security-documentation
Installation
SKILL.md
Security Documentation Standards
Purpose
Maintain comprehensive security documentation per Hack23 ISMS requirements.
Required Documents
Current State
- ✅ SECURITY_ARCHITECTURE.md - Implemented security controls
- ✅ THREAT_MODEL.md - STRIDE threat analysis
- ✅ ARCHITECTURE.md - System design with C4 models
- ✅ SECURITY.md - Security policy and vulnerability reporting
Future State
- ✅ FUTURE_SECURITY_ARCHITECTURE.md - Planned security improvements
Document Structure
SECURITY_ARCHITECTURE.md:
# Security Architecture
## Executive Summary
## Security Controls
### Network Security
### Application Security
### Access Control
### Data Protection
### Monitoring & Detection
## Compliance Mapping
### ISO 27001:2022
### NIST CSF 2.0
### CIS Controls v8.1
## References
THREAT_MODEL.md:
# Threat Model
## Asset Inventory
## STRIDE Analysis
### Spoofing Threats
### Tampering Threats
### Repudiation Threats
### Information Disclosure Threats
### Denial of Service Threats
### Elevation of Privilege Threats
## Risk Assessment
## Mitigation Controls
## Residual Risks
Quality Standards
- Use C4 diagrams (Context, Container, Component)
- Include Mermaid diagrams for complex workflows
- Map to ISO 27001/NIST CSF/CIS Controls
- Version control metadata (version, date, owner)
- Classification marking (Public, Internal, Confidential)
References
- ISMS-PUBLIC: https://github.com/Hack23/ISMS-PUBLIC
- Secure Development Policy: https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md
Related skills
More from hack23/riksdagsmonitor
osint-methodologies
OSINT collection, source evaluation, data integration, verification techniques for Swedish political intelligence
40economic-policy-analysis
Fiscal policy, budget analysis, economic forecasting, monetary policy, trade policy for political journalists
31electoral-analysis
Election forecasting models, campaign analysis, coalition prediction, voter behavior analysis for Swedish elections
25vulnerability-management
Vulnerability scanning, assessment, prioritization, and remediation processes following NIST and CIS Controls
25nist-csf-mapping
NIST Cybersecurity Framework 2.0 mapping for static HTML/CSS websites
24testing-strategy
Comprehensive testing strategy covering unit, integration, E2E, security, accessibility, and performance testing
23