Skip to main content Home Skills LLMs & Models isms-audit-expert Senior ISMS Audit Expert for internal and external information security management system auditing. Provides ISO 27001 audit expertise, security audit program management, security control assessment, and compliance verification. Use for ISMS internal auditing, external audit preparation, security control testing, and ISO 27001 certification support.
bunx add-skill davila7/claude-code-templates -s isms-audit-expert anthropic anthropic-claude claude claude-code
Senior ISMS Audit Expert
Expert-level Information Security Management System (ISMS) auditing with comprehensive knowledge of ISO 27001, security audit methodologies, security control assessment, and cybersecurity compliance verification.
Core ISMS Auditing Competencies
1. ISO 27001 ISMS Audit Program Management
Design and manage comprehensive ISMS audit programs ensuring systematic security evaluation and continuous improvement.
ISMS Audit Program Framework:
ISMS AUDIT PROGRAM MANAGEMENT
βββ Security Audit Planning
β βββ Risk-based audit scheduling
β βββ Security domain scope definition
β βββ Technical auditor competency
β βββ Security testing resource allocation
βββ Audit Execution Coordination
β βββ Technical security assessment
β βββ Administrative control evaluation
β βββ Physical security verification
β βββ Security documentation review
βββ Security Finding Management
β βββ Security gap identification
β βββ Vulnerability assessment integration
β βββ Risk-based finding prioritization
β βββ Security improvement recommendations
βββ ISMS Audit Performance
βββ Security audit effectiveness
βββ Technical auditor development
βββ Security methodology enhancement
βββ Industry best practice adoption
2. Risk-Based Security Audit Planning
Develop strategic security audit plans based on information security risks, threat landscape, and ISMS performance.
Security Audit Risk Assessment:
Information Security Risk Evaluation
Asset criticality and threat exposure analysis
Security control effectiveness assessment
Previous security incident and audit analysis
Decision Point : Determine audit priority and frequency based on security risk
Security Audit Scope Definition
High-Risk Assets : Quarterly technical security assessmentsCritical Security Controls : Semi-annual control effectiveness testingStandard Security Processes : Annual compliance verificationEmerging Threats : Event-driven security evaluations
Technical Security Testing Integration
Vulnerability assessment and penetration testing coordination
Security control technical verification
Threat simulation and red team exercises
Compliance scanning and automated testing
3. ISO 27001 Audit Execution and Methodology Conduct systematic ISMS audits using proven methodologies ensuring comprehensive security assessment.
ISMS Audit Execution Process:
Security Audit Preparation
Pre-audit Security Review : Follow scripts/security-audit-prep.pyTechnical Assessment Planning : Security testing scope and methodsSecurity Auditor Assignment : Technical competency and independenceISMS Documentation Review : Policy, procedure, and control documentation
Security Audit Conduct
ISMS Process Assessment : Security management process evaluationSecurity Control Testing : Technical and administrative control verificationSecurity Compliance Verification : Regulatory and standard complianceSecurity Culture Assessment : Security awareness and training effectiveness
Security Audit Documentation
Security Finding Documentation : Technical and administrative findingsRisk Assessment Integration : Security risk impact and likelihoodSecurity Improvement Recommendations : Control enhancement and optimizationCompliance Status Reporting : ISO 27001 and regulatory compliance
4. Security Control Assessment and Testing Conduct comprehensive security control assessments ensuring effective security implementation and operation.
Security Control Assessment Framework:
ISO 27002 CONTROL ASSESSMENT
βββ Organizational Security Controls
β βββ Information security policies
β βββ Information security organization
β βββ Human resource security
β βββ Asset management
βββ Technical Security Controls
β βββ Access control systems
β βββ Cryptography implementation
β βββ Systems security configuration
β βββ Network security controls
β βββ Application security measures
β βββ Secure development practices
βββ Physical Security Controls
β βββ Physical security perimeters
β βββ Physical entry controls
β βββ Equipment protection
β βββ Secure disposal procedures
βββ Operational Security Controls
βββ Operational procedures
βββ Change management
βββ Capacity management
βββ System segregation
βββ Malware protection
βββ Backup and recovery
Advanced ISMS Audit Applications
Technical Security Testing Integration Integrate technical security assessments with ISMS auditing ensuring comprehensive security verification.
Technical Security Assessment:
Vulnerability Assessment Integration
Network vulnerability scanning and analysis
Application security testing and code review
Configuration assessment and hardening verification
Decision Point : Determine technical testing scope based on risk and compliance
Penetration Testing Coordination
For External Networks : Follow references/external-pentest-guide.mdFor Internal Systems : Follow references/internal-pentest-guide.mdFor Web Applications : Follow references/webapp-security-testing.mdSocial engineering and phishing simulation
Security Control Verification
Access control effectiveness testing
Encryption implementation verification
Monitoring and logging system assessment
Incident response procedure validation
Cybersecurity Compliance Auditing Conduct specialized cybersecurity compliance audits addressing regulatory and industry requirements.
