菜单
Information security strategy, risk management, security program governance, and compliance framework integration
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | information-security-strategy |
| description | Information security strategy, risk management, security program governance, and compliance framework integration |
| license | Apache-2.0 |
Apply the AI FIRST principle: never accept first-pass quality. Minimum 2 iterations. Read all output, improve every section. No shortcuts.
Defines the information security strategy framework for Hack23 projects, integrating risk management with compliance requirements.
| Framework | Focus | Key Controls |
|---|---|---|
| ISO 27001:2022 | ISMS | 93 controls in 4 themes |
| NIST CSF 2.0 | Cybersecurity | Govern, Identify, Protect, Detect, Respond, Recover |
| CIS Controls v8.1 | Implementation | 18 control groups |
| GDPR | Privacy | Data protection, rights |
| NIS2 | Critical infra | Supply chain, incident reporting |
Strategy execution requires cross-policy alignment across the ISMS-PUBLIC suite:
Every strategic initiative MUST map to: (a) one or more ISMS policies, (b) measurable KPI in Security_Metrics.md, (c) at least one compliance framework (ISO 27001 / NIST CSF 2.0 / CIS Controls v8.1 / GDPR / NIS2 / EU CRA), and (d) risk-treatment action in the risk register.
Master GitHub Agentic Workflows authoring - markdown syntax, natural language instructions, YAML frontmatter, compilation, and workflow patterns
Comprehensive expertise in GitHub Agentic Workflows (v0.68.1) — AI-powered repository automation with five-layer security, safe outputs, MCP tools, and Continuous AI patterns
Comprehensive guide for MCP (Model Context Protocol) server setup, transport protocols, configuration validation, lifecycle management, tool discovery, and error handling patterns
Comprehensive Hack23 threat modeling process using STRIDE, MITRE ATT&CK, attack trees, and quantitative risk assessment per ISMS Threat_Modeling.md policy
Fiscal policy, budget analysis, economic forecasting, monetary policy, trade policy for political journalists
Comprehensive guide to integrating agentic automation with GitHub Actions CI/CD pipelines, including workflow triggers, environment configuration, secrets management, matrix strategies, and deployment patterns for production-ready autonomous systems.
