Cybersecurity
Skill packages tagged with “Cybersecurity”
CIS Controls Implementation Author
Guided elaboration of CIS Controls v8 implementation plan — safeguard selection, IG1/IG2/IG3 alignment, and mapping to existing policies or controls.
Cybersecurity Incident Response Plan (Sector & State-Specific)
Draft a cybersecurity Incident Response Plan aligned with NIST SP 800-61r3, tailored to industry sector (HIPAA, GLBA, PCI DSS, FERPA, NERC CIP) and state breach notification laws. Includes detection playbooks, escalation procedures, and state-by-state notification timeline matrix.
HITRUST CSF Assessment
Draft HITRUST CSF Validated Assessment deliverables for e1, i1, or r2 certification: control requirement responses at all maturity levels, evidence artifacts, Corrective Action Plans, and the Validated Assessment Report.
Incident Response Playbook
Draft step-by-step security playbooks for any cyber attack type. Tailored to your organisation, tech stack, and threat landscape. Produces detection criteria, containment, eradication, recovery, post-incident review, and a quick-reference card with MITRE ATT&CK mapping and role assignments.
IT-Security for Critical Infrastructure (KRITIS)
Erstellt Sicherheitskonzepte fuer Betreiber Kritischer Infrastrukturen (KRITIS) gemaess BSI IT-Grundschutz und IT-Sicherheitsgesetz 2.0. Mappt Assets auf Grundschutz-Bausteine, prueft KRITIS-Schwellenwerte und validiert die Compliance.
NIS2 Entity Classification
Classify an organization as essential, important, or out-of-scope under the NIS2 Directive (EU 2022/2555). Maps activities to Annex I/II sectors, applies size thresholds (medium/large enterprise criteria), and determines member state jurisdiction. Produces a classification report with regulatory obligations summary.
NIS2 Gap Assessment
Perform a structured gap assessment against all NIS2 Directive Art. 21 cybersecurity risk-management measures. Rates maturity (0-5) per measure, detects missing compliance artifacts, and builds a prioritized remediation roadmap weighted by regulatory severity and entity classification. Produces a comprehensive gap report with interactive dashboard data.
NIS2 Governance & Risk Management
Document management body accountability and cybersecurity risk management measures per NIS2 Directive Art. 20-21. Covers all 11 mandatory measures (a)-(k), governance approval workflows, and management training obligations. Produces a governance and risk management report with measure-by-measure coverage analysis.
NIS2 Incident Reporting
Draft NIS2-compliant incident reports following Art. 23 timelines: early warning within 24 hours, incident notification within 72 hours, and final report within one month. Classifies incident significance, validates report completeness, and tracks notification deadlines. Produces all three report types with CSIRT/competent authority notification content.
NIS2 Policies & Procedures
Draft and validate cybersecurity policies and procedures for all 11 NIS2 Art. 21(2) mandatory measures. Validates policy coverage, cross-references between related measures, and checks policy structure against organizational standards. Produces individual policy documents or a consolidated policy pack.
NIS2 Supply Chain Security
Assess and manage supply chain cybersecurity risks per NIS2 Art. 21(2)(d). Scores supplier criticality and cybersecurity maturity, validates contractual security clauses, and identifies concentration risks in the ICT supply chain. Produces a supplier risk register and contractual review report.
NIST CSF Profile Author
Guided elaboration of a NIST Cybersecurity Framework (CSF) assessment: current profile (Identify, Protect, Detect, Respond, Recover, Govern), target profile, gap analysis, and prioritized implementation plan with outcomes and metrics.
NIST SP 800-53 / CSF Crosswalk
Bidirectional crosswalk between NIST Cybersecurity Framework (CSF) 2.0 subcategories and SP 800-53 Rev 5 controls. Maps CSF subcategories to 800-53 controls and vice versa, identifies gaps in either direction, and produces a crosswalk document for dual-framework compliance.
PCI DSS Report on Compliance (ROC)
Author PCI DSS v4.0 ROC documentation for Level 1 QSA assessments: scope workpapers, requirement-by-requirement findings, Compensating Controls Worksheets (CCWs), Customized Approach Worksheets (CAWs), and the Attestation of Compliance (AOC).
PCI-DSS SAQ & Scope Author
Guided elaboration of PCI-DSS scope documentation and SAQ support: cardholder data environment (CDE), network segmentation narrative, and control evidence mapping to SAQ requirements.
SBOM Vulnerability Mapper
Generate and validate a Software Bill of Materials (SBOM) and draft CRA-compliant technical documentation for connected products in the EU market. Checks software components against the NIST NVD for known critical vulnerabilities. Covers product classification, Annex I essential cybersecurity requirements, vulnerability handling, conformity assessment, and ENISA reporting readiness.
SEC 10-K — MD&A and Financial Statement Notes Drafter
Draft and validate the Management Discussion & Analysis (MD&A) section and key financial statement footnotes of the SEC Form 10-K annual report. Ensures compliance with Regulation S-K Items 303 (2021 amended structure), 305, 105, and 106 (cybersecurity, effective December 15, 2023), Reg G/Item 10(e) non-GAAP measure rules, SEC interpretive guidance, and PCAOB expectations for critical accounting estimates. Covers all required US GAAP footnote topics including EPS (ASC 260), subsequent events (ASC 855), and related parties (ASC 850).
SecNumCloud — Dossier d'Homologation
Draft the Dossier d'Homologation for ANSSI SecNumCloud certification. Map infrastructure to the Référentiel, validate EEA data sovereignty for sub-processors, and structure evidence for France's public-sector cloud qualification.
SOC 2 Control Narrative Author
Guided elaboration of SOC 2 readiness documentation: control narratives aligned to AICPA Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy), control-objective mapping, and evidence placeholders for Type I/II audit.
Threat Impact Narrative Builder
Build and validate cybersecurity risk registers and impact narratives aligned to NIST CSF 2.0 ID.RA. Uses FAIR methodology for impact scenarios and enforces consistency between risk scores and Historical Incident Data.