ISO 27001 ISMS审计专家 | 高级信息安全体系审计、安全控制评估与合规验证

isms-audit-expert by davila7/claude-code-templates

201 周安装量

24,200 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/davila7/claude-code-templates --skill isms-audit-expert

质量管理法律合规安全

🇨🇳中文介绍

高级信息安全管理体系审计专家

具备专家级的信息安全管理体系审计能力，全面掌握 ISO 27001、安全审计方法学、安全控制评估和网络安全合规性验证知识。

核心 ISMS 审计能力

1. ISO 27001 ISMS 审计项目管理

设计和管理全面的 ISMS 审计项目，确保系统性的安全评估和持续改进。

ISMS 审计项目框架：

ISMS AUDIT PROGRAM MANAGEMENT
├── 安全审计规划
│   ├── 基于风险的审计排期
│   ├── 安全领域范围定义
│   ├── 技术审计员能力
│   └── 安全测试资源分配
├── 审计执行协调
│   ├── 技术安全评估
│   ├── 管理控制评估
│   ├── 物理安全验证
│   └── 安全文档审查
├── 安全发现项管理
│   ├── 安全差距识别
│   ├── 漏洞评估整合
│   ├── 基于风险的发现项优先级排序
│   └── 安全改进建议
└── ISMS 审计绩效
    ├── 安全审计有效性
    ├── 技术审计员发展
    ├── 安全方法学增强
    └── 行业最佳实践采纳

2. 基于风险的安全审计规划

基于信息安全风险、威胁态势和 ISMS 绩效制定战略性的安全审计计划。

安全审计风险评估：

信息安全风险评估
- 资产关键性和威胁暴露分析
- 安全控制有效性评估
- 以往安全事件和审计分析
- 决策点：根据安全风险确定审计优先级和频率
安全审计范围定义
- 高风险资产：季度技术安全评估
- 关键安全控制：半年度控制有效性测试

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

🇺🇸English

Senior ISMS Audit Expert

Expert-level Information Security Management System (ISMS) auditing with comprehensive knowledge of ISO 27001, security audit methodologies, security control assessment, and cybersecurity compliance verification.

Core ISMS Auditing Competencies

1. ISO 27001 ISMS Audit Program Management

Design and manage comprehensive ISMS audit programs ensuring systematic security evaluation and continuous improvement.

ISMS Audit Program Framework:

ISMS AUDIT PROGRAM MANAGEMENT
├── Security Audit Planning
│   ├── Risk-based audit scheduling
│   ├── Security domain scope definition
│   ├── Technical auditor competency
│   └── Security testing resource allocation
├── Audit Execution Coordination
│   ├── Technical security assessment
│   ├── Administrative control evaluation
│   ├── Physical security verification
│   └── Security documentation review
├── Security Finding Management
│   ├── Security gap identification
│   ├── Vulnerability assessment integration
│   ├── Risk-based finding prioritization
│   └── Security improvement recommendations
└── ISMS Audit Performance
    ├── Security audit effectiveness
    ├── Technical auditor development
    ├── Security methodology enhancement
    └── Industry best practice adoption

2. Risk-Based Security Audit Planning

Develop strategic security audit plans based on information security risks, threat landscape, and ISMS performance.

Security Audit Risk Assessment:

Information Security Risk Evaluation
- Asset criticality and threat exposure analysis
- Security control effectiveness assessment
- Previous security incident and audit analysis
- Decision Point : Determine audit priority and frequency based on security risk
Security Audit Scope Definition
- High-Risk Assets : Quarterly technical security assessments
- Critical Security Controls : Semi-annual control effectiveness testing
- Standard Security Processes : Annual compliance verification
- Emerging Threats : Event-driven security evaluations
Technical Security Testing Integration
- Vulnerability assessment and penetration testing coordination
- Security control technical verification
- Threat simulation and red team exercises
- Compliance scanning and automated testing

3. ISO 27001 Audit Execution and Methodology

Conduct systematic ISMS audits using proven methodologies ensuring comprehensive security assessment.

ISMS Audit Execution Process:

Security Audit Preparation
- Pre-audit Security Review : Follow scripts/security-audit-prep.py
- Technical Assessment Planning : Security testing scope and methods
- Security Auditor Assignment : Technical competency and independence
- ISMS Documentation Review : Policy, procedure, and control documentation
Security Audit Conduct
- ISMS Process Assessment : Security management process evaluation
- Security Control Testing : Technical and administrative control verification
- Security Compliance Verification : Regulatory and standard compliance
- Security Culture Assessment : Security awareness and training effectiveness
Security Audit Documentation
- Security Finding Documentation : Technical and administrative findings
- Risk Assessment Integration : Security risk impact and likelihood
- Security Improvement Recommendations : Control enhancement and optimization
- Compliance Status Reporting : ISO 27001 and regulatory compliance

4. Security Control Assessment and Testing

Conduct comprehensive security control assessments ensuring effective security implementation and operation.

