information-security-strategy
SKILL.md
Information Security Strategy Skill
Purpose
Defines the information security strategy framework for Hack23 projects, integrating risk management with compliance requirements.
Security Strategy Pillars
- Governance — Policies, procedures, roles
- Risk Management — Identify, assess, treat risks
- Compliance — ISO 27001, NIST CSF, CIS Controls
- Operations — Monitoring, incident response
- Assurance — Audits, testing, continuous improvement
Risk Management Process
- Context — Scope, stakeholders, criteria
- Assessment — Identify, analyze, evaluate risks
- Treatment — Accept, mitigate, transfer, avoid
- Monitoring — Continuous risk review
- Communication — Stakeholder reporting
Compliance Framework Integration
| Framework | Focus | Key Controls |
|---|---|---|
| ISO 27001:2022 | ISMS | 93 controls in 4 themes |
| NIST CSF 2.0 | Cybersecurity | Govern, Identify, Protect, Detect, Respond, Recover |
| CIS Controls v8.1 | Implementation | 18 control groups |
| GDPR | Privacy | Data protection, rights |
| NIS2 | Critical infra | Supply chain, incident reporting |
Security Metrics
- Mean Time to Detect (MTTD)
- Mean Time to Respond (MTTR)
- Vulnerability remediation SLA compliance
- Security training completion rate
- Audit finding closure rate
Continuous Improvement
- Regular policy reviews (annual minimum)
- Lessons learned from incidents
- Benchmark against industry standards
- Security awareness program updates
- Technology evolution tracking
Related Policies
Weekly Installs
9
Repository
hack23/riksdagsmonitorGitHub Stars
2
First Seen
12 days ago
Security Audits
Installed on
opencode9
claude-code9
github-copilot9
codex9
amp9
cline9