AgentSkillsCN

Assess Cybersecurity Risk

评估网络安全风险

SKILL.md

Skill: Assess Cybersecurity Risk

Domain

technology

Description

Assesses organizational cybersecurity risk using framework-based evaluation, vulnerability analysis, and threat modeling for risk quantification.

Tags

cybersecurity, risk, NIST, vulnerability, threat, compliance

Use Cases

  • Security posture assessment
  • Vulnerability prioritization
  • Compliance gap analysis
  • Risk quantification

Proprietary Business Rules

Rule 1: NIST Framework Mapping

Assessment against NIST Cybersecurity Framework controls.

Rule 2: Vulnerability Scoring

Risk-adjusted vulnerability prioritization using CVSS.

Rule 3: Threat Likelihood Estimation

Industry-specific threat probability assessment.

Rule 4: Business Impact Analysis

Quantification of potential breach impact.

Input Parameters

  • organization_id (string): Organization identifier
  • asset_inventory (list): IT asset details
  • vulnerability_data (list): Vulnerability scan results
  • control_status (dict): Security control implementation
  • threat_intel (dict): Threat intelligence data
  • business_context (dict): Business criticality info

Output

  • risk_score (float): Overall cyber risk score
  • control_gaps (list): Security control deficiencies
  • critical_vulnerabilities (list): Priority vulnerabilities
  • threat_assessment (dict): Threat analysis results
  • recommendations (list): Risk mitigation actions

Implementation

The assessment logic is implemented in cyber_assessor.py and references data from CSV files:

  • required_controls.csv - Reference data
  • cvss_thresholds.csv - Reference data
  • threat_landscape.csv - Reference data
  • impact_factors.csv - Reference data
  • parameters.csv - Reference data.

Usage Example

python
from cyber_assessor import assess_cyber_risk

result = assess_cyber_risk(
    organization_id="ORG-001",
    asset_inventory=[{"type": "server", "criticality": "high", "exposure": "internet"}],
    vulnerability_data=[{"cve": "CVE-2025-1234", "cvss": 9.8, "affected_assets": 5}],
    control_status={"mfa": True, "encryption": True, "patching": "partial"},
    threat_intel={"industry": "financial", "recent_campaigns": ["ransomware"]},
    business_context={"data_sensitivity": "high", "regulatory": ["PCI", "SOX"]}
)

print(f"Risk Score: {result['risk_score']}")

Test Execution

python
from cyber_assessor import assess_cyber_risk

result = assess_cyber_risk(
    organization_id=input_data.get('organization_id'),
    asset_inventory=input_data.get('asset_inventory', []),
    vulnerability_data=input_data.get('vulnerability_data', []),
    control_status=input_data.get('control_status', {}),
    threat_intel=input_data.get('threat_intel', {}),
    business_context=input_data.get('business_context', {})
)