[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-b3470b65-48f5-4b77-b0e6-dfb4089826a0":3,"$fNlMiL7ozvPxPiJoBucEGTuF1bzoGr2215HYIGQZBpZ4":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"b3470b65-48f5-4b77-b0e6-dfb4089826a0","information-security-manager-iso27001","ISO 27001 ISMS实施和医疗科技、医疗器械公司网络安全治理。用于ISMS设计、安全风险评估、控制实施、ISO 27001认证、安全审计、事件响应和合规性验证。涵盖ISO 27001、ISO 27002、医疗安全及医疗器械网络安全。","cat_coding_review","mod_coding","alirezarezvani,coding","---\nname: \"information-security-manager-iso27001\"\ndescription: ISO 27001 ISMS implementation and cybersecurity governance for HealthTech and MedTech companies. Use for ISMS design, security risk assessment, control implementation, ISO 27001 certification, security audits, incident response, and compliance verification. Covers ISO 27001, ISO 27002, healthcare security, and medical device cybersecurity.\n---\n\n# Information Security Manager - ISO 27001\n\nImplement and manage Information Security Management Systems (ISMS) aligned with ISO 27001:2022 and healthcare regulatory requirements.\n\n---\n\n## Table of Contents\n\n- [Trigger Phrases](#trigger-phrases)\n- [Quick Start](#quick-start)\n- [Tools](#tools)\n- [Workflows](#workflows)\n- [Reference Guides](#reference-guides)\n- [Validation Checkpoints](#validation-checkpoints)\n\n---\n\n## Trigger Phrases\n\nUse this skill when you hear:\n- \"implement ISO 27001\"\n- \"ISMS implementation\"\n- \"security risk assessment\"\n- \"information security policy\"\n- \"ISO 27001 certification\"\n- \"security controls implementation\"\n- \"incident response plan\"\n- \"healthcare data security\"\n- \"medical device cybersecurity\"\n- \"security compliance audit\"\n\n---\n\n## Quick Start\n\n### Run Security Risk Assessment\n\n```bash\npython scripts\u002Frisk_assessment.py --scope \"patient-data-system\" --output risk_register.json\n```\n\n### Check Compliance Status\n\n```bash\npython scripts\u002Fcompliance_checker.py --standard iso27001 --controls-file controls.csv\n```\n\n### Generate Gap Analysis Report\n\n```bash\npython scripts\u002Fcompliance_checker.py --standard iso27001 --gap-analysis --output gaps.md\n```\n\n---\n\n## Tools\n\n### risk_assessment.py\n\nAutomated security risk assessment following ISO 27001 Clause 6.1.2 methodology.\n\n**Usage:**\n\n```bash\n# Full risk assessment\npython scripts\u002Frisk_assessment.py --scope \"cloud-infrastructure\" --output risks.json\n\n# Healthcare-specific assessment\npython scripts\u002Frisk_assessment.py --scope \"ehr-system\" --template healthcare --output risks.json\n\n# Quick asset-based assessment\npython scripts\u002Frisk_assessment.py --assets assets.csv --output risks.json\n```\n\n**Parameters:**\n\n| Parameter | Required | Description |\n|-----------|----------|-------------|\n| `--scope` | Yes | System or area to assess |\n| `--template` | No | Assessment template: `general`, `healthcare`, `cloud` |\n| `--assets` | No | CSV file with asset inventory |\n| `--output` | No | Output file (default: stdout) |\n| `--format` | No | Output format: `json`, `csv`, `markdown` |\n\n**Output:**\n- Asset inventory with classification\n- Threat and vulnerability mapping\n- Risk scores (likelihood × impact)\n- Treatment recommendations\n- Residual risk calculations\n\n### compliance_checker.py\n\nVerify ISO 27001\u002F27002 control implementation status.\n\n**Usage:**\n\n```bash\n# Check all ISO 27001 controls\npython scripts\u002Fcompliance_checker.py --standard iso27001\n\n# Gap analysis with recommendations\npython scripts\u002Fcompliance_checker.py --standard iso27001 --gap-analysis\n\n# Check specific control domains\npython scripts\u002Fcompliance_checker.py --standard iso27001 --domains \"access-control,cryptography\"\n\n# Export compliance report\npython scripts\u002Fcompliance_checker.py --standard iso27001 --output compliance_report.md\n```\n\n**Parameters:**\n\n| Parameter | Required | Description |\n|-----------|----------|-------------|\n| `--standard` | Yes | Standard to check: `iso27001`, `iso27002`, `hipaa` |\n| `--controls-file` | No | CSV with current control status |\n| `--gap-analysis` | No | Include remediation recommendations |\n| `--domains` | No | Specific control domains to check |\n| `--output` | No | Output file path |\n\n**Output:**\n- Control implementation status\n- Compliance percentage by domain\n- Gap analysis with priorities\n- Remediation recommendations\n\n---\n\n## Workflows\n\n### Workflow 1: ISMS Implementation\n\n**Step 1: Define Scope and Context**\n\nDocument organizational context and ISMS boundaries:\n- Identify interested parties and requirements\n- Define ISMS scope and boundaries\n- Document internal\u002Fexternal issues\n\n**Validation:** Scope statement reviewed and approved by management.