MCP.directory

isms-audit-expert

by davila7
13
4
Source

Senior ISMS Audit Expert for internal and external information security management system auditing. Provides ISO 27001 audit expertise, security audit program management, security control assessment, and compliance verification. Use for ISMS internal auditing, external audit preparation, security control testing, and ISO 27001 certification support.

Install

mkdir -p .claude/skills/isms-audit-expert && curl -L -o skill.zip "https://mcp.directory/api/skills/download/2279" && unzip -o skill.zip -d .claude/skills/isms-audit-expert && rm skill.zip

Installs to .claude/skills/isms-audit-expert

About this skill

Senior ISMS Audit Expert

Expert-level Information Security Management System (ISMS) auditing with comprehensive knowledge of ISO 27001, security audit methodologies, security control assessment, and cybersecurity compliance verification.

Core ISMS Auditing Competencies

1. ISO 27001 ISMS Audit Program Management

Design and manage comprehensive ISMS audit programs ensuring systematic security evaluation and continuous improvement.

ISMS Audit Program Framework:

ISMS AUDIT PROGRAM MANAGEMENT
├── Security Audit Planning
│   ├── Risk-based audit scheduling
│   ├── Security domain scope definition
│   ├── Technical auditor competency
│   └── Security testing resource allocation
├── Audit Execution Coordination
│   ├── Technical security assessment
│   ├── Administrative control evaluation
│   ├── Physical security verification
│   └── Security documentation review
├── Security Finding Management
│   ├── Security gap identification
│   ├── Vulnerability assessment integration
│   ├── Risk-based finding prioritization
│   └── Security improvement recommendations
└── ISMS Audit Performance
    ├── Security audit effectiveness
    ├── Technical auditor development
    ├── Security methodology enhancement
    └── Industry best practice adoption

2. Risk-Based Security Audit Planning

Develop strategic security audit plans based on information security risks, threat landscape, and ISMS performance.

Security Audit Risk Assessment:

  1. Information Security Risk Evaluation

    • Asset criticality and threat exposure analysis
    • Security control effectiveness assessment
    • Previous security incident and audit analysis
    • Decision Point: Determine audit priority and frequency based on security risk

  2. Security Audit Scope Definition

    • High-Risk Assets: Quarterly technical security assessments
    • Critical Security Controls: Semi-annual control effectiveness testing
    • Standard Security Processes: Annual compliance verification
    • Emerging Threats: Event-driven security evaluations

  3. Technical Security Testing Integration

    • Vulnerability assessment and penetration testing coordination
    • Security control technical verification
    • Threat simulation and red team exercises
    • Compliance scanning and automated testing

3. ISO 27001 Audit Execution and Methodology

Conduct systematic ISMS audits using proven methodologies ensuring comprehensive security assessment.

ISMS Audit Execution Process:

  1. Security Audit Preparation

    • Pre-audit Security Review: Follow scripts/security-audit-prep.py
    • Technical Assessment Planning: Security testing scope and methods
    • Security Auditor Assignment: Technical competency and independence
    • ISMS Documentation Review: Policy, procedure, and control documentation

  2. Security Audit Conduct

    • ISMS Process Assessment: Security management process evaluation
    • Security Control Testing: Technical and administrative control verification
    • Security Compliance Verification: Regulatory and standard compliance
    • Security Culture Assessment: Security awareness and training effectiveness

  3. Security Audit Documentation

    • Security Finding Documentation: Technical and administrative findings
    • Risk Assessment Integration: Security risk impact and likelihood
    • Security Improvement Recommendations: Control enhancement and optimization
    • Compliance Status Reporting: ISO 27001 and regulatory compliance

4. Security Control Assessment and Testing

Conduct comprehensive security control assessments ensuring effective security implementation and operation.

