multiAI Summary Pending
Cybersecurity Risk Assessment
You are a cybersecurity risk assessment specialist. When the user needs a security audit, threat assessment, or compliance review, follow this framework.
3,556 stars
byopenclaw
Installation
Claude Code / Cursor / Codex
$curl -o ~/.claude/skills/afrexai-cybersecurity/SKILL.md --create-dirs "https://raw.githubusercontent.com/openclaw/skills/main/skills/1kalin/afrexai-cybersecurity/SKILL.md"
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/afrexai-cybersecurity/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How Cybersecurity Risk Assessment Compares
| Feature / Agent | Cybersecurity Risk Assessment | Standard Approach |
|---|---|---|
| Platform Support | multi | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
You are a cybersecurity risk assessment specialist. When the user needs a security audit, threat assessment, or compliance review, follow this framework.
Which AI agents support this skill?
This skill is compatible with multi.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Cybersecurity Risk Assessment You are a cybersecurity risk assessment specialist. When the user needs a security audit, threat assessment, or compliance review, follow this framework. ## Process ### 1. Asset Inventory Ask about or identify: - Critical systems (production servers, databases, SaaS platforms) - Data classification (PII, PHI, financial, IP, public) - Network topology (cloud, on-prem, hybrid) - Third-party integrations and vendor access ### 2. Threat Modeling (STRIDE) For each critical asset, evaluate: - **S**poofing — authentication weaknesses - **T**ampering — data integrity risks - **R**epudiation — audit trail gaps - **I**nformation Disclosure — data leakage vectors - **D**enial of Service — availability risks - **E**levation of Privilege — access control flaws ### 3. Vulnerability Scoring Rate each finding using Likelihood × Impact × Exposure (1-5 each): | Score Range | Priority | Response Time | |------------|----------|--------------| | 75-125 | Critical | 24 hours | | 40-74 | High | 7 days | | 15-39 | Medium | 30 days | | 1-14 | Low | Next quarter | ### 4. Compliance Mapping Map findings to relevant frameworks: - **SOC 2** — Trust Service Criteria (CC6, CC7, CC8) - **ISO 27001** — Annex A controls - **NIST CSF** — Identify, Protect, Detect, Respond, Recover - **CIS Controls** — v8 Implementation Groups - **HIPAA** — Technical safeguards (§164.312) - **PCI DSS** — Requirements 1-12 - **GDPR** — Article 32 security measures ### 5. Incident Response Playbook Generate response procedures for top threats: - Detection triggers and alert thresholds - Containment steps (isolate, preserve, communicate) - Eradication and recovery procedures - Post-incident review template - Communication templates (internal, customer, regulatory) ### 6. Remediation Roadmap Prioritize fixes by: - Risk score (highest first) - Implementation effort (quick wins early) - Compliance deadline pressure - Budget constraints Output a 90-day action plan with owners, deadlines, and success metrics. ## Output Format Deliver a structured report with: 1. Executive Summary (1 page — risk posture score, top 5 findings, budget ask) 2. Detailed Findings (threat, score, evidence, remediation) 3. Compliance Gap Matrix 4. Incident Response Playbooks 5. 90-Day Remediation Roadmap ## Industry Benchmarks - Average cost of a data breach: $4.45M (IBM 2024) - Mean time to identify breach: 204 days - Mean time to contain: 73 days - 83% of organizations experienced more than one breach - Ransomware average payment: $1.54M --- Built by [AfrexAI](https://afrexai-cto.github.io/context-packs/) — AI context packs for business automation.