\n\n**Step 2: Conduct Risk Assessment**\n\n```bash\npython scripts\u002Frisk_assessment.py --scope \"full-organization\" --template general --output initial_risks.json\n```\n\n- Identify information assets\n- Assess threats and vulnerabilities\n- Calculate risk levels\n- Determine risk treatment options\n\n**Validation:** Risk register contains all critical assets with assigned owners.\n\n**Step 3: Select and Implement Controls**\n\nMap risks to ISO 27002 controls:\n\n```bash\npython scripts\u002Fcompliance_checker.py --standard iso27002 --gap-analysis --output control_gaps.md\n```\n\nControl categories:\n- Organizational (policies, roles, responsibilities)\n- People (screening, awareness, training)\n- Physical (perimeters, equipment, media)\n- Technological (access, crypto, network, application)\n\n**Validation:** Statement of Applicability (SoA) documents all controls with justification.\n\n**Step 4: Establish Monitoring**\n\nDefine security metrics:\n- Incident count and severity trends\n- Control effectiveness scores\n- Training completion rates\n- Audit findings closure rate\n\n**Validation:** Dashboard shows real-time compliance status.\n\n### Workflow 2: Security Risk Assessment\n\n**Step 1: Asset Identification**\n\nCreate asset inventory:\n\n| Asset Type | Examples | Classification |\n|------------|----------|----------------|\n| Information | Patient records, source code | Confidential |\n| Software | EHR system, APIs | Critical |\n| Hardware | Servers, medical devices | High |\n| Services | Cloud hosting, backup | High |\n| People | Admin accounts, developers | Varies |\n\n**Validation:** All assets have assigned owners and classifications.\n\n**Step 2: Threat Analysis**\n\nIdentify threats per asset category:\n\n| Asset | Threats | Likelihood |\n|-------|---------|------------|\n| Patient data | Unauthorized access, breach | High |\n| Medical devices | Malware, tampering | Medium |\n| Cloud services | Misconfiguration, outage | Medium |\n| Credentials | Phishing, brute force | High |\n\n**Validation:** Threat model covers top-10 industry threats.\n\n**Step 3: Vulnerability Assessment**\n\n```bash\npython scripts\u002Frisk_assessment.py --scope \"network-infrastructure\" --output vuln_risks.json\n```\n\nDocument vulnerabilities:\n- Technical (unpatched systems, weak configs)\n- Process (missing procedures, gaps)\n- People (lack of training, insider risk)\n\n**Validation:** Vulnerability scan results mapped to risk register.\n\n**Step 4: Risk Evaluation and Treatment**\n\nCalculate risk: `Risk = Likelihood × Impact`\n\n| Risk Level | Score | Treatment |\n|------------|-------|-----------|\n| Critical | 20-25 | Immediate action required |\n| High | 15-19 | Treatment plan within 30 days |\n| Medium | 10-14 | Treatment plan within 90 days |\n| Low | 5-9 | Accept or monitor |\n| Minimal | 1-4 | Accept |\n\n**Validation:** All high\u002Fcritical risks have approved treatment plans.\n\n### Workflow 3: Incident Response\n\n**Step 1: Detection and Reporting**\n\nIncident categories:\n- Security breach (unauthorized access)\n- Malware infection\n- Data leakage\n- System compromise\n- Policy violation\n\n**Validation:** Incident logged within 15 minutes of detection.\n\n**Step 2: Triage and Classification**\n\n| Severity | Criteria | Response Time |\n|----------|----------|---------------|\n| Critical | Data breach, system down | Immediate |\n| High | Active threat, significant risk | 1 hour |\n| Medium | Contained threat, limited impact | 4 hours |\n| Low | Minor violation, no impact | 24 hours |\n\n**Validation:** Severity assigned and escalation triggered if needed.\n\n**Step 3: Containment and Eradication**\n\nImmediate actions:\n1. Isolate affected systems\n2. Preserve evidence\n3. Block threat vectors\n4. Remove malicious artifacts\n\n**Validation:** Containment confirmed, no ongoing compromise.\n\n**Step 4: Recovery and Lessons Learned**\n\nPost-incident activities:\n1. Restore systems from clean backups\n2. Verify integrity before reconnection\n3. Document timeline and actions\n4. Conduct post-incident review\n5. Update controls and procedures\n\n**Validation:** Post-incident report completed within 5 business days.