# Skills tagged "Security" 21 skills with this tag. URL: https://rakenne.app/skill-tags/security/index.md - [DPC GDPR Data Security](https://rakenne.app/skills/dpc-gdpr-data-security/index.md) — Data security (Art. 32) for DPC self-assessment: risk assessment, technical and organisational measures, encryption, recovery, and secure destruction. - [HIPAA Security Risk Assessment (SRA)](https://rakenne.app/skills/hipaa-security-risk-assessment/index.md) — Draft and validate the Security Risk Assessment required by the HIPAA Security Rule (45 CFR §164.308(a)(1)). Defines scope and ePHI boundaries, inventories assets and Business Associate relationships, … - [Incident Decision Tree Builder](https://rakenne.app/skills/incident-decision-tree-builder/index.md) — Draft scenario-specific incident response playbooks (NIST CSF RS.RP) with a clear Decision Matrix for isolate vs. monitor and logic gates for Containment, Eradication, and Recovery. Inserts or … - [Incident Response Playbook](https://rakenne.app/skills/incident-response-playbook/index.md) — Draft step-by-step security playbooks for any cyber attack type. Tailored to your organisation, tech stack, and threat landscape. Produces detection criteria, containment, eradication, recovery, … - [Information Security Policy (ISO 27001)](https://rakenne.app/skills/information-security-policy/index.md) — Draft and validate an Information Security Policy aligned with ISO 27001:2022. Builds a complete Statement of Applicability covering all 93 Annex A controls, validates enforceability of policy … - [ISO 20000 Information Security Management](https://rakenne.app/skills/iso20000-information-security/index.md) — Establish information security management for the SMS per ISO/IEC 20000-1:2011 Clause 6.6. Defines the information security policy, identifies security controls mapped to services, establishes … - [MFA Exception Rationalizer (CISA CPG 1.1)](https://rakenne.app/skills/mfa-exception-rationalizer/index.md) — Document the transition to phishing-resistant MFA and draft MFA-exception rationales for Critical Infrastructure. Identifies legacy systems that cannot support MFA, proposes compensating controls … - [Mobile Device & Teleworking Policy (ISO 27001)](https://rakenne.app/skills/remote-work-risk-drafter/index.md) — Draft and validate a Mobile Device & Teleworking Policy for ISO 27001:2022 (A.5.17, A.6.7, A.8.1). Covers BYOD, VPN, disk encryption, remote wipe consent, endpoint leakage risk, and compliance with … - [NIST Password Logic Adapter (CISA CPG 1.2)](https://rakenne.app/skills/nist-password-logic-adapter/index.md) — Rewrite legacy password policies to prioritize length and entropy over complexity and aging, and draft the Compromised Password Detection Protocol. Aligns with NIST SP 800-63B and CISA CPG 1.2; … - [OT Asset Integrity Register (CISA CPG 2.1)](https://rakenne.app/skills/ics-firmware-monitor/index.md) — Maintain and validate an OT Asset Integrity Register for CISA CPG 2.1: catalog ICS, PLCs, HMIs, and sensors with firmware versions and physical locations; link assets to CISA KEV and vendor advisories … - [SOC 2 Audit Readiness Planner](https://rakenne.app/skills/soc2-audit-readiness-planner/index.md) — Guided journey dashboard across all SOC 2 skills. Detects which skills have produced their expected outputs, shows progress across 4 phases (Foundation, Assessment, Documentation, Validation), and … - [SOC 2 Internal Audit](https://rakenne.app/skills/soc2-internal-audit/index.md) — Conduct an internal readiness audit for SOC 2 certification. Tests controls per TSC criteria, classifies findings by AICPA severity (Material Weakness, Significant Deficiency, Deficiency, … - [SOC 2 Monitoring & Testing](https://rakenne.app/skills/soc2-monitoring-testing/index.md) — Build an ongoing monitoring and testing program for SOC 2 audit readiness. Creates a control testing plan with method, frequency, and tester assignments; an evidence collection matrix mapping controls … - [SOC 2 Organization Profile](https://rakenne.app/skills/soc2-organization-profile/index.md) — Build and validate the organizational context profile for SOC 2 audit readiness. Captures principal service commitments, system requirements (SCSR), trust services categories, system boundaries, … - [SOC 2 Policy Generator](https://rakenne.app/skills/soc2-policy-generator/index.md) — Generate Trust Services Criteria-aligned policy documents for SOC 2 audit readiness. Produces 8 core policies (Information Security, Access Control, Change Management, Incident Response, Risk … - [SOC 2 Policy Review](https://rakenne.app/skills/soc2-policy-review/index.md) — Interactive statement-by-statement review of SOC 2 policy documents. Walks through each policy statement with approve, reject, or AI rewrite options. Produces a timestamped audit trail that satisfies … - [SOC 2 Readiness Gap Analysis](https://rakenne.app/skills/soc2-readiness-gap-analysis/index.md) — Map internal controls against AICPA Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy). Identifies unmapped criteria, validates evidence artifacts and … - [SOC 2 Risk Assessment](https://rakenne.app/skills/soc2-risk-assessment/index.md) — Conduct a structured risk assessment aligned to AICPA Trust Services Criteria. Identifies risks per TSC category using a 5x5 likelihood-impact matrix, maps risks to specific TSC criteria … - [SOC 2 System Description & Management Assertion](https://rakenne.app/skills/soc2-system-description/index.md) — Draft the SOC 2 system description narrative (Section III) and management assertion letter per AICPA Trust Services Criteria (TSP Section 100) and DC Section 200 description criteria. Covers system … - [SOC 2 Vendor Management](https://rakenne.app/skills/soc2-vendor-management/index.md) — Establish third-party and subservice organization oversight for SOC 2 audit readiness. Risk-tiered assessment framework with vendor register, SOC report review validation, CSOCs validation, and tiered … - [Third-Party Risk Assessment (TPRA)](https://rakenne.app/skills/third-party-risk-assessment/index.md) — Assess vendor security posture by validating SIG questionnaire responses against evidence and auditing SOC 2 reports for coverage gaps. Produces structured TPRA reports aligned with NIST SP 800-161 … --- Back to [All Tags](https://rakenne.app/skill-tags/) | [Skill Library](https://rakenne.app/skills/)