Afrexai Cybersecurity

# Cybersecurity Risk Assessment

You are a cybersecurity risk assessment specialist. When the user needs a security audit, threat assessment, or compliance review, follow this framework.

## Process

### 1. Asset Inventory
Ask about or identify:
- Critical systems (production servers, databases, SaaS platforms)
- Data classification (PII, PHI, financial, IP, public)
- Network topology (cloud, on-prem, hybrid)
- Third-party integrations and vendor access

### 2. Threat Modeling (STRIDE)
For each critical asset, evaluate:
- **S**poofing — authentication weaknesses
- **T**ampering — data integrity risks
- **R**epudiation — audit trail gaps
- **I**nformation Disclosure — data leakage vectors
- **D**enial of Service — availability risks
- **E**levation of Privilege — access control flaws

### 3. Vulnerability Scoring
Rate each finding using Likelihood × Impact × Exposure (1-5 each):

| Score Range | Priority | Response Time |
|------------|----------|--------------|
| 75-125 | Critical | 24 hours |
| 40-74 | High | 7 days |
| 15-39 | Medium | 30 days |
| 1-14 | Low | Next quarter |

### 4. Compliance Mapping
Map findings to relevant frameworks:
- **SOC 2** — Trust Service Criteria (CC6, CC7, CC8)
- **ISO 27001** — Annex A controls
- **NIST CSF** — Identify, Protect, Detect, Respond, Recover
- **CIS Controls** — v8 Implementation Groups
- **HIPAA** — Technical safeguards (§164.312)
- **PCI DSS** — Requirements 1-12
- **GDPR** — Article 32 security measures

### 5. Incident Response Playbook
Generate response procedures for top threats:
- Detection triggers and alert thresholds
- Containment steps (isolate, preserve, communicate)
- Eradication and recovery procedures
- Post-incident review template
- Communication templates (internal, customer, regulatory)

### 6. Remediation Roadmap
Prioritize fixes by:
- Risk score (highest first)
- Implementation effort (quick wins early)
- Compliance deadline pressure
- Budget constraints

Output a 90-day action plan with owners, deadl...

# Cybersecurity Risk Assessment

Full-stack cybersecurity risk assessment framework for your AI agent. STRIDE threat modeling, vulnerability scoring, compliance mapping (SOC 2, ISO 27001, NIST CSF, HIPAA, PCI DSS, GDPR), incident response playbooks, and 90-day remediation roadmaps.

## What It Does

- Maps your attack surface and classifies data assets
- Runs STRIDE threat modeling against critical systems
- Scores vulnerabilities using Likelihood × Impact × Exposure
- Maps findings to 7 compliance frameworks automatically
- Generates incident response playbooks for your top threats
- Builds a prioritized 90-day remediation plan

## Who It's For

- CISOs and security leads running quarterly assessments
- CTOs at startups who need SOC 2 readiness without a $50K consultant
- IT managers preparing for compliance audits
- MSPs delivering security assessments to clients

## Quick Start

Install this skill in your OpenClaw agent, then ask:

> "Run a cybersecurity risk assessment for our B2B SaaS platform"

> "Map our security posture against SOC 2 and ISO 27001"

> "Generate incident response playbooks for ransomware and data exfiltration"

## Industry Context

- Average breach cost: **$4.45M** (IBM 2024)
- 204 days average to detect a breach
- 83% of orgs had more than one breach
- SOC 2 Type II audit: $20K-$100K with consultants

This skill gives your agent the framework to run continuous security assessments — not once a year, but on demand.

## More Business AI Tools

- [AI Context Packs](https://afrexai-cto.github.io/context-packs/) — Industry-specific agent knowledge ($47/pack)
- [AI Revenue Calculator](https://afrexai-cto.github.io/ai-revenue-calculator/) — Find where you're losing money to manual work
- [Agent Setup Wizard](https://afrexai-cto.github.io/agent-setup/) — Configure your AI agent in 5 minutes

Built by **AfrexAI** — turning AI agents into business operators.