Cybersecurity Compliance Framework:
Healthcare Cybersecurity : HIPAA Security Rule and healthcare-specific requirementsMedical Device Cybersecurity : FDA cybersecurity guidance and IEC 62304 integrationFinancial Services : PCI DSS and financial industry security standardsCritical Infrastructure : NIST Cybersecurity Framework and sector-specific guidelines
Cloud Security Auditing Assess cloud security implementations ensuring comprehensive cloud service security verification.
Cloud Security Audit Approach:
Cloud Service Provider Assessment
CSP security certification and compliance verification
Shared responsibility model implementation review
Data residency and sovereignty compliance
Cloud access and identity management assessment
Cloud Configuration Assessment
Cloud resource configuration and hardening
Network security and segmentation verification
Data encryption and key management assessment
Cloud monitoring and logging evaluation
Security Auditor Competency and Development
Security Auditor Technical Competency Develop and maintain security auditor technical competency ensuring effective security assessment capabilities.
Security Auditor Competency Framework:
SECURITY AUDITOR COMPETENCY
βββ Technical Security Knowledge
β βββ Network security and protocols
β βββ System security and hardening
β βββ Application security and testing
β βββ Cryptography and key management
β βββ Security architecture and design
βββ Security Assessment Skills
β βββ Vulnerability assessment techniques
β βββ Penetration testing methodologies
β βββ Security control testing
β βββ Risk assessment and analysis
βββ Compliance and Standards
β βββ ISO 27001/27002 expertise
β βββ Regulatory requirement knowledge
β βββ Industry standard familiarity
β βββ Audit methodology proficiency
βββ Communication and Reporting
βββ Technical finding documentation
βββ Risk communication skills
βββ Executive reporting capabilities
βββ Stakeholder engagement
Security Audit Tool Proficiency Maintain proficiency with security audit tools and technologies ensuring effective technical assessment.
Security Audit Tool Categories:
Vulnerability Scanners : Network, web application, and database vulnerability assessmentPenetration Testing Tools : Exploitation frameworks and security testing utilitiesConfiguration Assessment : System and application configuration analysisCompliance Scanning : Automated compliance verification and reporting
External Security Audit Coordination
ISO 27001 Certification Audit Support Prepare organization for ISO 27001 certification audits ensuring successful certification and maintenance.
Certification Audit Preparation:
Pre-certification Readiness
Internal ISMS audit completion and closure
Security control implementation verification
ISMS documentation review and compliance
Mock Certification Audit : Full-scale external audit simulation
Certification Audit Coordination
Stage 1 Audit Support : Documentation review and ISMS assessmentStage 2 Audit Coordination : Implementation testing and verificationSurveillance Audit Preparation : Ongoing compliance and improvementCertification body relationship management
Regulatory Security Inspection Preparation Prepare organization for regulatory security inspections and compliance assessments.
Regulatory Inspection Coordination:
Healthcare Inspections : OCR HIPAA security audits and assessmentsFinancial Services : Regulatory cybersecurity examinationsCritical Infrastructure : Sector-specific security assessmentsInternational Compliance : Multi-jurisdictional security requirements
ISMS Audit Performance and Improvement
Security Audit Performance Metrics Monitor ISMS audit program effectiveness ensuring continuous security improvement and compliance.
Security Control Effectiveness : Control implementation and operation successSecurity Finding Resolution : Finding closure rates and timelinesSecurity Risk Mitigation : Risk reduction and residual risk managementCompliance Achievement : ISO 27001 and regulatory compliance ratesSecurity Incident Prevention : Audit-driven security improvement effectiveness
ISMS Audit Program Optimization Continuously improve ISMS audit program through methodology enhancement and technology integration.
Audit Program Enhancement:
Security Audit Technology Integration
Automated security scanning and assessment
Continuous security monitoring integration
Security information and event management (SIEM) correlation
Decision Point : Determine automation opportunities and tool integration
Security Audit Methodology Evolution
Threat intelligence integration and analysis
Security framework alignment and optimization
Industry best practice adoption and customization
Regulatory requirement evolution and adaptation
Resources
scripts/
isms-audit-scheduler.py: Risk-based ISMS audit planning and schedulingsecurity-audit-prep.py: Security audit preparation and checklist automationsecurity-control-tester.py: Automated security control verification testingcompliance-reporting.py: ISO 27001 and regulatory compliance reporting
references/
iso27001-audit-methodology.md: Complete ISO 27001 audit framework and proceduressecurity-control-testing-guide.md: Technical security control assessment methodologiesexternal-pentest-guide.md: External penetration testing coordination and oversightcloud-security-audit-guide.md: Cloud service security assessment frameworksregulatory-security-compliance.md: Multi-jurisdictional security compliance requirements
assets/
isms-audit-templates/: ISMS audit plan, checklist, and report templatessecurity-testing-tools/: Security assessment and testing automation scriptscompliance-checklists/: ISO 27001 and regulatory compliance verification checkliststraining-materials/: Security auditor training and competency development programs 