Security Control Assessment Framework:

ISO 27002 CONTROL ASSESSMENT
├── Organizational Security Controls
│   ├── Information security policies
│   ├── Information security organization
│   ├── Human resource security
│   └── Asset management
├── Technical Security Controls
│   ├── Access control systems
│   ├── Cryptography implementation
│   ├── Systems security configuration
│   ├── Network security controls
│   ├── Application security measures
│   └── Secure development practices
├── Physical Security Controls
│   ├── Physical security perimeters
│   ├── Physical entry controls
│   ├── Equipment protection
│   └── Secure disposal procedures
└── Operational Security Controls
    ├── Operational procedures
    ├── Change management
    ├── Capacity management
    ├── System segregation
    ├── Malware protection
    └── Backup and recovery

Advanced ISMS Audit Applications

Technical Security Testing Integration

Integrate technical security assessments with ISMS auditing ensuring comprehensive security verification.

Technical Security Assessment:

  1. Vulnerability Assessment Integration

    • Network vulnerability scanning and analysis
    • Application security testing and code review
    • Configuration assessment and hardening verification
    • Decision Point: Determine technical testing scope based on risk and compliance

  2. Penetration Testing Coordination

    • For External Networks: Follow references/external-pentest-guide.md
    • For Internal Systems: Follow references/internal-pentest-guide.md
    • For Web Applications: Follow references/webapp-security-testing.md
    • Social engineering and phishing simulation

  3. Security Control Verification

    • Access control effectiveness testing
    • Encryption implementation verification
    • Monitoring and logging system assessment
    • Incident response procedure validation

Cybersecurity Compliance Auditing

Conduct specialized cybersecurity compliance audits addressing regulatory and industry requirements.

Cybersecurity Compliance Framework:

  • Healthcare Cybersecurity: HIPAA Security Rule and healthcare-specific requirements
  • Medical Device Cybersecurity: FDA cybersecurity guidance and IEC 62304 integration
  • Financial Services: PCI DSS and financial industry security standards
  • Critical Infrastructure: NIST Cybersecurity Framework and sector-specific guidelines

Cloud Security Auditing

Assess cloud security implementations ensuring comprehensive cloud service security verification.

Cloud Security Audit Approach:

  1. Cloud Service Provider Assessment

    • CSP security certification and compliance verification
    • Shared responsibility model implementation review
    • Data residency and sovereignty compliance
    • Cloud access and identity management assessment

  2. Cloud Configuration Assessment

    • Cloud resource configuration and hardening
    • Network security and segmentation verification
    • Data encryption and key management assessment
    • Cloud monitoring and logging evaluation

Security Auditor Competency and Development

Security Auditor Technical Competency

Develop and maintain security auditor technical competency ensuring effective security assessment capabilities.

Security Auditor Competency Framework:

SECURITY AUDITOR COMPETENCY
├── Technical Security Knowledge
│   ├── Network security and protocols
│   ├── System security and hardening
│   ├── Application security and testing
│   ├── Cryptography and key management
│   └── Security architecture and design
├── Security Assessment Skills
│   ├── Vulnerability assessment techniques
│   ├── Penetration testing methodologies
│   ├── Security control testing
│   └── Risk assessment and analysis
├── Compliance and Standards
│   ├── ISO 27001/27002 expertise
│   ├── Regulatory requirement knowledge
│   ├── Industry standard familiarity
│   └── Audit methodology proficiency
└── Communication and Reporting
    ├── Technical finding documentation
    ├── Risk communication skills
    ├── Executive reporting capabilities
    └── Stakeholder engagement

Security Audit Tool Proficiency

Maintain proficiency with security audit tools and technologies ensuring effective technical assessment.

Security Audit Tool Categories:

  • Vulnerability Scanners: Network, web application, and database vulnerability assessment
  • Penetration Testing Tools: Exploitation frameworks and security testing utilities
  • Configuration Assessment: System and application configuration analysis
  • Compliance Scanning: Automated compliance verification and reporting

External Security Audit Coordination

ISO 27001 Certification Audit Support

Prepare organization for ISO 27001 certification audits ensuring successful certification and maintenance.

Certification Audit Preparation:

  1. Pre-certification Readiness

    • Internal ISMS audit completion and closure
    • Security control implementation verification
    • ISMS documentation review and compliance
    • Mock Certification Audit: Full-scale external audit simulation

  2. Certification Audit Coordination

    • Stage 1 Audit Support: Documentation review and ISMS assessment
    • Stage 2 Audit Coordination: Implementation testing and verification
    • Surveillance Audit Preparation: Ongoing compliance and improvement
    • Certification body relationship management

Regulatory Security Inspection Preparation

Prepare organization for regulatory security inspections and compliance assessments.

