name	security
description	Information security expertise for cybersecurity frameworks (NIST, ISO 27001), security architecture, incident response, vulnerability management, identity management, and cloud security. Use when designing security programs, responding to incidents, or assessing vulnerabilities.

Information Security Expert

Comprehensive security frameworks for cybersecurity, incident response, and security architecture.

Security Architecture

Zero Trust Architecture

ZERO TRUST PRINCIPLES:
- Never trust, always verify
- Assume breach
- Verify explicitly
- Least privilege access
- Micro-segmentation

ZERO TRUST COMPONENTS:

IDENTITY:
- Strong authentication (MFA)
- Identity governance
- Privileged access management
- Continuous validation

DEVICES:
- Device health verification
- Endpoint detection and response
- Mobile device management
- Asset inventory

NETWORK:
- Micro-segmentation
- Software-defined perimeter
- Encrypted communications
- Network access control

APPLICATIONS:
- Application-level authentication
- API security
- Web application firewall
- Secure coding practices

DATA:
- Data classification
- Encryption at rest and in transit
- Data loss prevention
- Access controls

Defense in Depth

SECURITY LAYERS:

PHYSICAL:
- Data center security
- Badge access
- Surveillance
- Environmental controls

PERIMETER:
- Firewalls
- IDS/IPS
- DMZ
- VPN

NETWORK:
- Segmentation
- Encryption
- Network monitoring
- NAC

HOST:
- Endpoint protection
- Host-based firewall
- Hardening
- Patch management

APPLICATION:
- WAF
- Secure coding
- Input validation
- Authentication

DATA:
- Encryption
- DLP
- Access controls
- Backup/recovery

Cloud Security

Domain	Controls
Identity	SSO, MFA, PAM, IAM policies
Compute	Hardened images, container security
Network	VPC, security groups, WAF
Storage	Encryption, access policies, backup
Logging	CloudTrail, SIEM integration
Compliance	Config rules, automated remediation

For detailed security frameworks (NIST, ISO 27001, CIS Controls, MITRE ATT&CK), see Security Frameworks Reference.

Vulnerability Management

Vulnerability Management Process

LIFECYCLE:

1. DISCOVERY
   - Asset inventory
   - Vulnerability scanning
   - Penetration testing
   - Code analysis

2. PRIORITIZATION
   - CVSS scoring
   - Asset criticality
   - Exploit availability
   - Business context

3. REMEDIATION
   - Patch management
   - Configuration changes
   - Compensating controls
   - Risk acceptance

4. VERIFICATION
   - Rescan
   - Validation testing
   - Documentation
   - Reporting

5. REPORTING
   - Executive dashboards
   - Trend analysis
   - Compliance reporting
   - SLA tracking

CVSS Scoring

Score	Severity	SLA Target
9.0-10.0	Critical	7 days
7.0-8.9	High	30 days
4.0-6.9	Medium	90 days
0.1-3.9	Low	Best effort

Patch Management

PATCH PROCESS:

1. IDENTIFICATION
   - Vendor announcements
   - Vulnerability feeds
   - Security bulletins

2. ASSESSMENT
   - Applicability
   - Risk evaluation
   - Test requirements

3. TESTING
   - Lab validation
   - Compatibility testing
   - Rollback planning

4. DEPLOYMENT
   - Pilot group
   - Phased rollout
   - Monitoring

5. VERIFICATION
   - Confirm installation
   - Functional testing
   - Documentation

Identity & Access Management

IAM Framework

IAM COMPONENTS:

IDENTITY LIFECYCLE:
- Provisioning
- Modification
- De-provisioning
- Certification

AUTHENTICATION:
- Password policies
- Multi-factor authentication
- Single sign-on
- Passwordless

AUTHORIZATION:
- Role-based access (RBAC)
- Attribute-based access (ABAC)
- Least privilege
- Separation of duties

GOVERNANCE:
- Access reviews
- Policy enforcement
- Audit logging
- Compliance reporting

Privileged Access Management

PAM CONTROLS:

VAULT:
- Credential storage
- Password rotation
- Secrets management

SESSION:
- Session recording
- Just-in-time access
- Time-limited credentials

MONITORING:
- Activity logging
- Behavioral analytics
- Alert on anomalies

GOVERNANCE:
- Access certification
- Policy enforcement
- Compliance reporting

Security Awareness

Security Training Program

Topic	Frequency	Audience
New Hire Security	Onboarding	All employees
Annual Refresh	Annually	All employees
Phishing Awareness	Quarterly	All employees
Developer Security	Annually	Development team
Executive Briefings	Quarterly	Leadership
Role-Based	As needed	Specific roles

Phishing Simulation

SIMULATION PROGRAM:

FREQUENCY: Monthly

DIFFICULTY LEVELS:
- Easy: Generic, obvious errors
- Medium: Branded, some personalization
- Hard: Targeted, well-crafted

METRICS:
- Click rate
- Report rate
- Training completion
- Trend over time

RESPONSE:
- Click → Immediate training
- Report → Positive reinforcement
- Repeat offenders → Additional training

Security Metrics

Key Security Metrics

Category	Metric	Target
Vulnerability	Critical vulns open >30 days	0
Patching	Systems patched within SLA	95%+
Incidents	Mean time to detect	<24 hours
Access	Orphan accounts	0
Training	Completion rate	95%+
Phishing	Click rate	<5%

Security Dashboard

EXECUTIVE DASHBOARD:

RISK POSTURE:
- Overall risk score
- Risk trend
- Top risks

COMPLIANCE:
- Framework coverage
- Audit findings
- Remediation status

OPERATIONS:
- Incident summary
- Vulnerability status
- Patching compliance

INVESTMENT:
- Budget utilization
- Tool effectiveness
- Headcount

Threat Intelligence

Threat Intelligence Sources

Type	Sources	Use
Strategic	Industry reports, geopolitical	Executive briefings
Tactical	TTPs, malware analysis	Detection rules
Operational	IOCs, campaigns	Active response
Technical	Signatures, hashes	Automated blocking

For detailed incident response processes and SOC operations, see Incident Response Reference.

References

Security Frameworks Reference - NIST, ISO 27001, CIS Controls, MITRE ATT&CK
Incident Response Reference - IR process, severity levels, SOC operations

security

Install Skill

SKILL.md