing systems; preventing ... -
Early Results of an AI Multiagent System for Requirements Elicitation and Analysis
Sami, Malik Abdul; Waseem, Muhammad; Zhang, Zheying; Rasheed, Zeeshan; Systä, Kari; Abrahamsson, Pekka (Springer, 2025)In agile software development, user stories capture requirements from the user’s perspective, emphasizing their needs and each feature’s value. Writing concise and quality user stories is necessary for guiding software ... -
Cargo-Cult Containerization : A Critical View of Containers in Modern Software Development
Mikkonen, Tommi; Pautasso, Cesare; Systä, Kari; Taivalsaari, Antero (IEEE, 2022)Software is increasingly developed and deployed using containers. While the concept of a container is conceptually straightforward, there are various issues to be considered while using them, ranging from technical details ... -
Introducing Traceability in GitHub for Medical Software Development
Stirbu, Vlad; Mikkonen, Tommi (Springer International Publishing, 2021)Assuring traceability from requirements to implementation is a key element when developing safety critical software systems. Traditionally, this traceability is ensured by a waterfall-like process, where phases follow each ...