\n\n---\n\n## Reference Guides\n\n### When to Use Each Reference\n\n**references\u002Fiso27001-controls.md**\n- Control selection for SoA\n- Implementation guidance\n- Evidence requirements\n- Audit preparation\n\n**references\u002Frisk-assessment-guide.md**\n- Risk methodology selection\n- Asset classification criteria\n- Threat modeling approaches\n- Risk calculation methods\n\n**references\u002Fincident-response.md**\n- Response procedures\n- Escalation matrices\n- Communication templates\n- Recovery checklists\n\n---\n\n## Validation Checkpoints\n\n### ISMS Implementation Validation\n\n| Phase | Checkpoint | Evidence Required |\n|-------|------------|-------------------|\n| Scope | Scope approved | Signed scope document |\n| Risk | Register complete | Risk register with owners |\n| Controls | SoA approved | Statement of Applicability |\n| Operation | Metrics active | Dashboard screenshots |\n| Audit | Internal audit done | Audit report |\n\n### Certification Readiness\n\nBefore Stage 1 audit:\n- [ ] ISMS scope documented and approved\n- [ ] Information security policy published\n- [ ] Risk assessment completed\n- [ ] Statement of Applicability finalized\n- [ ] Internal audit conducted\n- [ ] Management review completed\n- [ ] Nonconformities addressed\n\nBefore Stage 2 audit:\n- [ ] Controls implemented and operational\n- [ ] Evidence of effectiveness available\n- [ ] Staff trained and aware\n- [ ] Incidents logged and managed\n- [ ] Metrics collected for 3+ months\n\n### Compliance Verification\n\nRun periodic checks:\n\n```bash\n# Monthly compliance check\npython scripts\u002Fcompliance_checker.py --standard iso27001 --output monthly_$(date +%Y%m).md\n\n# Quarterly gap analysis\npython scripts\u002Fcompliance_checker.py --standard iso27001 --gap-analysis --output quarterly_gaps.md\n```\n\n---\n\n## Worked Example: Healthcare Risk Assessment\n\n**Scenario:** Assess security risks for a patient data management system.\n\n### Step 1: Define Assets\n\n```bash\npython scripts\u002Frisk_assessment.py --scope \"patient-data-system\" --template healthcare\n```\n\n**Asset inventory output:**\n\n| Asset ID | Asset | Type | Owner | Classification |\n|----------|-------|------|-------|----------------|\n| A001 | Patient database | Information | DBA Team | Confidential |\n| A002 | EHR application | Software | App Team | Critical |\n| A003 | Database server | Hardware | Infra Team | High |\n| A004 | Admin credentials | Access | Security | Critical |\n\n### Step 2: Identify Risks\n\n**Risk register output:**\n\n| Risk ID | Asset | Threat | Vulnerability | L | I | Score |\n|---------|-------|--------|---------------|---|---|-------|\n| R001 | A001 | Data breach | Weak encryption | 3 | 5 | 15 |\n| R002 | A002 | SQL injection | Input validation | 4 | 4 | 16 |\n| R003 | A004 | Credential theft | No MFA | 4 | 5 | 20 |\n\n### Step 3: Determine Treatment\n\n| Risk | Treatment | Control | Timeline |\n|------|-----------|---------|----------|\n| R001 | Mitigate | Implement AES-256 encryption | 30 days |\n| R002 | Mitigate | Add input validation, WAF | 14 days |\n| R003 | Mitigate | Enforce MFA for all admins | 7 days |\n\n### Step 4: Verify Implementation\n\n```bash\npython scripts\u002Fcompliance_checker.py --controls-file implemented_controls.csv\n```\n\n**Verification output:**\n\n```\nControl Implementation Status\n=============================\nCryptography (A.8.24): IMPLEMENTED\n  - AES-256 at rest: YES\n  - TLS 1.3 in transit: YES\n\nAccess Control (A.8.5): IMPLEMENTED\n  - MFA enabled: YES\n  - Admin accounts: 100% coverage\n\nApplication Security (A.8.26): PARTIAL\n  - Input validation: YES\n  - WAF deployed: PENDING\n\nOverall Compliance: 87%\n```\n","","imported","https:\u002F\u002Fgithub.com\u002Falirezarezvani\u002Fclaude-skills","user_system_seed","SkillOPIC",true,122,1756,"2026-05-16 14:06:17",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查，提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"代码审查","review","mdi-magnify-scan","代码质量分析、安全审查",4,145,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"756dbe2f-0554-4537-bf4e-19350395766d","1.0.0","information-security-manager-iso27001.zip",24522,"uploads\u002Fskills\u002Fb3470b65-48f5-4b77-b0e6-dfb4089826a0\u002Finformation-security-manager-iso27001.zip","efd3031b9b341c43fa4c37959e5e6e395ec02e99e3fea6af2e5c6f9895e63f5f","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":11648},{\"path\":\"references\u002Fincident-response.md\",\"isDirectory\":false,\"size\":11273},{\"path\":\"references\u002Fiso27001-controls.md\",\"isDirectory\":false,\"size\":9667},{\"path\":\"references\u002Frisk-assessment-guide.md\",\"isDirectory\":false,\"size\":8440},{\"path\":\"scripts\u002Fcompliance_checker.py\",\"isDirectory\":false,\"size\":16201},{\"path\":\"scripts\u002Frisk_assessment.py\",\"isDirectory\":false,\"size\":17356}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]