Tencent SkillHub · Other

Information Security Manager Iso27001

ISO 27001 ISMS implementation and cybersecurity governance for HealthTech and MedTech companies. Use for ISMS design, security risk assessment, control implementation, ISO 27001 certification, security audits, incident response, and compliance verification. Covers ISO 27001, ISO 27002, healthcare security, and medical device cybersecurity.

skill openclawclawhub Free

0 Downloads

0 Stars

0 Installs

0 Score

High Signal

⬇ 0 downloads ★ 0 stars Unverified but indexed

Install for OpenClaw

Quick setup

Download the package from Yavira.
Extract the archive and review SKILL.md first.
Import or place the package into your OpenClaw setup.

Requirements

Target platform: OpenClaw
Install method: Manual import
Extraction: Extract archive
Prerequisites: OpenClaw
Primary doc: SKILL.md

Package facts

Download mode: Yavira redirect
Package format: ZIP package
Source platform: Tencent SkillHub
What's included: SKILL.md, references/incident-response.md, references/iso27001-controls.md, references/risk-assessment-guide.md, scripts/compliance_checker.py, scripts/risk_assessment.py

Validation

Use the Yavira download entry.
Review SKILL.md after the package is downloaded.
Confirm the extracted package contains the expected setup assets.

Install with your agent

Agent handoff

Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.

Download the package from Yavira.
Extract it into a folder your agent can access.
Paste one of the prompts below and point your agent at the extracted folder.

New install

I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.

Upgrade existing

I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.

Open Send to Agent page Open JSON manifest Open Markdown brief

Trust & source

Release facts

Source: Tencent SkillHub
Verification: Indexed source record
Version: 2.1.1

Provenance

Publisher: alirezarezvani
Source page: View original listing
Canonical URL: Open canonical page

Documentation

ClawHub primary doc Primary doc: SKILL.md 20 sections Open source page

Information Security Manager - ISO 27001

Implement and manage Information Security Management Systems (ISMS) aligned with ISO 27001:2022 and healthcare regulatory requirements.

Trigger Phrases Quick Start Tools Workflows Reference Guides Validation Checkpoints

Trigger Phrases

Use this skill when you hear: "implement ISO 27001" "ISMS implementation" "security risk assessment" "information security policy" "ISO 27001 certification" "security controls implementation" "incident response plan" "healthcare data security" "medical device cybersecurity" "security compliance audit"

Run Security Risk Assessment

python scripts/risk_assessment.py --scope "patient-data-system" --output risk_register.json

Check Compliance Status

python scripts/compliance_checker.py --standard iso27001 --controls-file controls.csv

Generate Gap Analysis Report

python scripts/compliance_checker.py --standard iso27001 --gap-analysis --output gaps.md

risk_assessment.py

Automated security risk assessment following ISO 27001 Clause 6.1.2 methodology. Usage: # Full risk assessment python scripts/risk_assessment.py --scope "cloud-infrastructure" --output risks.json # Healthcare-specific assessment python scripts/risk_assessment.py --scope "ehr-system" --template healthcare --output risks.json # Quick asset-based assessment python scripts/risk_assessment.py --assets assets.csv --output risks.json Parameters: ParameterRequiredDescription--scopeYesSystem or area to assess--templateNoAssessment template: general, healthcare, cloud--assetsNoCSV file with asset inventory--outputNoOutput file (default: stdout)--formatNoOutput format: json, csv, markdown Output: Asset inventory with classification Threat and vulnerability mapping Risk scores (likelihood × impact) Treatment recommendations Residual risk calculations

compliance_checker.py

Verify ISO 27001/27002 control implementation status. Usage: # Check all ISO 27001 controls python scripts/compliance_checker.py --standard iso27001 # Gap analysis with recommendations python scripts/compliance_checker.py --standard iso27001 --gap-analysis # Check specific control domains python scripts/compliance_checker.py --standard iso27001 --domains "access-control,cryptography" # Export compliance report python scripts/compliance_checker.py --standard iso27001 --output compliance_report.md Parameters: ParameterRequiredDescription--standardYesStandard to check: iso27001, iso27002, hipaa--controls-fileNoCSV with current control status--gap-analysisNoInclude remediation recommendations--domainsNoSpecific control domains to check--outputNoOutput file path Output: Control implementation status Compliance percentage by domain Gap analysis with priorities Remediation recommendations

Workflow 1: ISMS Implementation

Step 1: Define Scope and Context Document organizational context and ISMS boundaries: Identify interested parties and requirements Define ISMS scope and boundaries Document internal/external issues Validation: Scope statement reviewed and approved by management. Step 2: Conduct Risk Assessment python scripts/risk_assessment.py --scope "full-organization" --template general --output initial_risks.json Identify information assets Assess threats and vulnerabilities Calculate risk levels Determine risk treatment options Validation: Risk register contains all critical assets with assigned owners. Step 3: Select and Implement Controls Map risks to ISO 27002 controls: python scripts/compliance_checker.py --standard iso27002 --gap-analysis --output control_gaps.md Control categories: Organizational (policies, roles, responsibilities) People (screening, awareness, training) Physical (perimeters, equipment, media) Technological (access, crypto, network, application) Validation: Statement of Applicability (SoA) documents all controls with justification. Step 4: Establish Monitoring Define security metrics: Incident count and severity trends Control effectiveness scores Training completion rates Audit findings closure rate Validation: Dashboard shows real-time compliance status.