Regulatory Inspection Coordination:

  • Healthcare Inspections: OCR HIPAA security audits and assessments
  • Financial Services: Regulatory cybersecurity examinations
  • Critical Infrastructure: Sector-specific security assessments
  • International Compliance: Multi-jurisdictional security requirements

ISMS Audit Performance and Improvement

Security Audit Performance Metrics

Monitor ISMS audit program effectiveness ensuring continuous security improvement and compliance.

Security Audit KPIs:

  • Security Control Effectiveness: Control implementation and operation success
  • Security Finding Resolution: Finding closure rates and timelines
  • **Security Risk Miti

Content truncated.

More by davila7

View all skills by davila7

software-architecture

davila7

Guide for quality focused software architecture. This skill should be used when users want to write code, design architecture, analyze code, in any case that relates to software development.

539194

planning-with-files

davila7

Implements Manus-style file-based planning for complex tasks. Creates task_plan.md, findings.md, and progress.md. Use when starting complex multi-step tasks, research projects, or any task requiring >5 tool calls.

85114

scroll-experience

davila7

Expert in building immersive scroll-driven experiences - parallax storytelling, scroll animations, interactive narratives, and cinematic web experiences. Like NY Times interactives, Apple product pages, and award-winning web experiences. Makes websites feel like experiences, not just pages. Use when: scroll animation, parallax, scroll storytelling, interactive story, cinematic website.

13087

humanizer

davila7

Remove signs of AI-generated writing from text. Use when editing or reviewing text to make it sound more natural and human-written. Based on Wikipedia's comprehensive "Signs of AI writing" guide. Detects and fixes patterns including: inflated symbolism, promotional language, superficial -ing analyses, vague attributions, em dash overuse, rule of three, AI vocabulary words, negative parallelisms, and excessive conjunctive phrases. Credits: Original skill by @blader - https://github.com/blader/humanizer

11659

game-development

davila7

Game development orchestrator. Routes to platform-specific skills based on project needs.

15249

telegram-bot-builder

davila7

Expert in building Telegram bots that solve real problems - from simple automation to complex AI-powered bots. Covers bot architecture, the Telegram Bot API, user experience, monetization strategies, and scaling bots to thousands of users. Use when: telegram bot, bot api, telegram automation, chat bot telegram, tg bot.

10349

You might also like

flutter-development

aj-geddes

Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.

1,6881,430

ui-ux-pro-max

nextlevelbuilder

"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."

1,2721,337

drawio-diagrams-enhanced

jgtolentino

Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.

1,5471,153

godot

bfollington

This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.

1,359809

nano-banana-pro

garg-aayush

Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.

1,269732

pdf-to-markdown

aliceisjustplaying

Convert entire PDF documents to clean, structured Markdown for full context loading. Use this skill when the user wants to extract ALL text from a PDF into context (not grep/search), when discussing or analyzing PDF content in full, when the user mentions "load the whole PDF", "bring the PDF into context", "read the entire PDF", or when partial extraction/grepping would miss important context. This is the preferred method for PDF text extraction over page-by-page or grep approaches.

1,498687

Related MCP Servers

Browse all servers
React Native Development GuideReact Native Development Guide

Get expert React Native software guidance with tools for component analysis, performance, debugging, and migration betwe

3913 tools
Houtini LMHoutini LM

Houtini LM delivers advanced prompt engineering with 35+ functions for code analysis, generation, security audits, and d

110 tools
Desktop CommanderDesktop Commander

Desktop Commander MCP unifies code management with advanced source control, git, and svn support—streamlining developmen

5,63026 tools
Google CloudGoogle Cloud

Effortlessly manage Google Cloud with this user-friendly multi cloud management platform—simplify operations, automate t

7010 tools
Scrapling FetchScrapling Fetch

Scrapling Fetch enables secure web scraping with three protection levels to scrape any website and access content blocke

682 tools
PerplexityPerplexity

Perplexity offers an AI powered coding assistant with persistent chat and expert programming help, integrating seamlessl

670 tools