Filling in InfoSec surveys is rarely fun at the best of times. So how can we use AI to help?

If you're working in a B2B business in some kind of security capacity, chances are that you spent a fair amount of time filling in InfoSec surveys from perspective clients. These surveys are important to make clients feel at ease, but they can be painstaking to fill in; they often come in different formats and with slightly different wording and they can take a serious chunk of time to complete.

Enter Claude

I've been using Claude 3.5 Sonnet and it's Projects feature to take the pain out of answering these questions. It's not perfect - but it gives a good starting point which you can then review and submit.

To do this you will need:

• A paid Claude account.
• All of the InfoSec policies and agreements your company has.
• Your company's privacy policy.
• Any previous InfoSec surveys that are relevant.

How to make your InfoSec life better

1. Create a new project in Claude AI

Go to Claude Projects and select 'Create Project'. Give your project a name - e.g. 'InfoSec' and a description - e.g. Answer questions on InfoSec.

Once it is created, check your project is private by checking the padlock is showing next to the project name.

2. Add the project instructions

On the new project page, click 'Set project instructions' and add the following prompt:

You are an InfoSec expert who works for [Company name]. [Add description of company].

You will be given prospective client security questions and you will need to provide accurate client-facing answers.

• Use a professional tone, use precise wording.
• The response is for a technical audience, so you can use common technology and security terms, but keep the wording simple.
• You should not say "Based on the information available", you know the information.
• Keep answers optimistic
• Always start with a positive outlook - your answers may determine whether the prospective client becomes a paying customer.
• Answers should be concise and kept to less than 250 words.
• Avoid becoming a sales person and promoting the product in your answers. This is for InfoSec.

3. Upload your data

Now it's time to add your project data. Upload your policies to the project. Some of the policies you may want to add include:

• Acceptable Use
• Asset Management Policy
• Backup Policy
• Change Management Policy
• Code of Conduct
• Data Classification Policy
• Data Protection Policy
• Data Retention Policy
• Encryption Policy
• Information Security Policy
• Logging and Monitoring Policy
• Password Policy
• Physical Security Policy
• Risk Assessment Policy
• System Access Control Policy
• Vendor Management Policy
• Vulnerability Management Policy

You may also want to include:

• Business Continuity Plan
• Disaster Recovery Plan
• Incident Response Plan
• A description of the system tech stack
• Software Development LifeCycle

If you have any Data Processing Agreements or Master Service Agreements you can also include these.

4. Adjust the writing style

Once you have uploaded some documents, Claude allows you to configure a custom writing style. Under the text entry area and next to the model name is a 'Choose style' option. If you click 'Create', you can add some of your previously answered questions and AI will respond with a similar style.

5. Test your output

All that is left to do now is test your output! Give it a whirl and then see what needs to be tweaked!

And that's how you make InfoSec documentation more innovative!

--

By Andi Smith