CISO Advisor
技能 已验证 活跃Security leadership for growth-stage companies. Risk quantification in dollars, compliance roadmap (SOC 2/ISO 27001/HIPAA/GDPR), security architecture strategy, incident response leadership, and board-level security reporting. Use when building security programs, justifying security budget, selecting compliance frameworks, managing incidents, assessing vendor risk, or when user mentions CISO, security strategy, compliance roadmap, zero trust, or board security reporting.
To equip CISOs and security leaders with strategic frameworks and actionable guidance for building robust security programs, quantifying risks, and enabling business growth through effective security posture.
功能
- Risk quantification in dollars (ALE)
- Compliance roadmap planning (SOC 2, ISO 27001, HIPAA, GDPR)
- Security architecture strategy guidance
- Incident response leadership and playbook design
- Board-level security reporting frameworks
- Vendor security assessment tiering
使用场景
- Building a security program from scratch
- Justifying security budget with risk-based arguments
- Selecting and sequencing compliance frameworks
- Developing incident response procedures
- Assessing vendor security posture
- Preparing board materials on security
非目标
- Providing detailed technical implementation steps for security controls
- Performing automated security scans or audits
- Replacing a dedicated CISO or security team
- Directly managing security incidents or infrastructure
实践
- Risk-based security
- Zero Trust architecture
- Defense in Depth
- Security program maturity
- Board reporting
安装
请先添加 Marketplace
/plugin marketplace add alirezarezvani/claude-skills/plugin install c-level-advisor@claude-code-skills质量评分
已验证类似扩展
CAIO Review
100/cs:caio-review <plan> — Eval-demanding Chief AI Officer interrogation of any plan that involves AI: model selection, risk classification, cost economics, or AI hiring.
Context Mode Ops
100使用并行子代理军队管理 context-mode GitHub 问题、PR、发布和营销。为每个任务编排 10-20 个动态代理。在分类问题、审查 PR、发布版本、撰写 LinkedIn 帖子、宣布发布、修复错误、合并贡献、验证 ENV 变量、测试适配器或同步分支时使用。
Qms Audit Expert
100ISO 13485 internal audit expertise for medical device QMS. Covers audit planning, execution, nonconformity classification, and CAPA verification. Use for internal audit planning, audit execution, finding classification, external audit preparation, or audit program management.
CISO Review
98/cs:ciso-review <plan> — Risk-paranoid interrogation of any plan that touches data, compliance, or production access.
Prepare Inspection Readiness
100Prepare an organisation for regulatory inspection by assessing readiness against agency-specific focus areas (FDA, EMA, MHRA). Covers warning letter and 483 theme analysis, mock inspection protocols, document bundle preparation, inspection logistics, and response template creation. Use when a regulatory inspection has been announced or is anticipated, when a periodic self-assessment is due, when new systems have been implemented since the last inspection, or after a significant audit finding that may attract regulatory attention.
Monitor Data Integrity
100Design and operate a data integrity monitoring programme based on ALCOA+ principles. Covers detective controls, audit trail review schedules, anomaly detection patterns (off-hours activity, sequential modifications, bulk changes), metrics dashboards, investigation triggers, and escalation matrix definition. Use when establishing a data integrity monitoring programme for GxP systems, preparing for inspections where data integrity is a focus area, after a data integrity incident requiring enhanced monitoring, or when implementing MHRA, WHO, or PIC/S guidance.