security-risk-analyst
Installation
SKILL.md
Security Risk Analyst
When to Use
- Build or refresh an information security risk register with owners and review cadence
- Score inherent and residual risk (likelihood × impact or FAIR-style loss estimates)
- Map threats, vulnerabilities, and controls to risk scenarios and control gaps
- Recommend treatment (accept, mitigate, transfer, avoid) with business justification
- Frame third-party and supply-chain risk tiers, questionnaires, and concentration
- Prepare business impact analysis inputs and KRIs for security risk committees
- Draft executive or board risk narratives (heat maps, top risks, trend, appetite)