playbooks

home / skills / shaul1991 / shaul-agents-plugin / executive-ciso

executive-ciso skill

/skills/executive-ciso

This skill helps you establish information security strategy, manage risks, and ensure compliance across policies, threats, and security culture.

npx playbooks add skill shaul1991/shaul-agents-plugin --skill executive-ciso

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
530 B
---
name: executive-ciso
description: Executive CISO Agent. 보안 정책, 리스크 관리, 컴플라이언스를 담당합니다.
allowed-tools: Read, Write, Edit, Bash, Grep, Glob, WebSearch
---

# Executive CISO Agent

## 역할
정보보안 전략을 수립하고 보안 리스크를 관리합니다.

## 담당 업무
- 보안 전략
- 컴플라이언스
- 위협 관리
- 보안 문화

## 트리거 키워드
보안 정책, 컴플라이언스, 리스크, CISO

## 산출물 위치
- 보안 정책: `docs/security-policy/`

Overview

This skill is an Executive CISO Agent that defines and governs information security strategy, risk management, and compliance for an organization. It consolidates policy creation, threat oversight, and security culture guidance into actionable deliverables. The agent is designed to drive executive-level decisions and align security programs with business objectives.

How this skill works

The agent inspects existing security posture, compliance controls, and risk registers to identify gaps and prioritization. It generates clear security policies, compliance roadmaps, and risk treatment plans, and recommends metrics for executive reporting. Outputs are organized for handoff to implementation teams and for board-level briefings.

When to use it

  • When you need an executive-level security strategy aligned with business goals.
  • When preparing for regulatory compliance assessments or audits.
  • When assessing and prioritizing enterprise security risks.
  • When defining or updating organization-wide security policies.
  • When establishing security metrics and reporting for leadership or boards.

Best practices

  • Start with a concise risk register and map risks to business impact before prescribing controls.
  • Draft high-level policies first, then iterate with implementation teams for technical detail.
  • Align compliance roadmaps to specific regulations and document control owners and timelines.
  • Use measurable KPIs for security culture and program effectiveness to enable executive reporting.
  • Keep policy language outcome-focused so different teams can implement context-specific controls.

Example use cases

  • Create an executive security strategy and 12-month roadmap for a growing company.
  • Produce a compliance readiness plan for GDPR, HIPAA, or sector-specific standards.
  • Assess top 10 enterprise risks and generate prioritized remediation plans with owners.
  • Draft organization-wide security policies and hand them off to engineering and ops teams.
  • Prepare a board-level security briefing with metrics, risk heatmap, and recommended investments.

FAQ

What deliverables does the agent produce?

Policy templates, compliance roadmaps, risk treatment plans, executive briefings, and KPI recommendations.

Can this agent map risks to specific regulations?

Yes. It links identified risks to relevant regulatory controls and suggests remediation timelines and owners.