MCP.directory

ciso-assistant-bootstrap

by intuitem
0
0
Source

Bootstrap CISO Assistant for new users by guiding them through initial setup. Use when: (1) User wants to set up CISO Assistant from scratch (2) User mentions "bootstrap", "initial setup", "getting started", or "onboarding" with CISO Assistant (3) User needs help creating their organizational structure, loading frameworks, or configuring risk assessments Covers: domains/folders, perimeters, industry-based framework selection, assets, risk assessment type (qualitative vs quantitative), third-party entities and solutions, and compliance vs risk focus.

Install

mkdir -p .claude/skills/ciso-assistant-bootstrap && curl -L -o skill.zip "https://mcp.directory/api/skills/download/5906" && unzip -o skill.zip -d .claude/skills/ciso-assistant-bootstrap && rm skill.zip

Installs to .claude/skills/ciso-assistant-bootstrap

About this skill

CISO Assistant Bootstrap

Guide users through CISO Assistant initial setup using MCP server tools.

Prerequisites

Before starting:

  1. Verify MCP server connectivity - Check that ciso-assistant MCP server is available in your tools. Test with:

    get_folders()  # Should return a list of folders

  2. If MCP tools are not available:

    • Ask user to verify MCP server is configured in their Claude Code settings
    • Check .mcp.json or MCP configuration includes ciso-assistant server
    • Ensure API_URL and TOKEN environment variables are set
    • As a last resort, fall back to direct API calls (see Fallback section)

  3. Backend must be running - CISO Assistant backend at the configured API_URL

Bootstrap Flow

Always use MCP tools as the primary method. They provide:

  • Automatic name-to-ID resolution (no need to track UUIDs)
  • Better error handling with guidance
  • Consistent response formatting

1. Gather Information

Ask the user about:

Organization Structure

  • Domain name(s) and hierarchy (e.g., "IT Security", "Compliance", "Operations")
  • Perimeter(s) for each domain (assessment scopes)

Focus Area

  • Compliance-focused (framework audits)
  • Risk-focused (risk assessments)
  • Both

Industry (for framework recommendations)

Risk Assessment Type (if risk-focused or both)

  • Qualitative (matrix-based): most common approach, uses probability/impact scales (3x3, 4x4, 5x5)
  • Quantitative: advanced monetary modeling with distributions, Monte Carlo simulations

Assets

  • Primary assets (PR): core business assets (data, applications, processes)
  • Supporting assets (SP): infrastructure supporting primary assets

Third Parties (if applicable)

  • Critical vendors/suppliers (entities)
  • Solutions they provide
  • Criticality level (0-4)

2. Create Resources via MCP (Order Matters)

Execute MCP tools in this order:

1. create_folder(name, description)
   └─ 2. create_perimeter(name, description, folder)
         └─ 3. create_asset(name, description, asset_type, folder)
         └─ 4. import_stored_library(library_urn)
         └─ 5a. create_risk_assessment(name, risk_matrix, perimeter)
         └─ 5b. create_compliance_assessment(name, framework, perimeter)
         └─ 6. create_entity(name, folder, ...)
               └─ 7. create_solution(name, provider_entity, criticality, assets)

Note: MCP tools accept names directly (e.g., folder="My Domain") - no need to look up IDs first.

3. Key MCP Tools

Organization:

  • create_folder(name, description, parent_folder) - Create domain
  • create_perimeter(name, description, folder) - Create assessment scope

Assets:

  • create_asset(name, description, asset_type, folder) - asset_type: "PR" or "SP"

Frameworks:

  • get_stored_libraries(object_type="framework") - List available frameworks
  • import_stored_library(library_urn) - Load framework (e.g., "urn:intuitem:risk:library:iso27001-2022")

Risk Assessment (Qualitative):

  • get_risk_matrices() - List available matrices
  • create_risk_assessment(name, risk_matrix, perimeter) - Create assessment

Risk Assessment (Quantitative):

  • create_quantitative_risk_study(name, distribution_model, loss_threshold, ...) - Create study

Compliance:

  • create_compliance_assessment(name, framework, perimeter) - Create audit

TPRM:

  • create_entity(name, folder, description, country, currency, default_dependency, default_maturity, default_trust) - Create vendor
  • create_solution(name, provider_entity, criticality, assets) - Create service
  • create_representative(email, entity, first_name, last_name, role) - Create contact

4. Example Bootstrap Session

User: "I want to set up CISO Assistant for my healthcare startup"

1. Verify MCP connectivity:
   get_folders()  # Confirm MCP server responds

2. Ask clarifying questions:
   - "What domains do you need? (e.g., IT, Compliance, Operations)"
   - "Are you focused on compliance, risk management, or both?"
   - "Do you prefer qualitative (matrix-based) or quantitative risk assessment?"
   - "What are your critical assets? (applications, databases, etc.)"
   - "Do you have critical third-party vendors to track?"

