ciso-assistant-basic-risk-assessment
by intuitem
ciso-assistant-basic-risk-assessmentは、システムセキュリティと脅威対策を支援するスキルです。包括的なセキュリティ診断により、組織の資産と情報を保護します。
Manusで実行ユースケース
MCPサーバー連携
Model Context Protocolを活用したAIツール連携。ciso-assistant-basic-risk-assessmentを活用。
セキュリティ監査
コードやインフラのセキュリティ脆弱性を検出。
アクセス制御管理
権限とアクセス制御の設定を効率化。
SKILL.md
name: ciso-assistant-basic-risk-assessment description: | Guide users through a basic risk assessment workflow in CISO Assistant, from asset identification to scenario creation. Use when: (1) User wants to start a risk assessment from scratch (2) User mentions "risk assessment", "identify risks", "threat scenarios", or "risk register" (3) User asks about qualitative vs quantitative risk approaches (4) User needs help identifying assets, threats, or creating risk scenarios
Covers: risk approach selection (qualitative/quantitative), organizational context gathering, asset identification (primary/supporting), threat catalog usage, scenario generation from threat-asset combinations, risk assessment/study creation.
CISO Assistant Basic Risk Assessment
Guide users through risk assessment setup using MCP server tools.
Prerequisites
- Verify MCP server connectivity - Test with
get_folders() - Backend must be running - CISO Assistant backend at configured URL
- If MCP tools unavailable - Fall back to direct API calls (see bootstrap skill)
Key Principles
Always Pass folder_id for Scoping
When creating objects, always pass folder_id to scope lookups and avoid ambiguity errors when objects with the same name exist in different folders.
# CORRECT - folder_id scopes all lookups to ACME folder
create_risk_scenario(
name="Ransomware on Customer Data",
risk_assessment_id="ACME Risk Assessment 2025",
folder_id="ACME", # <- Scopes asset/threat lookups
assets=["Customer Data"],
threats=["Ransomware"],
threat_library="urn:intuitem:risk:library:intuitem-common-catalog"
)
Always Use threat_library for Threat Lookups
Threats exist in multiple libraries (intuitem catalog, MITRE ATT&CK, etc.). Always specify the library:
threat_library="urn:intuitem:risk:library:intuitem-common-catalog"
Include Relevance in Scenario Descriptions
Always explain why a scenario matters for this specific organization:
"Ransomware attack encrypting customer data, leading to service disruption.
Relevance: GDPR breach implications with mandatory 72-hour notification
and potential fines up to 4% of annual revenue."
Workflow
Step 1: Choose Risk Approach
Ask the user which approach they prefer:
| Approach | Description | Best For |
|---|---|---|
| Qualitative | Probability/impact scales (Low/Medium/High), 4x4 or 5x5 matrix | Initial assessments, stakeholder communication |
| Quantitative | Monetary values, Monte Carlo simulations, ALE calculations | Mature orgs, budget justification, executive reporting |
Step 2: Gather Organizational Context
Ask about:
- Industry: healthcare, financial, tech/SaaS, retail, manufacturing, government
- Size: small (1-50), medium (50-500), large (500+)
- Region: for regulatory context (EU → GDPR, US healthcare → HIPAA, etc.)
- Cloud: AWS/Azure/GCP, SaaS-heavy or on-premise
- Compliance: specific requirements (HIPAA, PCI-DSS, GDPR, SOC2, ISO 27001)
Step 3: Create Domain and Perimeter
# 1. Create folder (domain)
create_folder(name="ACME", description="ACME Corp - Tech/SaaS, EU-based")
# 2. Create perimeter (assessment scope)
create_perimeter(name="ACME Platform", folder_id="ACME")
Step 4: Identify and Create Assets
Use references/typical-assets.md to suggest assets based on context.
Primary Assets (PR) - Business value:
- Customer/employee data, financial records, source code, API keys/secrets
Supporting Assets (SP) - Infrastructure:
- Cloud infrastructure, databases, CI/CD pipeline, email, endpoints
# Create assets - always pass folder_id
create_asset(name="Customer Data", description="Customer PII - GDPR relevant",
asset_type="PR", folder_id="ACME")
create_asset(name="Production Database", description="Primary data storage",
asset_type="SP", folder_id="ACME")
Step 5: Import Threat Catalog
# Import the intuitem common catalog (23 threats)
import_stored_library("urn:intuitem:risk:library:intuitem-common-catalog")
# Verify threats are available
get_threats(library="urn:intuitem:risk:library:intuitem-common-catalog")
Step 6: Generate Scenario Suggestions
Use the Threat-Asset Relevance Matrix in references/typical-assets.md to suggest the most relevant threat-asset combinations.
