ciso-assistant-bootstrap

The CISO Assistant Bootstrap skill is designed to streamline the onboarding process for cybersecurity and GRC practitioners transitioning to the CISO Assistant platform. It acts as an interactive assistant that automates the complex task of initializing a security management environment, ensuring that users move from installation to actionable insights with minimal friction. This skill is intended for CISOs, security analysts, and compliance officers who need to set up their governance hierarchy, asset inventory, and risk management workflows from scratch.

• Automatically orchestrates the creation of folders, domains, and assessment perimeters via the CISO Assistant MCP server.

• Provides intelligent recommendations for industry-specific frameworks such as ISO 27001:2022, NIST CSF 2.0, or HIPAA, based on the user's operational context.

• Facilitates the definition of qualitative risk assessment matrices (e.g., 3x3, 5x5) or quantitative modeling parameters to match the organization's risk appetite.

• Guides the setup of critical asset inventories, categorized into Primary (PR) and Supporting (SP) assets for better visibility.

• Manages third-party risk management (TPRM) by assisting in the creation of vendor entities, their associated solutions, and criticality levels.

• Validates the entire setup process by cross-checking object creation against live backend data to ensure configurations are correctly applied.

• Always utilize MCP tools as the primary method to ensure automatic name-to-ID resolution and superior error handling.

• Prerequisites include a running CISO Assistant backend, correct API_URL/TOKEN configuration, and active MCP server connectivity.

• Use the bootstrap flow to gather structured inputs: organization name, focus (Compliance vs. Risk), industry sector, asset lists, and vendor dependencies.

• In scenarios where MCP tools are unavailable, manual interaction via direct API calls or CLI (CLICA) serves as a secondary fallback, though this requires manual UUID management.

• Use this skill when keywords like 'initial setup', 'getting started', 'onboarding', or 'bootstrap' are mentioned by the user to ensure consistency and speed in the configuration process.