3. Based on healthcare industry, recommend:
   - HIPAA-related frameworks
   - ISO 27001:2022
   - NIST CSF 2.0

4. Create resources via MCP tools:
   create_folder("HealthTech Corp", "Main organization domain")
   create_perimeter("Production Environment", "Production systems scope", folder="HealthTech Corp")
   create_asset("Patient Portal", "Main patient-facing application", "PR", folder="HealthTech Corp")
   create_asset("AWS Infrastructure", "Cloud hosting", "SP", folder="HealthTech Corp")
   import_stored_library("urn:intuitem:risk:library:iso27001-2022")
   create_compliance_assessment("ISO 27001 Audit 2025", framework="ISO 27001:2022", perimeter="Production Environment")
   create_entity("AWS", folder="HealthTech Corp", description="Cloud provider")
   create_solution("Cloud Hosting", provider_entity="AWS", criticality=3, assets=["AWS Infrastructure"])

Risk Matrix Selection

For qualitative assessments, help user choose:

MatrixUse Case
3x3Simple, quick assessments
4x4Balanced granularity
5x5Detailed, enterprise-grade

Use get_risk_matrices() to list available options.

Validation

After setup, verify with MCP tools:

  • get_folders() - Confirm domains created
  • get_perimeters(folder) - Confirm scopes
  • get_assets(folder) - Confirm assets
  • get_loaded_libraries() - Confirm frameworks loaded
  • get_entities(folder) - Confirm third parties

Fallback: Direct API Calls

Only use if MCP tools are unavailable. Requires manual UUID tracking.

Read token from .mcp.json or ask user for it, then:

# Create folder
curl -X POST "http://localhost:8000/api/folders/" \
  -H "Authorization: Token <TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{"name": "My Domain", "description": "..."}'

# Create perimeter (requires folder UUID from previous response)
curl -X POST "http://localhost:8000/api/perimeters/" \
  -H "Authorization: Token <TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{"name": "common", "folder": "<folder_uuid>"}'

# Similar pattern for other endpoints:
# POST /api/assets/
# POST /api/stored-libraries/<urn>/import/
# POST /api/risk-assessments/
# POST /api/compliance-assessments/
# POST /api/entities/
# POST /api/solutions/

More by intuitem

View all skills by intuitem

ciso-assistant-basic-risk-assessment

intuitem

Guide users through a basic risk assessment workflow in CISO Assistant, from asset identification to scenario creation. Use when: (1) User wants to start a risk assessment from scratch (2) User mentions "risk assessment", "identify risks", "threat scenarios", or "risk register" (3) User asks about qualitative vs quantitative risk approaches (4) User needs help identifying assets, threats, or creating risk scenarios Covers: risk approach selection (qualitative/quantitative), organizational context gathering, asset identification (primary/supporting), threat catalog usage, scenario generation from threat-asset combinations, risk assessment/study creation.

130

You might also like

flutter-development

aj-geddes

Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.

643969

drawio-diagrams-enhanced

jgtolentino

Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.

591705

ui-ux-pro-max

nextlevelbuilder

"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."

318398

godot

bfollington

This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.

339397

nano-banana-pro

garg-aayush

Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.

451339

fastapi-templates

wshobson

Create production-ready FastAPI projects with async patterns, dependency injection, and comprehensive error handling. Use when building new FastAPI applications or setting up backend API projects.

304231

Related MCP Servers

Browse all servers
Google CloudGoogle Cloud

Effortlessly manage Google Cloud with this user-friendly multi cloud management platform—simplify operations, automate t

7010 tools
Mailgun MCP ServerMailgun MCP Server

Mailgun MCP Server lets AI assistants send emails via the Mailgun API and view email delivery analytics for seamless AI

470 tools
Zilliz MCP ServerZilliz MCP Server

Zilliz MCP Server: AI agents manage Milvus vector databases and Zilliz Cloud via natural language—create clusters, inser

320 tools
Dynatrace Managed MCP ServerDynatrace Managed MCP Server

Dynatrace Managed MCP Server delivers AI-driven access to self-hosted monitoring and observability platform, AIOps insig

160 tools
JIRAJIRA

Easily manage and track issues with JIRA software. Integrate AI assistants for seamless Jira bug tracker management with

20 tools
PingOne Advanced Identity Cloud MCP ServerPingOne Advanced Identity Cloud MCP Server

AI-ready PingOne Advanced Identity Cloud MCP Server — securely manage users, customize auth themes, query identity data,

10 tools

Stay ahead of the MCP ecosystem

Get weekly updates on new skills and servers.