To Örebro University

oru.seÖrebro University Publications
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Towards a Speech Act-Based Model to Enable Future Quality Improvements of Information Security Policies Using Large Language Models
Örebro University, Örebro University School of Business. Department of Informatics.ORCID iD: 0000-0002-3265-7627
Örebro University, Örebro University School of Business. Department of Informatics.ORCID iD: 0000-0002-3722-6797
Department of Computer Science, Norwegian University of Science and Technology, Trondheim, Norway.ORCID iD: 0000-0003-4830-1876
Örebro University, Örebro University School of Business. Department of Informatics.ORCID iD: 0009-0001-9207-3236
2025 (English)In: Perspectives in Business Informatics Research: 24th International Conference, BIR 2025, Riga, Latvia, September 17–19, 2025, Proceedings / [ed] Rébecca Deneckère; Marite Kirikova; Janis Grabis, Springer, 2025, Vol. 562, p. 349-364Conference paper, Published paper (Refereed)
Abstract [en]

Employees compliance with information security policies (ISPs) depends on communicating clear and comprehensible content. However, existing research has shown that many ISPs are of poor communicative quality. Large language models (LLMs) could enhance ISPs if finetuned on high-quality data, but to do such fine-tuning requires a conceptual model for classifying the data and evaluating the resulting text. Therefore, as a step in this direction, the aim of this paper is to develop a conceptual model of ISPs using speech act theory as a theoretical lens. We use conceptual modelling and document analysis to develop the model and use selected parts from the SEQUAL framework to evaluate the model. Analysing 600 ISP statements from ten British National Health Service ISPs, we present a class diagram containing 19 classes, six of which address ISP statement quality as speech acts. The SEQUAL evaluation points to potential areas for improving the model’s semantic, empirical, physical and deontic qualities before using it to fine-tune LLMs to improve ISP content.
Place, publisher, year, edition, pages
Springer, 2025. Vol. 562, p. 349-364
Series
Lecture Notes in Business Information Processing, ISSN 1865-1348, E-ISSN 1865-1356 ; Vol. 562
Keywords [en]
Information Security Policy, Speech Act, Large Language Model
National Category
Information Systems
Identifiers
URN: urn:nbn:se:oru:diva-124321DOI: 10.1007/978-3-032-04375-7_22ISBN: 9783032043740 (print)ISBN: 9783032043757 (electronic)OAI: oai:DiVA.org:oru-124321DiVA, id: diva2:2005318
Conference
24th International Conference on Perspectives in Business Informatics Research (BIR 2025), Riga, Latvia, September 17–19, 2025
Available from: 2025-10-09 Created: 2025-10-09 Last updated: 2025-10-13Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Authority records

Karlsson, FredrikGao, ShangAro-Sati, Leila

Search in DiVA

By author/editor
Karlsson, FredrikGao, ShangKrogstie, JohnAro-Sati, Leila
By organisation
Örebro University School of Business
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 66 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
Örebro University Library
|
DiVA Portal
|
DiVA Log in
|
Register in DiVA
|
Contact us