Using Generative AI for Cybersecurity (Part 1 of 4- workflow classification)

Daemon Behr

Generative AI, also known as GANs, use deep learning algorithms to generate new data that is similar to a given dataset. This technology has the potential to revolutionize the way we approach creating content, policies, and strategies for organizations. This has historically been the domain of knowledge workers, as it requires a deep understanding of frameworks, subject matter and specifics of individual organizations. However, as processes and methodologies become more standardized, the implementation becomes less about developing a novel approach, and more about taking a template and customizing it. This is exactly what GANs are perfect for.

On the flip side of the conversation there are a myriad of situations where GANs can be used for creating malware, developing content for phishing emails, and even reverse engineering code. That has been documented as being used in the wild, and will continue to evolve at an exponential rate.

From a defensive perspective, there are a number of ways that GANs can be leveraged. In this article I will be focused on using prompts in ChatGPT, which is a natural language interface for communicating with the AI engine created by OpenAI.

For cybersecurity management, the CISSP certification from ISC2 is a pretty standard certification benchmark. So I will use the 8 domains from it to frame a library of prompts that can be categorized and put into a Github repo. I’m also currently going through the certification process myself, so although this will be a bit self-serving, I hope that it benefits others along the way. These domains are as follows:

1) Security and Risk Management

This domain provides a comprehensive overview of the things you need to know about information systems management. It covers:

  • The confidentiality, integrity and availability of information;
  • Security governance principles;
  • Compliance requirements;
  • Legal and regulatory issues relating to information security;
  • IT policies and procedures; and
  • Risk-based management concepts.

2) Asset Security

This domain addresses the physical requirements of information security. It covers:

  • The classification and ownership of information and assets;
  • Privacy;
  • Retention periods;
  • Data security controls; and
  • Handling requirements.

3) Security Architecture and Engineering

This domain covers several important information security concepts, including:

  • Engineering processes using secure design principles;
  • Fundamental concepts of security models;
  • Security capabilities of information systems;
  • Assessing and mitigating vulnerabilities in systems;
  • Cryptography; and
  • Designing and implementing physical security.

4) Communications and Network Security

This domain covers the design and protection of an organization’s networks. This includes:

  • Secure design principles for network architecture;
  • Secure network components; and
  • Secure communication channels.

5) Identity and Access Management

This domain helps information security professionals understand how to control the way users can access data. It covers:

  • Physical and logical access to assets;
  • Identification and authentication;
  • Integrating identity as a service and third-party identity services;
  • Authorisation mechanisms; and
  • The identity and access provisioning lifecycle.

6) Security Assessment and Testing

This domain focuses on the design, performance and analysis of security testing. It includes:

  • Designing and validating assessment and test strategies;
  • Security control testing;
  • Collecting security process data;
  • Test outputs; and
  • Internal and third-party security audits.

7) Security Operations

This domain addresses the way plans are put into action. It covers:

  • Understanding and supporting investigations;
  • Requirements for investigation types;
  • Logging and monitoring activities;
  • Securing the provision of resources;
  • Foundational security operations concepts;
  • Applying resource protection techniques;
  • Incident management;
  • Disaster recovery;
  • Managing physical security; and
  • Business continuity.

8) Software Development Security

This domain helps professionals to understand, apply and enforce software security. It covers:

  • Security in the software development life cycle;
  • Security controls in development environments;
  • The effectiveness of software security; and
  • Secure coding guidelines and standards.

Over the course of this 4-part blog series, I will create a number of prompts that can be used by ChatGPT to assist with each of these domains. The key to making the output of the prompts useful, is to have a larger workflow that supports an outcome. The more detailed the input, the more relevant the output. There is a whole field of study around AI input prompt hacking to fine tune results. So if you take an outcome, such as “how do I improve cybersecurity with the least amount of effort and a small budget?”, you could have a workflow like this:

  1. Define objective: (improve security posture)
  2. Define maximum level of effort: (how many human hours of work with a minimum level of experience)
  3. Define maximum budget: (how much are you willing to spend, inclusive of human hours at defined pay-rate)
  4. Prioritize actions that have maximum impact within budget: (What is the biggest bang for the buck)
  5. Identify the gaps in operational feasibility with the desired posture improvements and plan for future remediation as budget and resources permit. (Acknowledge outstanding risks)

To define the maximum level of effort, we first need to outline the workstreams. Using ChatGPT, I asked it: “How do I improve cybersecurity with the least amount of effort and a small budget?”

Here is its response, all of which is pretty spot on.

Here are some steps you can take to improve cybersecurity with minimal effort and a small budget:

  1. Use strong and unique passwords for all your accounts. This will help prevent unauthorized access to your accounts.

2. Enable two-factor authentication (2FA) on all your accounts that support it. This will provide an additional layer of security by requiring you to enter a code sent to your phone or email before logging in.

3. Keep your software and devices up to date with the latest patches and security updates. This will help protect against vulnerabilities that have been discovered and fixed by the manufacturer.

4. Be cautious when clicking links or downloading attachments from unknown sources. Scammers often use these tactics to trick people into downloading malware or revealing sensitive information.

5. Use a reputable antivirus software to protect against malware and other threats.

6. Regularly back up important data to a secure location. This will allow you to restore your data in case of a cyberattack or other data loss.

7. Educate yourself and your employees about cyber threats and how to protect against them. This can help prevent common mistakes that can lead to successful attacks.

By following these steps, you can significantly improve your cybersecurity without a lot of effort or a large budget.