intuitem

ciso-assistant-basic-risk-assessment

@intuitem/ciso-assistant-basic-risk-assessment
intuitem
3,494
580 forks
Updated 1/18/2026
View on GitHub

Guide users through a basic risk assessment workflow in CISO Assistant, from asset identification to scenario creation. Use when: (1) User wants to start a risk assessment from scratch (2) User mentions "risk assessment", "identify risks", "threat scenarios", or "risk register" (3) User asks about qualitative vs quantitative risk approaches (4) User needs help identifying assets, threats, or creating risk scenarios Covers: risk approach selection (qualitative/quantitative), organizational context gathering, asset identification (primary/supporting), threat catalog usage, scenario generation from threat-asset combinations, risk assessment/study creation.

Installation

$skills install @intuitem/ciso-assistant-basic-risk-assessment
Claude Code
Cursor
Copilot
Codex
Antigravity

Details

Repositoryintuitem/ciso-assistant-community
Path.claude/skills/ciso-assistant-basic-risk-assessment/SKILL.md
Branchmain
Scoped Name@intuitem/ciso-assistant-basic-risk-assessment

Usage

After installing, this skill will be available to your AI coding assistant.

Verify installation:

skills list

Skill Instructions

name: ciso-assistant-basic-risk-assessment description: | Guide users through a basic risk assessment workflow in CISO Assistant, from asset identification to scenario creation. Use when: (1) User wants to start a risk assessment from scratch (2) User mentions "risk assessment", "identify risks", "threat scenarios", or "risk register" (3) User asks about qualitative vs quantitative risk approaches (4) User needs help identifying assets, threats, or creating risk scenarios

Covers: risk approach selection (qualitative/quantitative), organizational context gathering, asset identification (primary/supporting), threat catalog usage, scenario generation from threat-asset combinations, risk assessment/study creation.

CISO Assistant Basic Risk Assessment

Guide users through risk assessment setup using MCP server tools.

Prerequisites

  1. Verify MCP server connectivity - Test with get_folders()
  2. Backend must be running - CISO Assistant backend at configured URL
  3. If MCP tools unavailable - Fall back to direct API calls (see bootstrap skill)

Key Principles

Always Pass folder_id for Scoping

When creating objects, always pass folder_id to scope lookups and avoid ambiguity errors when objects with the same name exist in different folders.

# CORRECT - folder_id scopes all lookups to ACME folder
create_risk_scenario(
  name="Ransomware on Customer Data",
  risk_assessment_id="ACME Risk Assessment 2025",
  folder_id="ACME",  # <- Scopes asset/threat lookups
  assets=["Customer Data"],
  threats=["Ransomware"],
  threat_library="urn:intuitem:risk:library:intuitem-common-catalog"
)

Always Use threat_library for Threat Lookups

Threats exist in multiple libraries (intuitem catalog, MITRE ATT&CK, etc.). Always specify the library:

threat_library="urn:intuitem:risk:library:intuitem-common-catalog"

Include Relevance in Scenario Descriptions

Always explain why a scenario matters for this specific organization:

"Ransomware attack encrypting customer data, leading to service disruption.
Relevance: GDPR breach implications with mandatory 72-hour notification
and potential fines up to 4% of annual revenue."

Workflow

Step 1: Choose Risk Approach

Ask the user which approach they prefer:

ApproachDescriptionBest For
QualitativeProbability/impact scales (Low/Medium/High), 4x4 or 5x5 matrixInitial assessments, stakeholder communication
QuantitativeMonetary values, Monte Carlo simulations, ALE calculationsMature orgs, budget justification, executive reporting

Step 2: Gather Organizational Context

Ask about:

  • Industry: healthcare, financial, tech/SaaS, retail, manufacturing, government
  • Size: small (1-50), medium (50-500), large (500+)
  • Region: for regulatory context (EU → GDPR, US healthcare → HIPAA, etc.)
  • Cloud: AWS/Azure/GCP, SaaS-heavy or on-premise
  • Compliance: specific requirements (HIPAA, PCI-DSS, GDPR, SOC2, ISO 27001)

Step 3: Create Domain and Perimeter

# 1. Create folder (domain)
create_folder(name="ACME", description="ACME Corp - Tech/SaaS, EU-based")

# 2. Create perimeter (assessment scope)
create_perimeter(name="ACME Platform", folder_id="ACME")

Step 4: Identify and Create Assets

Use references/typical-assets.md to suggest assets based on context.

Primary Assets (PR) - Business value:

  • Customer/employee data, financial records, source code, API keys/secrets

Supporting Assets (SP) - Infrastructure:

  • Cloud infrastructure, databases, CI/CD pipeline, email, endpoints
# Create assets - always pass folder_id
create_asset(name="Customer Data", description="Customer PII - GDPR relevant",
             asset_type="PR", folder_id="ACME")
create_asset(name="Production Database", description="Primary data storage",
             asset_type="SP", folder_id="ACME")

Step 5: Import Threat Catalog

# Import the intuitem common catalog (23 threats)
import_stored_library("urn:intuitem:risk:library:intuitem-common-catalog")

# Verify threats are available
get_threats(library="urn:intuitem:risk:library:intuitem-common-catalog")

Step 6: Generate Scenario Suggestions

Use the Threat-Asset Relevance Matrix in references/typical-assets.md to suggest the most relevant threat-asset combinations.