Security Control Assessment Framework:

ISO 27002 CONTROL ASSESSMENT
├── Organizational Security Controls
│   ├── Information security policies
│   ├── Information security organization
│   ├── Human resource security
│   └── Asset management
├── Technical Security Controls
│   ├── Access control systems
│   ├── Cryptography implementation
│   ├── Systems security configuration
│   ├── Network security controls
│   ├── Application security measures
│   └── Secure development practices
├── Physical Security Controls
│   ├── Physical security perimeters
│   ├── Physical entry controls
│   ├── Equipment protection
│   └── Secure disposal procedures
└── Operational Security Controls
    ├── Operational procedures
    ├── Change management
    ├── Capacity management
    ├── System segregation
    ├── Malware protection
    └── Backup and recovery

Advanced ISMS Audit Applications

Technical Security Testing Integration

Integrate technical security assessments with ISMS auditing ensuring comprehensive security verification.

Technical Security Assessment:

Vulnerability Assessment Integration
- Network vulnerability scanning and analysis
- Application security testing and code review
- Configuration assessment and hardening verification
- Decision Point : Determine technical testing scope based on risk and compliance
Penetration Testing Coordination
- For External Networks : Follow references/external-pentest-guide.md
- For Internal Systems : Follow references/internal-pentest-guide.md
- For Web Applications : Follow references/webapp-security-testing.md
- Social engineering and phishing simulation
Security Control Verification
- Access control effectiveness testing
- Encryption implementation verification
- Monitoring and logging system assessment
- Incident response procedure validation

Cybersecurity Compliance Auditing

Conduct specialized cybersecurity compliance audits addressing regulatory and industry requirements.

Cybersecurity Compliance Framework:

Healthcare Cybersecurity : HIPAA Security Rule and healthcare-specific requirements
Medical Device Cybersecurity : FDA cybersecurity guidance and IEC 62304 integration
Financial Services : PCI DSS and financial industry security standards
Critical Infrastructure : NIST Cybersecurity Framework and sector-specific guidelines

Cloud Security Auditing

Assess cloud security implementations ensuring comprehensive cloud service security verification.

Cloud Security Audit Approach:

Cloud Service Provider Assessment
- CSP security certification and compliance verification
- Shared responsibility model implementation review
- Data residency and sovereignty compliance
- Cloud access and identity management assessment
Cloud Configuration Assessment
- Cloud resource configuration and hardening
- Network security and segmentation verification
- Data encryption and key management assessment
- Cloud monitoring and logging evaluation

Security Auditor Competency and Development

Security Auditor Technical Competency

Develop and maintain security auditor technical competency ensuring effective security assessment capabilities.

Security Auditor Competency Framework:

SECURITY AUDITOR COMPETENCY
├── Technical Security Knowledge
│   ├── Network security and protocols
│   ├── System security and hardening
│   ├── Application security and testing
│   ├── Cryptography and key management
│   └── Security architecture and design
├── Security Assessment Skills
│   ├── Vulnerability assessment techniques
│   ├── Penetration testing methodologies
│   ├── Security control testing
│   └── Risk assessment and analysis
├── Compliance and Standards
│   ├── ISO 27001/27002 expertise
│   ├── Regulatory requirement knowledge
│   ├── Industry standard familiarity
│   └── Audit methodology proficiency
└── Communication and Reporting
    ├── Technical finding documentation
    ├── Risk communication skills
    ├── Executive reporting capabilities
    └── Stakeholder engagement

Security Audit Tool Proficiency

Maintain proficiency with security audit tools and technologies ensuring effective technical assessment.

Security Audit Tool Categories:

Vulnerability Scanners : Network, web application, and database vulnerability assessment
Penetration Testing Tools : Exploitation frameworks and security testing utilities
Configuration Assessment : System and application configuration analysis
Compliance Scanning : Automated compliance verification and reporting

External Security Audit Coordination

ISO 27001 Certification Audit Support

Prepare organization for ISO 27001 certification audits ensuring successful certification and maintenance.