Naming convention: [Threat] on [Asset]
- "Ransomware on Customer Data"
- "Phishing targeting Employees"
- "Cloud Misconfiguration"
Present top 10-15 combinations and let user select which to create.
Step 7: Create Assessment Container
For Qualitative:
# Check available matrices
get_risk_matrices()
# Use matrix UUID to avoid ambiguity
create_risk_assessment(
name="ACME Risk Assessment 2025",
risk_matrix_id="<matrix-uuid>", # Use UUID from get_risk_matrices()
perimeter_id="ACME Platform",
folder_id="ACME",
status="in_progress"
)
For Quantitative:
create_quantitative_risk_study(
name="ACME Quantitative Risk Study 2025",
folder_id="ACME",
distribution_model="lognormal_ci90"
)
Step 8: Create Risk Scenarios
For Qualitative:
create_risk_scenario(
name="Ransomware on Customer Data",
description="Ransomware attack encrypting customer data. Relevance: GDPR breach with 72-hour notification requirement.",
risk_assessment_id="ACME Risk Assessment 2025",
folder_id="ACME", # CRITICAL: scope lookups
assets=["Customer Data"],
threats=["Ransomware"],
threat_library="urn:intuitem:risk:library:intuitem-common-catalog"
)
For Quantitative:
create_quantitative_risk_scenario(
name="Ransomware on Customer Data",
description="Ransomware attack... Relevance: ...",
quantitative_risk_study_id="ACME Quantitative Risk Study 2025",
folder_id="ACME",
assets=["Customer Data"],
threats=["Ransomware"],
threat_library="urn:intuitem:risk:library:intuitem-common-catalog"
)
Step 9: Summary and Next Steps
After creating scenarios, summarize and guide on next steps:
For Qualitative:
- Rate probability and impact for each scenario in the UI
- Identify and link existing controls
- Plan additional controls for high-risk scenarios
- Review risk matrix visualization
For Quantitative:
- Create hypotheses with probability and impact bounds
- Run Monte Carlo simulations
- Set risk tolerance curve
- Analyze portfolio-level risk
Quick Reference
MCP Tools
| Category | Tool | Key Parameters |
|---|---|---|
| Setup | create_folder() | name, description |
create_perimeter() | name, folder_id | |
| Assets | create_asset() | name, description, asset_type, folder_id |
get_assets() | folder | |
| Threats | import_stored_library() | urn_or_id |
get_threats() | library, folder, limit | |
| Qualitative | get_risk_matrices() | - |
create_risk_assessment() | name, risk_matrix_id, perimeter_id, folder_id | |
create_risk_scenario() | name, description, risk_assessment_id, folder_id, assets, threats, threat_library | |
| Quantitative | create_quantitative_risk_study() | name, folder_id, distribution_model |
create_quantitative_risk_scenario() | name, quantitative_risk_study_id, folder_id, assets, threats, threat_library |
Common Threat Library URN
urn:intuitem:risk:library:intuitem-common-catalog
Threat Catalog Quick Reference
| Threat | Typical Target Assets |
|---|---|
| Ransomware | Customer Data, Databases, File Storage |
| Phishing | Employee Endpoints, Corporate Email |
| Data Breach/Leak | Customer Data, Source Code, API Keys |
| Cloud Security Threats | Cloud Infrastructure, SaaS Apps |
| API Security Threats | Application Code, API Gateway |
| Insider Threats | API Keys/Secrets, Source Code |
| Supply Chain Attacks | CI/CD Pipeline, Dependencies |
| Password Attacks | Corporate Email, Admin Accounts |
| System Outage | Production Database, Core Services |
| Regulatory Non-Compliance | Customer Data (GDPR/HIPAA/PCI) |
| Social Engineering | Employee Endpoints, Finance Team |
Fallback: Direct API Calls
If MCP tools unavailable:
POST /api/folders/POST /api/perimeters/POST /api/assets/POST /api/stored-libraries/<urn>/import/POST /api/risk-assessments/POST /api/risk-scenarios/POST /api/crq/quantitative-risk-studies/POST /api/crq/quantitative-risk-scenarios/
スコア
総合スコア
リポジトリの品質指標に基づく評価
SKILL.mdファイルが含まれている
ライセンスが設定されている
100文字以上の説明がある
GitHub Stars 1000以上
1ヶ月以内に更新
10回以上フォークされている
オープンIssueが50未満
プログラミング言語が設定されている
1つ以上のタグが設定されている
レビュー
レビュー機能は近日公開予定です
