information-security-manager-iso27001

Verified·Scanned 2/17/2026

The skill provides ISO 27001 ISMS guidance and local tooling for risk assessment, compliance checks, and incident response. It contains explicit instructions to execute local scripts such as python scripts/risk_assessment.py --scope "patient-data-system" --output risk_register.json.

from clawhub.ai·va9e3a5d·72.8 KB·0 installs
Scanned from 1.0.0 at a9e3a5d · Transparency log ↗
$ vett add clawhub.ai/alirezarezvani/information-security-manager-iso27001

Information Security Manager - ISO 27001

Implement and manage Information Security Management Systems (ISMS) aligned with ISO 27001:2022 and healthcare regulatory requirements.

Table of Contents

Trigger Phrases

Use this skill when you hear:

  • "implement ISO 27001"
  • "ISMS implementation"
  • "security risk assessment"
  • "information security policy"
  • "ISO 27001 certification"
  • "security controls implementation"
  • "incident response plan"
  • "healthcare data security"
  • "medical device cybersecurity"
  • "security compliance audit"

Quick Start

Run Security Risk Assessment

python scripts/risk_assessment.py --scope "patient-data-system" --output risk_register.json

Check Compliance Status

python scripts/compliance_checker.py --standard iso27001 --controls-file controls.csv

Generate Gap Analysis Report

python scripts/compliance_checker.py --standard iso27001 --gap-analysis --output gaps.md

Tools

risk_assessment.py

Automated security risk assessment following ISO 27001 Clause 6.1.2 methodology.

Usage:

# Full risk assessment
python scripts/risk_assessment.py --scope "cloud-infrastructure" --output risks.json

# Healthcare-specific assessment
python scripts/risk_assessment.py --scope "ehr-system" --template healthcare --output risks.json

# Quick asset-based assessment
python scripts/risk_assessment.py --assets assets.csv --output risks.json

Parameters:

ParameterRequiredDescription
--scopeYesSystem or area to assess
--templateNoAssessment template: general, healthcare, cloud
--assetsNoCSV file with asset inventory
--outputNoOutput file (default: stdout)
--formatNoOutput format: json, csv, markdown

Output:

  • Asset inventory with classification
  • Threat and vulnerability mapping
  • Risk scores (likelihood × impact)
  • Treatment recommendations
  • Residual risk calculations

compliance_checker.py

Verify ISO 27001/27002 control implementation status.

Usage:

# Check all ISO 27001 controls
python scripts/compliance_checker.py --standard iso27001

# Gap analysis with recommendations
python scripts/compliance_checker.py --standard iso27001 --gap-analysis

# Check specific control domains
python scripts/compliance_checker.py --standard iso27001 --domains "access-control,cryptography"

# Export compliance report
python scripts/compliance_checker.py --standard iso27001 --output compliance_report.md

Parameters:

ParameterRequiredDescription
--standardYesStandard to check: iso27001, iso27002, hipaa
--controls-fileNoCSV with current control status
--gap-analysisNoInclude remediation recommendations
--domainsNoSpecific control domains to check
--outputNoOutput file path

Output:

  • Control implementation status
  • Compliance percentage by domain
  • Gap analysis with priorities
  • Remediation recommendations

Workflows

Workflow 1: ISMS Implementation

Step 1: Define Scope and Context

Document organizational context and ISMS boundaries:

  • Identify interested parties and requirements
  • Define ISMS scope and boundaries
  • Document internal/external issues

Validation: Scope statement reviewed and approved by management.

Step 2: Conduct Risk Assessment

python scripts/risk_assessment.py --scope "full-organization" --template general --output initial_risks.json
  • Identify information assets
  • Assess threats and vulnerabilities
  • Calculate risk levels
  • Determine risk treatment options

Validation: Risk register contains all critical assets with assigned owners.

Step 3: Select and Implement Controls

Map risks to ISO 27002 controls:

python scripts/compliance_checker.py --standard iso27002 --gap-analysis --output control_gaps.md

Control categories:

  • Organizational (policies, roles, responsibilities)
  • People (screening, awareness, training)
  • Physical (perimeters, equipment, media)
  • Technological (access, crypto, network, application)

Validation: Statement of Applicability (SoA) documents all controls with justification.

Step 4: Establish Monitoring

Define security metrics:

  • Incident count and severity trends
  • Control effectiveness scores
  • Training completion rates
  • Audit findings closure rate

Validation: Dashboard shows real-time compliance status.

Workflow 2: Security Risk Assessment

Step 1: Asset Identification

Create asset inventory:

Asset TypeExamplesClassification
InformationPatient records, source codeConfidential
SoftwareEHR system, APIsCritical
HardwareServers, medical devicesHigh
ServicesCloud hosting, backupHigh
PeopleAdmin accounts, developersVaries

Validation: All assets have assigned owners and classifications.

