Agent skill

implementing-iso-27001-information-security-management

ISO/IEC 27001:2022 is the international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). This skill covers the complete

View SKILL.md on GitHub Repository
Stars 4,300
Forks 470

Install this agent skill to your Project

npx add-skill https://github.com/mukul975/Anthropic-Cybersecurity-Skills/tree/main/skills/implementing-iso-27001-information-security-management

SKILL.md

Implementing ISO 27001 Information Security Management

Overview

ISO/IEC 27001:2022 is the international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). This skill covers the complete lifecycle from scoping through certification, including Annex A control selection, risk assessment methodology, Statement of Applicability (SoA) creation, and continuous improvement processes.

When to Use

  • When deploying or configuring implementing iso 27001 information security management capabilities in your environment
  • When establishing security controls aligned to compliance requirements
  • When building or improving security architecture for this domain
  • When conducting security assessments that require this implementation

Prerequisites

  • Understanding of information security principles and risk management concepts
  • Familiarity with organizational governance structures and business processes
  • Knowledge of IT infrastructure, network architecture, and data flows
  • Access to ISO/IEC 27001:2022 and ISO/IEC 27002:2022 standards documents

Core Concepts

ISMS Clauses (4-10)

The management system requirements define what must be done:

  • Clause 4 - Context of the Organization: Define scope, interested parties, and internal/external issues
  • Clause 5 - Leadership: Top management commitment, information security policy, roles and responsibilities
  • Clause 6 - Planning: Risk assessment process, risk treatment plan, information security objectives
  • Clause 7 - Support: Resources, competence, awareness, communication, documented information
  • Clause 8 - Operation: Operational planning, risk assessment execution, risk treatment implementation
  • Clause 9 - Performance Evaluation: Monitoring, measurement, internal audit, management review
  • Clause 10 - Improvement: Nonconformities, corrective actions, continual improvement

Annex A Controls (2022 Edition)

The 2022 revision restructured 93 controls into four categories:

Category Controls Examples
Organizational (A.5) 37 controls Policies, roles, threat intelligence, cloud security
People (A.6) 8 controls Screening, awareness, remote working, reporting
Physical (A.7) 14 controls Perimeters, entry controls, equipment security
Technological (A.8) 34 controls Access control, cryptography, logging, secure development

New Controls in 2022 Edition

11 new controls were added:

  1. A.5.7 - Threat Intelligence
  2. A.5.23 - Information Security for Cloud Services
  3. A.5.30 - ICT Readiness for Business Continuity
  4. A.7.4 - Physical Security Monitoring
  5. A.8.9 - Configuration Management
  6. A.8.10 - Information Deletion
  7. A.8.11 - Data Masking
  8. A.8.12 - Data Leakage Prevention
  9. A.8.16 - Monitoring Activities
  10. A.8.23 - Web Filtering
  11. A.8.28 - Secure Coding

Workflow

Phase 1: Gap Analysis and Scoping (Weeks 1-4)

  1. Define ISMS scope boundaries (locations, business units, systems)
  2. Identify interested parties and their requirements
  3. Perform gap analysis against ISO 27001:2022 requirements
  4. Document internal and external context (PESTLE, SWOT)
  5. Obtain top management commitment and allocate budget

Phase 2: Risk Assessment (Weeks 5-10)

  1. Define risk assessment methodology (asset-based, scenario-based, or hybrid)
  2. Create asset inventory covering information, people, processes, technology
  3. Identify threats and vulnerabilities for each asset
  4. Assess risk likelihood and impact using defined criteria
  5. Calculate risk levels and determine risk treatment options (mitigate, accept, transfer, avoid)
  6. Develop Risk Treatment Plan (RTP)

Phase 3: Control Selection and SoA (Weeks 11-14)

  1. Map risk treatments to Annex A controls
  2. Create Statement of Applicability (SoA) documenting:
    • Which controls are applicable and justification
    • Which controls are excluded and justification
    • Implementation status of each control
  3. Design control implementation plans with owners and timelines

Phase 4: Implementation (Weeks 15-30)

  1. Develop and approve information security policy
  2. Implement selected Annex A controls
  3. Create mandatory documented procedures:
    • Information Security Policy (A.5.1)
    • Risk Assessment Process (Clause 6.1.2)
    • Risk Treatment Process (Clause 6.1.3)
    • Internal Audit Programme (Clause 9.2)
    • Management Review Process (Clause 9.3)
    • Corrective Action Procedure (Clause 10.1)
  4. Deploy technical controls and security tooling
  5. Conduct security awareness training for all personnel

