Educating About the Use of AI Chatbots to Assist in Performing Cybersecurity Tasks

This Master's Dissertation investigates the use of Artificial Intelligence, specifically OpenAI’s ChatGPT model, as a support tool for cybersecurity professionals conducting risk assessments in accordance with internationally recognized standards ISO/IEC 27005 and ISO/IEC 27001. The main objective was to design and evaluate an AI-assisted system capable of producing structured and compliant cybersecurity risk assessments tailored to professional needs.
A multi-phase exploratory methodology was followed. It began with a literature review on the cyber threat landscape, the capabilities of Artificial Intelligence, and the practical application of ISO/NIST standards. A detailed prompt-engineering strategy was then developed to configure ChatGPT’s behaviour, resulting in five progressive system versions (V.1–V.5). Only the final version was tested by users, who completed questionnaires assessing the tool’s effectiveness, the competencies needed to apply generative AI in cybersecurity, and the effectiveness of strategies for developing these competencies. The final version of the tool is available at the following link: https://chatgpt.com/g/g-IuMcv5TwZ-ai-cyber-risk-assessment
The results showed that a well-configured ChatGPT system can effectively support risk assessments by automating asset classification, risk scoring, and treatment recommendations, significantly reducing manual workload. The study also highlighted the importance of specific professional skills in using AI effectively, and confirmed that formal education, professional training, and simulation-based workshops are highly effective in developing these skills.
In conclusion, the dissertation demonstrates the transformative potential of Artificial Intelligence in cyber risk management, while emphasizing the essential role of human oversight, validation, and continuous optimization in ensuring accuracy, compliance, and operational excellence.