Cybersecurity
Skill packages tagged with “Cybersecurity”
CIS Controls Implementation Author
Guided elaboration of CIS Controls v8 implementation plan — safeguard selection, IG1/IG2/IG3 alignment, and mapping to existing policies or controls.
HITRUST CSF Assessment
Draft HITRUST CSF Validated Assessment deliverables for e1, i1, or r2 certification: control requirement responses at all maturity levels, evidence artifacts, Corrective Action Plans, and the Validated Assessment Report.
Incident Response Playbook
Draft step-by-step security playbooks for any cyber attack type. Tailored to your organisation, tech stack, and threat landscape. Produces detection criteria, containment, eradication, recovery, post-incident review, and a quick-reference card with MITRE ATT&CK mapping and role assignments.
IT-Security for Critical Infrastructure (KRITIS)
Erstellt Sicherheitskonzepte fuer Betreiber Kritischer Infrastrukturen (KRITIS) gemaess BSI IT-Grundschutz und IT-Sicherheitsgesetz 2.0. Mappt Assets auf Grundschutz-Bausteine, prueft KRITIS-Schwellenwerte und validiert die Compliance.
NIST CSF Profile Author
Guided elaboration of a NIST Cybersecurity Framework (CSF) assessment: current profile (Identify, Protect, Detect, Respond, Recover, Govern), target profile, gap analysis, and prioritized implementation plan with outcomes and metrics.
PCI DSS Report on Compliance (ROC)
Author PCI DSS v4.0 ROC documentation for Level 1 QSA assessments: scope workpapers, requirement-by-requirement findings, Compensating Controls Worksheets (CCWs), Customized Approach Worksheets (CAWs), and the Attestation of Compliance (AOC).
PCI-DSS SAQ & Scope Author
Guided elaboration of PCI-DSS scope documentation and SAQ support: cardholder data environment (CDE), network segmentation narrative, and control evidence mapping to SAQ requirements.
SBOM Vulnerability Mapper
Generate and validate a Software Bill of Materials (SBOM) and draft CRA-compliant technical documentation for connected products in the EU market. Checks software components against the NIST NVD for known critical vulnerabilities. Covers product classification, Annex I essential cybersecurity requirements, vulnerability handling, conformity assessment, and ENISA reporting readiness.
SecNumCloud — Dossier d'Homologation
Draft the Dossier d'Homologation for ANSSI SecNumCloud certification. Map infrastructure to the Référentiel, validate EEA data sovereignty for sub-processors, and structure evidence for France's public-sector cloud qualification.
SOC 2 Control Narrative Author
Guided elaboration of SOC 2 readiness documentation: control narratives aligned to AICPA Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy), control-objective mapping, and evidence placeholders for Type I/II audit.
Threat Impact Narrative Builder
Build and validate cybersecurity risk registers and impact narratives aligned to NIST CSF 2.0 ID.RA. Uses FAIR methodology for impact scenarios and enforces consistency between risk scores and Historical Incident Data.