Phase 5: Internal Audit and Management Review (Weeks 31-36)

  1. Plan and execute internal audit programme covering all clauses and applicable controls
  2. Document audit findings and nonconformities
  3. Implement corrective actions with root cause analysis
  4. Conduct management review covering:
    • Status of previous actions
    • Changes in internal/external issues
    • Information security performance metrics
    • Audit results and risk assessment outcomes
    • Opportunities for improvement

Phase 6: Certification Audit (Weeks 37-42)

  1. Stage 1 Audit: Documentation review, readiness assessment
  2. Address Stage 1 findings
  3. Stage 2 Audit: On-site assessment of ISMS effectiveness
  4. Resolve any nonconformities (major NCRs require re-audit)
  5. Receive ISO 27001 certification (valid for 3 years)

Phase 7: Continual Improvement (Ongoing)

  1. Annual surveillance audits (Years 1 and 2)
  2. Recertification audit (Year 3)
  3. Regular risk reassessment and control effectiveness reviews
  4. Incident-driven improvements and lessons learned integration

Key Artifacts

  • ISMS Scope Document
  • Information Security Policy
  • Risk Assessment Methodology
  • Risk Register and Risk Treatment Plan
  • Statement of Applicability (SoA)
  • Internal Audit Reports
  • Management Review Minutes
  • Corrective Action Register
  • Metrics and KPI Dashboard

Common Pitfalls

  • Scope too broad or too narrow, leading to audit complications
  • Treating ISO 27001 as a checkbox exercise rather than embedding into business processes
  • Insufficient top management involvement and commitment
  • Failing to maintain documented evidence of control operation
  • Not performing regular risk reassessments as the threat landscape changes
  • Ignoring the 11 new controls in the 2022 edition during transition

Integration Points

  • ISO 27002:2022: Detailed implementation guidance for Annex A controls
  • ISO 27005: Information security risk management methodology
  • ISO 27017: Cloud security controls
  • ISO 27018: Protection of PII in cloud services
  • ISO 27701: Privacy Information Management System (PIMS) extension
  • NIST CSF 2.0: Cross-mapping for dual compliance
  • SOC 2: Overlapping trust service criteria

References

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

mukul975/Anthropic-Cybersecurity-Skills

mapping-mitre-attack-techniques

Maps observed adversary behaviors, security alerts, and detection rules to MITRE ATT&CK techniques and sub-techniques to quantify detection coverage and guide control prioritization. Use when building an ATT&CK-based coverage heatmap, tagging SIEM alerts with technique IDs, aligning security controls to adversary playbooks, or reporting threat exposure to executives. Activates for requests involving ATT&CK Navigator, Sigma rules, MITRE D3FEND, or coverage gap analysis.

4,300 470
Explore
mukul975/Anthropic-Cybersecurity-Skills

hunting-for-spearphishing-indicators

Hunt for spearphishing campaign indicators across email logs, endpoint telemetry, and network data to detect targeted email attacks.

4,300 470
Explore
mukul975/Anthropic-Cybersecurity-Skills

analyzing-malicious-url-with-urlscan

URLScan.io is a free service for scanning and analyzing suspicious URLs. It captures screenshots, DOM content, HTTP transactions, JavaScript behavior, and network connections of web pages in an isolat

4,300 470
Explore
mukul975/Anthropic-Cybersecurity-Skills

implementing-zero-standing-privilege-with-cyberark

Deploy CyberArk Secure Cloud Access to eliminate standing privileges in hybrid and multi-cloud environments using just-in-time access with time, entitlement, and approval controls.

4,300 470
Explore
mukul975/Anthropic-Cybersecurity-Skills

implementing-pam-for-database-access

Deploy privileged access management for database systems including Oracle, SQL Server, PostgreSQL, and MySQL. Covers session proxy configuration, credential vaulting, query auditing, dynamic credentia

4,300 470
Explore
mukul975/Anthropic-Cybersecurity-Skills

detecting-t1003-credential-dumping-with-edr

Detect OS credential dumping techniques targeting LSASS memory, SAM database, NTDS.dit, and cached credentials using EDR telemetry, Sysmon process access monitoring, and Windows security event correlation.

4,300 470
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results