Information Security Manager - ISO 27001

Implement and manage Information Security Management Systems (ISMS) aligned with ISO 27001:2022 and healthcare regulatory requirements.

Table of Contents

• Trigger Phrases
• Quick Start
• Tools
• Workflows
• Reference Guides
• Validation Checkpoints

Trigger Phrases

Use this skill when you hear:

• "implement ISO 27001"
• "ISMS implementation"
• "security risk assessment"
• "information security policy"
• "ISO 27001 certification"
• "security controls implementation"
• "incident response plan"
• "healthcare data security"
• "medical device cybersecurity"
• "security compliance audit"

Quick Start

Run Security Risk Assessment

python scripts/risk_assessment.py --scope "patient-data-system" --output risk_register.json

Check Compliance Status

python scripts/compliance_checker.py --standard iso27001 --controls-file controls.csv

Generate Gap Analysis Report

python scripts/compliance_checker.py --standard iso27001 --gap-analysis --output gaps.md

Tools

risk_assessment.py

Automated security risk assessment following ISO 27001 Clause 6.1.2 methodology.

Usage:

# Full risk assessment
python scripts/risk_assessment.py --scope "cloud-infrastructure" --output risks.json

# Healthcare-specific assessment
python scripts/risk_assessment.py --scope "ehr-system" --template healthcare --output risks.json

# Quick asset-based assessment
python scripts/risk_assessment.py --assets assets.csv --output risks.json

Parameters:

Output:

• Asset inventory with classification
• Threat and vulnerability mapping
• Risk scores (likelihood × impact)
• Treatment recommendations
• Residual risk calculations

compliance_checker.py

Verify ISO 27001/27002 control implementation status.

Usage:

# Check all ISO 27001 controls
python scripts/compliance_checker.py --standard iso27001

# Gap analysis with recommendations
python scripts/compliance_checker.py --standard iso27001 --gap-analysis

# Check specific control domains
python scripts/compliance_checker.py --standard iso27001 --domains "access-control,cryptography"

# Export compliance report
python scripts/compliance_checker.py --standard iso27001 --output compliance_report.md

Parameters:

Output:

• Control implementation status
• Compliance percentage by domain
• Gap analysis with priorities
• Remediation recommendations

Workflows

Workflow 1: ISMS Implementation

Step 1: Define Scope and Context

Document organizational context and ISMS boundaries:

• Identify interested parties and requirements
• Define ISMS scope and boundaries
• Document internal/external issues

Validation: Scope statement reviewed and approved by management.

Step 2: Conduct Risk Assessment

python scripts/risk_assessment.py --scope "full-organization" --template general --output initial_risks.json

• Identify information assets
• Assess threats and vulnerabilities
• Calculate risk levels
• Determine risk treatment options

Validation: Risk register contains all critical assets with assigned owners.

Step 3: Select and Implement Controls

Map risks to ISO 27002 controls:

python scripts/compliance_checker.py --standard iso27002 --gap-analysis --output control_gaps.md

Control categories:

• Organizational (policies, roles, responsibilities)
• People (screening, awareness, training)
• Physical (perimeters, equipment, media)
• Technological (access, crypto, network, application)

Validation: Statement of Applicability (SoA) documents all controls with justification.

Step 4: Establish Monitoring

Define security metrics:

• Incident count and severity trends
• Control effectiveness scores
• Training completion rates
• Audit findings closure rate

Validation: Dashboard shows real-time compliance status.

Workflow 2: Security Risk Assessment

Step 1: Asset Identification

Create asset inventory:

Validation: All assets have assigned owners and classifications.

Step 2: Threat Analysis

Identify threats per asset category:

Validation: Threat model covers top-10 industry threats.

Step 3: Vulnerability Assessment

python scripts/risk_assessment.py --scope "network-infrastructure" --output vuln_risks.json

Document vulnerabilities:

• Technical (unpatched systems, weak configs)
• Process (missing procedures, gaps)
• People (lack of training, insider risk)

Validation: Vulnerability scan results mapped to risk register.

Step 4: Risk Evaluation and Treatment

Calculate risk: Risk = Likelihood × Impact

Validation: All high/critical risks have approved treatment plans.

Workflow 3: Incident Response

Step 1: Detection and Reporting

Incident categories:

• Security breach (unauthorized access)
• Malware infection
• Data leakage
• System compromise
• Policy violation

Validation: Incident logged within 15 minutes of detection.

Step 2: Triage and Classification

Validation: Severity assigned and escalation triggered if needed.

Step 3: Containment and Eradication

Immediate actions:

1. Isolate affected systems
2. Preserve evidence
3. Block threat vectors
4. Remove malicious artifacts

Validation: Containment confirmed, no ongoing compromise.

Step 4: Recovery and Lessons Learned

Post-incident activities:

1. Restore systems from clean backups
2. Verify integrity before reconnection
3. Document timeline and actions
4. Conduct post-incident review
5. Update controls and procedures

Validation: Post-incident report completed within 5 business days.

Reference Guides

When to Use Each Reference

references/iso27001-controls.md

• Control selection for SoA
• Implementation guidance
• Evidence requirements
• Audit preparation

references/risk-assessment-guide.md

• Risk methodology selection
• Asset classification criteria
• Thre