# Send Information Security Manager Iso27001 to your agent Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually. ## Fast path - Download the package from Yavira. - Extract it into a folder your agent can access. - Paste one of the prompts below and point your agent at the extracted folder. ## Suggested prompts ### New install ```text I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete. ``` ### Upgrade existing ```text I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run. ``` ## Machine-readable fields ```json { "schemaVersion": "1.0", "item": { "slug": "information-security-manager-iso27001", "name": "Information Security Manager Iso27001", "source": "tencent", "type": "skill", "category": "其他", "sourceUrl": "https://clawhub.ai/alirezarezvani/information-security-manager-iso27001", "canonicalUrl": "https://clawhub.ai/alirezarezvani/information-security-manager-iso27001", "targetPlatform": "OpenClaw" }, "install": { "downloadUrl": "/downloads/information-security-manager-iso27001", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=information-security-manager-iso27001", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "packageFormat": "ZIP package", "primaryDoc": "SKILL.md", "includedAssets": [ "SKILL.md", "references/incident-response.md", "references/iso27001-controls.md", "references/risk-assessment-guide.md", "scripts/compliance_checker.py", "scripts/risk_assessment.py" ], "downloadMode": "redirect", "sourceHealth": { "source": "tencent", "slug": "information-security-manager-iso27001", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-29T07:47:08.238Z", "expiresAt": "2026-05-06T07:47:08.238Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=information-security-manager-iso27001", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=information-security-manager-iso27001", "contentDisposition": "attachment; filename=\"information-security-manager-iso27001-2.1.1.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "information-security-manager-iso27001" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/information-security-manager-iso27001" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] } }, "links": { "detailUrl": "https://openagent3.xyz/skills/information-security-manager-iso27001", "downloadUrl": "https://openagent3.xyz/downloads/information-security-manager-iso27001", "agentUrl": "https://openagent3.xyz/skills/information-security-manager-iso27001/agent", "manifestUrl": "https://openagent3.xyz/skills/information-security-manager-iso27001/agent.json", "briefUrl": "https://openagent3.xyz/skills/information-security-manager-iso27001/agent.md" } } ``` ## Documentation ### Information Security Manager - ISO 27001 Implement and manage Information Security Management Systems (ISMS) aligned with ISO 27001:2022 and healthcare regulatory requirements. ### Table of Contents Trigger Phrases Quick Start Tools Workflows Reference Guides Validation Checkpoints ### Trigger Phrases Use this skill when you hear: "implement ISO 27001" "ISMS implementation" "security risk assessment" "information security policy" "ISO 27001 certification" "security controls implementation" "incident response plan" "healthcare data security" "medical device cybersecurity" "security compliance audit" ### Run Security Risk Assessment python scripts/risk_assessment.py --scope "patient-data-system" --output risk_register.json ### Check Compliance Status python scripts/compliance_checker.py --standard iso27001 --controls-file controls.csv ### Generate Gap Analysis Report python scripts/compliance_checker.py --standard iso27001 --gap-analysis --output gaps.md ### risk_assessment.py Automated security risk assessment following ISO 27001 Clause 6.1.2 methodology. Usage: # Full risk assessment python scripts/risk_assessment.py --scope "cloud-infrastructure" --output risks.json # Healthcare-specific assessment python scripts/risk_assessment.py --scope "ehr-system" --template healthcare --output risks.json # Quick asset-based assessment python scripts/risk_assessment.py --assets assets.csv --output risks.json Parameters: ParameterRequiredDescription--scopeYesSystem or area to assess--templateNoAssessment template: general, healthcare, cloud--assetsNoCSV file with asset inventory--outputNoOutput file (default: stdout)--formatNoOutput format: json, csv, markdown Output: Asset inventory with classification Threat and vulnerability mapping Risk scores (likelihood × impact) Treatment recommendations Residual risk calculations ### compliance_checker.py Verify ISO 27001/27002 control implementation status. Usage: # Check all ISO 27001 controls python scripts/compliance_checker.py --standard iso27001 # Gap analysis with recommendations python scripts/compliance_checker.py --standard iso27001 --gap-analysis # Check specific control domains python scripts/compliance_checker.py --standard iso27001 --domains "access-control,cryptography" # Export compliance report python scripts/compliance_checker.py --standard iso27001 --output compliance_report.md Parameters: ParameterRequiredDescription--standardYesStandard to check: iso27001, iso27002, hipaa--controls-fileNoCSV with current control status--gap-analysisNoInclude remediation recommendations--domainsNoSpecific control domains to check--outputNoOutput file path Output: Control implementation status Compliance percentage by domain Gap analysis with priorities Remediation recommendations ### Workflow 1: ISMS Implementation Step 1: Define Scope and Context Document organizational context and ISMS boundaries: Identify interested parties and requirements Define ISMS scope and boundaries Document internal/external issues Validation: Scope statement reviewed and approved by management. Step 2: Conduct Risk Assessment python scripts/risk_assessment.py --scope "full-organization" --template general --output initial_risks.json Identify information assets Assess threats and vulnerabilities Calculate risk levels Determine risk treatment options Validation: Risk register contains all critical assets with assigned owners. Step 3: Select and Implement Controls Map risks to ISO 27002 controls: python scripts/compliance_checker.py --standard iso27002 --gap-analysis --output control_gaps.md Control categories: Organizational (policies, roles, responsibilities) People (screening, awareness, training) Physical (perimeters, equipment, media) Technological (access, crypto, network, application) Validation: Statement of Applicability (SoA) documents all controls with justification. Step 4: Establish Monitoring Define security metrics: Incident count and severity trends Control effectiveness scores Training completion rates Audit findings closure rate Validation: Dashboard shows real-time compliance status. ### Workflow 2: Security Risk Assessment Step 1: Asset Identification Create asset inventory: Asset TypeExamplesClassificationInformationPatient records, source codeConfidentialSoftwareEHR system, APIsCriticalHardwareServers, medical devicesHighServicesCloud hosting, backupHighPeopleAdmin accounts, developersVaries Validation: All assets have assigned owners and classifications. Step 2: Threat Analysis Identify threats per asset category: AssetThreatsLikelihoodPatient dataUnauthorized access, breachHighMedical devicesMalware, tamperingMediumCloud servicesMisconfiguration, outageMediumCredentialsPhishing, brute forceHigh Validation: Threat model covers top-10 industry threats. Step 3: Vulnerability Assessment python scripts/risk_assessment.py --scope "network-infrastructure" --output vuln_risks.json Document vulnerabilities: Technical (unpatched systems, weak configs) Process (missing procedures, gaps) People (lack of training, insider risk) Validation: Vulnerability scan results mapped to risk register. Step 4: Risk Evaluation and Treatment Calculate risk: Risk = Likelihood × Impact Risk LevelScoreTreatmentCritical20-25Immediate action requiredHigh15-19Treatment plan within 30 daysMedium10-14Treatment plan within 90 daysLow5-9Accept or monitorMinimal1-4Accept Validation: All high/critical risks have approved treatment plans. ### Workflow 3: Incident Response Step 1: Detection and Reporting Incident categories: Security breach (unauthorized access) Malware infection Data leakage System compromise Policy violation Validation: Incident logged within 15 minutes of detection. Step 2: Triage and Classification SeverityCriteriaResponse TimeCriticalData breach, system downImmediateHighActive threat, significant risk1 hourMediumContained threat, limited impact4 hoursLowMinor violation, no impact24 hours Validation: Severity assigned and escalation triggered if needed. Step 3: Containment and Eradication Immediate actions: Isolate affected systems Preserve evidence Block threat vectors Remove malicious artifacts Validation: Containment confirmed, no ongoing compromise. Step 4: Recovery and Lessons Learned Post-incident activities: Restore systems from clean backups Verify integrity before reconnection Document timeline and actions Conduct post-incident review Update controls and procedures Validation: Post-incident report completed within 5 business days. ### When to Use Each Reference references/iso27001-controls.md Control selection for SoA Implementation guidance Evidence requirements Audit preparation references/risk-assessment-guide.md Risk methodology selection Asset classification criteria Threat modeling approaches Risk calculation methods references/incident-response.md Response procedures Escalation matrices Communication templates Recovery checklists ### ISMS Implementation Validation PhaseCheckpointEvidence RequiredScopeScope approvedSigned scope documentRiskRegister completeRisk register with ownersControlsSoA approvedStatement of ApplicabilityOperationMetrics activeDashboard screenshotsAuditInternal audit doneAudit report ### Certification Readiness Before Stage 1 audit: ISMS scope documented and approved Information security policy published Risk assessment completed Statement of Applicability finalized Internal audit conducted Management review completed Nonconformities addressed Before Stage 2 audit: Controls implemented and operational Evidence of effectiveness available Staff trained and aware Incidents logged and managed Metrics collected for 3+ months ### Compliance Verification Run periodic checks: # Monthly compliance check python scripts/compliance_checker.py --standard iso27001 --output monthly_$(date +%Y%m).md # Quarterly gap analysis python scripts/compliance_checker.py --standard iso27001 --gap-analysis --output quarterly_gaps.md ### Worked Example: Healthcare Risk Assessment Scenario: Assess security risks for a patient data management system. ### Step 1: Define Assets python scripts/risk_assessment.py --scope "patient-data-system" --template healthcare Asset inventory output: Asset IDAssetTypeOwnerClassificationA001Patient databaseInformationDBA TeamConfidentialA002EHR applicationSoftwareApp TeamCriticalA003Database serverHardwareInfra TeamHighA004Admin credentialsAccessSecurityCritical ### Step 2: Identify Risks Risk register output: Risk IDAssetThreatVulnerabilityLIScoreR001A001Data breachWeak encryption3515R002A002SQL injectionInput validation4416R003A004Credential theftNo MFA4520 ### Step 3: Determine Treatment RiskTreatmentControlTimelineR001MitigateImplement AES-256 encryption30 daysR002MitigateAdd input validation, WAF14 daysR003MitigateEnforce MFA for all admins7 days ### Step 4: Verify Implementation python scripts/compliance_checker.py --controls-file implemented_controls.csv Verification output: Control Implementation Status ============================= Cryptography (A.8.24): IMPLEMENTED - AES-256 at rest: YES - TLS 1.3 in transit: YES Access Control (A.8.5): IMPLEMENTED - MFA enabled: YES - Admin accounts: 100% coverage Application Security (A.8.26): PARTIAL - Input validation: YES - WAF deployed: PENDING Overall Compliance: 87% ## Trust - Source: tencent - Verification: Indexed source record - Publisher: alirezarezvani - Version: 2.1.1 ## Source health - Status: healthy - Item download looks usable. - Yavira can redirect you to the upstream package for this item. - Health scope: item - Reason: direct_download_ok - Checked at: 2026-04-29T07:47:08.238Z - Expires at: 2026-05-06T07:47:08.238Z - Recommended action: Download for OpenClaw ## Links - [Detail page](https://openagent3.xyz/skills/information-security-manager-iso27001) - [Send to Agent page](https://openagent3.xyz/skills/information-security-manager-iso27001/agent) - [JSON manifest](https://openagent3.xyz/skills/information-security-manager-iso27001/agent.json) - [Markdown brief](https://openagent3.xyz/skills/information-security-manager-iso27001/agent.md) - [Download page](https://openagent3.xyz/downloads/information-security-manager-iso27001)