Step 2: Threat Analysis

Identify threats per asset category:

AssetThreatsLikelihood
Patient dataUnauthorized access, breachHigh
Medical devicesMalware, tamperingMedium
Cloud servicesMisconfiguration, outageMedium
CredentialsPhishing, brute forceHigh

Validation: Threat model covers top-10 industry threats.

Step 3: Vulnerability Assessment

python scripts/risk_assessment.py --scope "network-infrastructure" --output vuln_risks.json

Document vulnerabilities:

  • Technical (unpatched systems, weak configs)
  • Process (missing procedures, gaps)
  • People (lack of training, insider risk)

Validation: Vulnerability scan results mapped to risk register.

Step 4: Risk Evaluation and Treatment

Calculate risk: Risk = Likelihood × Impact

Risk LevelScoreTreatment
Critical20-25Immediate action required
High15-19Treatment plan within 30 days
Medium10-14Treatment plan within 90 days
Low5-9Accept or monitor
Minimal1-4Accept

Validation: All high/critical risks have approved treatment plans.

Workflow 3: Incident Response

Step 1: Detection and Reporting

Incident categories:

  • Security breach (unauthorized access)
  • Malware infection
  • Data leakage
  • System compromise
  • Policy violation

Validation: Incident logged within 15 minutes of detection.

Step 2: Triage and Classification

SeverityCriteriaResponse Time
CriticalData breach, system downImmediate
HighActive threat, significant risk1 hour
MediumContained threat, limited impact4 hours
LowMinor violation, no impact24 hours

Validation: Severity assigned and escalation triggered if needed.

Step 3: Containment and Eradication

Immediate actions:

  1. Isolate affected systems
  2. Preserve evidence
  3. Block threat vectors
  4. Remove malicious artifacts

Validation: Containment confirmed, no ongoing compromise.

Step 4: Recovery and Lessons Learned

Post-incident activities:

  1. Restore systems from clean backups
  2. Verify integrity before reconnection
  3. Document timeline and actions
  4. Conduct post-incident review
  5. Update controls and procedures

Validation: Post-incident report completed within 5 business days.

Reference Guides

When to Use Each Reference

references/iso27001-controls.md

  • Control selection for SoA
  • Implementation guidance
  • Evidence requirements
  • Audit preparation

references/risk-assessment-guide.md

  • Risk methodology selection
  • Asset classification criteria
  • Threat modeling approaches
  • Risk calculation methods

references/incident-response.md

  • Response procedures
  • Escalation matrices
  • Communication templates
  • Recovery checklists

Validation Checkpoints

ISMS Implementation Validation

PhaseCheckpointEvidence Required
ScopeScope approvedSigned scope document
RiskRegister completeRisk register with owners
ControlsSoA approvedStatement of Applicability
OperationMetrics activeDashboard screenshots
AuditInternal audit doneAudit report

Certification Readiness

Before Stage 1 audit:

  • ISMS scope documented and approved
  • Information security policy published
  • Risk assessment completed
  • Statement of Applicability finalized
  • Internal audit conducted
  • Management review completed
  • Nonconformities addressed

Before Stage 2 audit:

  • Controls implemented and operational
  • Evidence of effectiveness available
  • Staff trained and aware
  • Incidents logged and managed
  • Metrics collected for 3+ months

Compliance Verification

Run periodic checks:

# Monthly compliance check
python scripts/compliance_checker.py --standard iso27001 --output monthly_$(date +%Y%m).md

# Quarterly gap analysis
python scripts/compliance_checker.py --standard iso27001 --gap-analysis --output quarterly_gaps.md

Worked Example: Healthcare Risk Assessment

Scenario: Assess security risks for a patient data management system.

Step 1: Define Assets

python scripts/risk_assessment.py --scope "patient-data-system" --template healthcare

Asset inventory output:

Asset IDAssetTypeOwnerClassification
A001Patient databaseInformationDBA TeamConfidential
A002EHR applicationSoftwareApp TeamCritical
A003Database serverHardwareInfra TeamHigh
A004Admin credentialsAccessSecurityCritical

Step 2: Identify Risks

Risk register output:

Risk IDAssetThreatVulnerabilityLIScore
R001A001Data breachWeak encryption3515
R002A002SQL injectionInput validation4416
R003A004Credential theftNo MFA4520

Step 3: Determine Treatment

RiskTreatmentControlTimeline
R001MitigateImplement AES-256 encryption30 days
R002MitigateAdd input validation, WAF14 days
R003MitigateEnforce MFA for all admins7 days

Step 4: Verify Implementation

python scripts/compliance_checker.py --controls-file implemented_controls.csv

Verification output:

Control Implementation Status
=============================
Cryptography (A.8.24): IMPLEMENTED
  - AES-256 at rest: YES
  - TLS 1.3 in transit: YES

Access Control (A.8.5): IMPLEMENTED
  - MFA enabled: YES
  - Admin accounts: 100% coverage

Application Security (A.8.26): PARTIAL
  - Input validation: YES
  - WAF deployed: PENDING

Overall Compliance: 87%