— In the early days a policy was a set of simple rules with a clear intuitive motivation that could be formalised to good effect. However the world is now much more complex. Subtle risk decisions may often need to be made and people are not always adept at expressing rationale for what they do. Previous research has demonstrated that Genetic Programming can be used to infer statements of policies from examples of decisions made [1]. This allows a policy that may not formally have been documented to be discovered automatically, or an underlying set of requirements to be extracted by interpreting user decisions to posed “what if” scenarios. This study compares the performance of three different approaches in using Genetic Programming to infer security policies from decision examples made, namely symbolic regression, IF–THEN rules inference and fuzzy membership functions inference. The fuzzy membership functions inference approach is found to have the best performance in terms of ...