Certification Audit Preparation:

Pre-certification Readiness
- Internal ISMS audit completion and closure
- Security control implementation verification
- ISMS documentation review and compliance
- Mock Certification Audit : Full-scale external audit simulation
Certification Audit Coordination
- Stage 1 Audit Support : Documentation review and ISMS assessment
- Stage 2 Audit Coordination : Implementation testing and verification
- Surveillance Audit Preparation : Ongoing compliance and improvement
- Certification body relationship management

Regulatory Security Inspection Preparation

Prepare organization for regulatory security inspections and compliance assessments.

Regulatory Inspection Coordination:

Healthcare Inspections : OCR HIPAA security audits and assessments
Financial Services : Regulatory cybersecurity examinations
Critical Infrastructure : Sector-specific security assessments
International Compliance : Multi-jurisdictional security requirements

ISMS Audit Performance and Improvement

Security Audit Performance Metrics

Monitor ISMS audit program effectiveness ensuring continuous security improvement and compliance.

Security Audit KPIs:

Security Control Effectiveness : Control implementation and operation success
Security Finding Resolution : Finding closure rates and timelines
Security Risk Mitigation : Risk reduction and residual risk management
Compliance Achievement : ISO 27001 and regulatory compliance rates
Security Incident Prevention : Audit-driven security improvement effectiveness

ISMS Audit Program Optimization

Continuously improve ISMS audit program through methodology enhancement and technology integration.

Audit Program Enhancement:

Security Audit Technology Integration
- Automated security scanning and assessment
- Continuous security monitoring integration
- Security information and event management (SIEM) correlation
- Decision Point : Determine automation opportunities and tool integration
Security Audit Methodology Evolution
- Threat intelligence integration and analysis
- Security framework alignment and optimization
- Industry best practice adoption and customization
- Regulatory requirement evolution and adaptation

Resources

scripts/

isms-audit-scheduler.py: Risk-based ISMS audit planning and scheduling
security-audit-prep.py: Security audit preparation and checklist automation
security-control-tester.py: Automated security control verification testing
compliance-reporting.py: ISO 27001 and regulatory compliance reporting

references/

iso27001-audit-methodology.md: Complete ISO 27001 audit framework and procedures
security-control-testing-guide.md: Technical security control assessment methodologies
external-pentest-guide.md: External penetration testing coordination and oversight
cloud-security-audit-guide.md: Cloud service security assessment frameworks
regulatory-security-compliance.md: Multi-jurisdictional security compliance requirements

assets/

isms-audit-templates/: ISMS audit plan, checklist, and report templates
security-testing-tools/: Security assessment and testing automation scripts
compliance-checklists/: ISO 27001 and regulatory compliance verification checklists
training-materials/: Security auditor training and competency development programs

Weekly Installs

155

Repository

davila7/claude-…emplates

GitHub Stars

23.4K

First Seen

Jan 21, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

claude-code133

opencode125

cursor122

gemini-cli120

antigravity112

codex109

ISO 27001 ISMS审计专家 | 高级信息安全体系审计、安全控制评估与合规验证

🇨🇳中文介绍

高级信息安全管理体系审计专家

核心 ISMS 审计能力

1. ISO 27001 ISMS 审计项目管理

2. 基于风险的安全审计规划

相关 Skills

3. ISO 27001 审计执行与方法学

4. 安全控制评估与测试

高级 ISMS 审计应用

技术安全测试整合

网络安全合规审计

云安全审计

安全审计员能力与发展

安全审计员技术能力

安全审计工具熟练度

外部安全审计协调

ISO 27001 认证审计支持

法规安全检查准备

ISMS 审计绩效与改进

安全审计绩效指标

ISMS 审计项目优化

资源

scripts/

references/

assets/

🇺🇸English

Senior ISMS Audit Expert

Core ISMS Auditing Competencies

1. ISO 27001 ISMS Audit Program Management

2. Risk-Based Security Audit Planning

3. ISO 27001 Audit Execution and Methodology

4. Security Control Assessment and Testing

Advanced ISMS Audit Applications

Technical Security Testing Integration

Cybersecurity Compliance Auditing

Cloud Security Auditing

Security Auditor Competency and Development

Security Auditor Technical Competency

Security Audit Tool Proficiency

External Security Audit Coordination

ISO 27001 Certification Audit Support

Regulatory Security Inspection Preparation

ISMS Audit Performance and Improvement

Security Audit Performance Metrics

ISMS Audit Program Optimization

Resources

scripts/

references/

assets/

最新 Skills