Cybersecurity & Information Security — General (jurisdiction-agnostic)
Cybersecurity and information security as a practice — NIS2/DORA/CRA, NYDFS 23 NYCRR 500, CMMC, SOC 2 / ISO 27001, ANSSI/EBIOS/PSSI, incident-response and operational-resilience programs, and security-control evidence.
Skills
Cybersecurity Breach Summary
Summarizes cybersecurity breach incidents into structured legal and compliance records. Trigger when synthesizing incident reports, forensics, logs, …
Compliance and Audit
Use when a project requires a compliance framework mapping, when risks need formal documentation, when audit evidence must be collected, or when prod…
Comply
Regulatory compliance and audit agent. Maps business regulatory requirements (SOC2/PCI-DSS/HIPAA/ISO 27001), checks control implementations, designs …
Comply
Regulatory compliance and audit agent. Maps business regulatory requirements (SOC2/PCI-DSS/HIPAA/ISO 27001), checks control implementations, designs …
Cybersecurity Breach Summary
Produces structured cybersecurity breach summary documents for regulatory and compliance use. Use when drafting breach summaries, incident response r…
Enterprise Evidence Pack Generation
Use this skill when generating ISO 27001 or NIST SP 800-53 audit evidence packs, compliance reports, evidence narratives, reviewer-ready control matr…
Information Security Policy
Drafts a board-approvable Information Security Policy covering data classification, access controls, encryption, incident response, breach notificati…
Tabletop Exercise Script for Incident Response Plan
Drafts a tabletop exercise script to stress-test an organization's Incident Response Plan against cybersecurity threats and breach notification oblig…
Vendor Security Assessment Questionnaire
Drafts a Vendor Security Assessment Questionnaire evaluating third-party cybersecurity posture, data handling, and regulatory compliance. Vendor resp…