Workflow 2: Security Risk Assessment

Step 1: Asset Identification Create asset inventory: Asset TypeExamplesClassificationInformationPatient records, source codeConfidentialSoftwareEHR system, APIsCriticalHardwareServers, medical devicesHighServicesCloud hosting, backupHighPeopleAdmin accounts, developersVaries Validation: All assets have assigned owners and classifications. Step 2: Threat Analysis Identify threats per asset category: AssetThreatsLikelihoodPatient dataUnauthorized access, breachHighMedical devicesMalware, tamperingMediumCloud servicesMisconfiguration, outageMediumCredentialsPhishing, brute forceHigh Validation: Threat model covers top-10 industry threats. Step 3: Vulnerability Assessment python scripts/risk_assessment.py --scope "network-infrastructure" --output vuln_risks.json Document vulnerabilities: Technical (unpatched systems, weak configs) Process (missing procedures, gaps) People (lack of training, insider risk) Validation: Vulnerability scan results mapped to risk register. Step 4: Risk Evaluation and Treatment Calculate risk: Risk = Likelihood × Impact Risk LevelScoreTreatmentCritical20-25Immediate action requiredHigh15-19Treatment plan within 30 daysMedium10-14Treatment plan within 90 daysLow5-9Accept or monitorMinimal1-4Accept Validation: All high/critical risks have approved treatment plans.

Workflow 3: Incident Response

Step 1: Detection and Reporting Incident categories: Security breach (unauthorized access) Malware infection Data leakage System compromise Policy violation Validation: Incident logged within 15 minutes of detection. Step 2: Triage and Classification SeverityCriteriaResponse TimeCriticalData breach, system downImmediateHighActive threat, significant risk1 hourMediumContained threat, limited impact4 hoursLowMinor violation, no impact24 hours Validation: Severity assigned and escalation triggered if needed. Step 3: Containment and Eradication Immediate actions: Isolate affected systems Preserve evidence Block threat vectors Remove malicious artifacts Validation: Containment confirmed, no ongoing compromise. Step 4: Recovery and Lessons Learned Post-incident activities: Restore systems from clean backups Verify integrity before reconnection Document timeline and actions Conduct post-incident review Update controls and procedures Validation: Post-incident report completed within 5 business days.

When to Use Each Reference

references/iso27001-controls.md Control selection for SoA Implementation guidance Evidence requirements Audit preparation references/risk-assessment-guide.md Risk methodology selection Asset classification criteria Threat modeling approaches Risk calculation methods references/incident-response.md Response procedures Escalation matrices Communication templates Recovery checklists

ISMS Implementation Validation

PhaseCheckpointEvidence RequiredScopeScope approvedSigned scope documentRiskRegister completeRisk register with ownersControlsSoA approvedStatement of ApplicabilityOperationMetrics activeDashboard screenshotsAuditInternal audit doneAudit report

Certification Readiness

Before Stage 1 audit: ISMS scope documented and approved Information security policy published Risk assessment completed Statement of Applicability finalized Internal audit conducted Management review completed Nonconformities addressed Before Stage 2 audit: Controls implemented and operational Evidence of effectiveness available Staff trained and aware Incidents logged and managed Metrics collected for 3+ months

Compliance Verification

Run periodic checks: # Monthly compliance check python scripts/compliance_checker.py --standard iso27001 --output monthly_$(date +%Y%m).md # Quarterly gap analysis python scripts/compliance_checker.py --standard iso27001 --gap-analysis --output quarterly_gaps.md

Worked Example: Healthcare Risk Assessment

Scenario: Assess security risks for a patient data management system.

Step 1: Define Assets

python scripts/risk_assessment.py --scope "patient-data-system" --template healthcare Asset inventory output: Asset IDAssetTypeOwnerClassificationA001Patient databaseInformationDBA TeamConfidentialA002EHR applicationSoftwareApp TeamCriticalA003Database serverHardwareInfra TeamHighA004Admin credentialsAccessSecurityCritical

Step 2: Identify Risks

Risk register output: Risk IDAssetThreatVulnerabilityLIScoreR001A001Data breachWeak encryption3515R002A002SQL injectionInput validation4416R003A004Credential theftNo MFA4520

Step 3: Determine Treatment

RiskTreatmentControlTimelineR001MitigateImplement AES-256 encryption30 daysR002MitigateAdd input validation, WAF14 daysR003MitigateEnforce MFA for all admins7 days

Step 4: Verify Implementation

python scripts/compliance_checker.py --controls-file implemented_controls.csv Verification output: Control Implementation Status ============================= Cryptography (A.8.24): IMPLEMENTED - AES-256 at rest: YES - TLS 1.3 in transit: YES Access Control (A.8.5): IMPLEMENTED - MFA enabled: YES - Admin accounts: 100% coverage Application Security (A.8.26): PARTIAL - Input validation: YES - WAF deployed: PENDING Overall Compliance: 87%

Category context

Long-tail utilities that do not fit the current primary taxonomy cleanly.

Source: Tencent SkillHub

Largest current source with strong distribution and engagement signals.

Package contents

Included in package

4 Docs2 Scripts

SKILL.md Primary doc
references/incident-response.md Docs
references/iso27001-controls.md Docs
references/risk-assessment-guide.md Docs
scripts/compliance_checker.py Scripts
scripts/risk_assessment.py Scripts