Menu
Information security strategy, risk management, security program governance, and compliance framework integration
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Based on SOC occupation classification
Master GitHub Agentic Workflows authoring - markdown syntax, natural language instructions, YAML frontmatter, compilation, and workflow patterns
Comprehensive expertise in GitHub Agentic Workflows (v0.68.1) — AI-powered repository automation with five-layer security, safe outputs, MCP tools, and Continuous AI patterns
Comprehensive guide for MCP (Model Context Protocol) server setup, transport protocols, configuration validation, lifecycle management, tool discovery, and error handling patterns
Comprehensive Hack23 threat modeling process using STRIDE, MITRE ATT&CK, attack trees, and quantitative risk assessment per ISMS Threat_Modeling.md policy
Fiscal policy, budget analysis, economic forecasting, monetary policy, trade policy for political journalists
Comprehensive guide to integrating agentic automation with GitHub Actions CI/CD pipelines, including workflow triggers, environment configuration, secrets management, matrix strategies, and deployment patterns for production-ready autonomous systems.
| name | information-security-strategy |
| description | Information security strategy, risk management, security program governance, and compliance framework integration |
| license | Apache-2.0 |
Apply the AI FIRST principle: never accept first-pass quality. Minimum 2 iterations. Read all output, improve every section. No shortcuts.
Defines the information security strategy framework for Hack23 projects, integrating risk management with compliance requirements.
| Framework | Focus | Key Controls |
|---|---|---|
| ISO 27001:2022 | ISMS | 93 controls in 4 themes |
| NIST CSF 2.0 | Cybersecurity | Govern, Identify, Protect, Detect, Respond, Recover |
| CIS Controls v8.1 | Implementation | 18 control groups |
| GDPR | Privacy | Data protection, rights |
| NIS2 | Critical infra | Supply chain, incident reporting |
Strategy execution requires cross-policy alignment across the ISMS-PUBLIC suite:
Every strategic initiative MUST map to: (a) one or more ISMS policies, (b) measurable KPI in Security_Metrics.md, (c) at least one compliance framework (ISO 27001 / NIST CSF 2.0 / CIS Controls v8.1 / GDPR / NIS2 / EU CRA), and (d) risk-treatment action in the risk register.