Naming convention: [Threat] on [Asset]

  • "Ransomware on Customer Data"
  • "Phishing targeting Employees"
  • "Cloud Misconfiguration"

Present top 10-15 combinations and let user select which to create.

Step 7: Create Assessment Container

For Qualitative:

# Check available matrices
get_risk_matrices()

# Use matrix UUID to avoid ambiguity
create_risk_assessment(
  name="ACME Risk Assessment 2025",
  risk_matrix_id="<matrix-uuid>",  # Use UUID from get_risk_matrices()
  perimeter_id="ACME Platform",
  folder_id="ACME",
  status="in_progress"
)

For Quantitative:

create_quantitative_risk_study(
  name="ACME Quantitative Risk Study 2025",
  folder_id="ACME",
  distribution_model="lognormal_ci90"
)

Step 8: Create Risk Scenarios

For Qualitative:

create_risk_scenario(
  name="Ransomware on Customer Data",
  description="Ransomware attack encrypting customer data. Relevance: GDPR breach with 72-hour notification requirement.",
  risk_assessment_id="ACME Risk Assessment 2025",
  folder_id="ACME",  # CRITICAL: scope lookups
  assets=["Customer Data"],
  threats=["Ransomware"],
  threat_library="urn:intuitem:risk:library:intuitem-common-catalog"
)

For Quantitative:

create_quantitative_risk_scenario(
  name="Ransomware on Customer Data",
  description="Ransomware attack... Relevance: ...",
  quantitative_risk_study_id="ACME Quantitative Risk Study 2025",
  folder_id="ACME",
  assets=["Customer Data"],
  threats=["Ransomware"],
  threat_library="urn:intuitem:risk:library:intuitem-common-catalog"
)

Step 9: Summary and Next Steps

After creating scenarios, summarize and guide on next steps:

For Qualitative:

  1. Rate probability and impact for each scenario in the UI
  2. Identify and link existing controls
  3. Plan additional controls for high-risk scenarios
  4. Review risk matrix visualization

For Quantitative:

  1. Create hypotheses with probability and impact bounds
  2. Run Monte Carlo simulations
  3. Set risk tolerance curve
  4. Analyze portfolio-level risk

Quick Reference

MCP Tools

CategoryToolKey Parameters
Setupcreate_folder()name, description
create_perimeter()name, folder_id
Assetscreate_asset()name, description, asset_type, folder_id
get_assets()folder
Threatsimport_stored_library()urn_or_id
get_threats()library, folder, limit
Qualitativeget_risk_matrices()-
create_risk_assessment()name, risk_matrix_id, perimeter_id, folder_id
create_risk_scenario()name, description, risk_assessment_id, folder_id, assets, threats, threat_library
Quantitativecreate_quantitative_risk_study()name, folder_id, distribution_model
create_quantitative_risk_scenario()name, quantitative_risk_study_id, folder_id, assets, threats, threat_library

Common Threat Library URN

urn:intuitem:risk:library:intuitem-common-catalog

Threat Catalog Quick Reference

ThreatTypical Target Assets
RansomwareCustomer Data, Databases, File Storage
PhishingEmployee Endpoints, Corporate Email
Data Breach/LeakCustomer Data, Source Code, API Keys
Cloud Security ThreatsCloud Infrastructure, SaaS Apps
API Security ThreatsApplication Code, API Gateway
Insider ThreatsAPI Keys/Secrets, Source Code
Supply Chain AttacksCI/CD Pipeline, Dependencies
Password AttacksCorporate Email, Admin Accounts
System OutageProduction Database, Core Services
Regulatory Non-ComplianceCustomer Data (GDPR/HIPAA/PCI)
Social EngineeringEmployee Endpoints, Finance Team

Fallback: Direct API Calls

If MCP tools unavailable:

  • POST /api/folders/
  • POST /api/perimeters/
  • POST /api/assets/
  • POST /api/stored-libraries/<urn>/import/
  • POST /api/risk-assessments/
  • POST /api/risk-scenarios/
  • POST /api/crq/quantitative-risk-studies/
  • POST /api/crq/quantitative-risk-scenarios/

More by intuitem

View all
ciso-assistant-bootstrap
3,494

Bootstrap CISO Assistant for new users by guiding them through initial setup. Use when: (1) User wants to set up CISO Assistant from scratch (2) User mentions "bootstrap", "initial setup", "getting started", or "onboarding" with CISO Assistant (3) User needs help creating their organizational structure, loading frameworks, or configuring risk assessments Covers: domains/folders, perimeters, industry-based framework selection, assets, risk assessment type (qualitative vs quantitative), third-party entities and solutions, and compliance vs risk focus.