casemark/cybersecurity-breach-summary
skills/legal/cybersecurity-breach-summary/SKILL.md
Produces structured cybersecurity breach summary documents for regulatory and compliance use. Use when drafting breach summaries, incident response reports, forensic report syntheses, board updates, or regulatory notification prep. Triggers: data breach, cybersecurity incident, breach summary, incident report, forensic analysis, notification timeline, GDPR, CCPA/CPRA, HIPAA, state breach law.
$ install --global
skillsauthnpx skillsauth add casemark/skills cybersecurity-breach-summaryInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 27, 2026, 3:44 AM141.2s1 file scanned
SKILL.md
- name:
- cybersecurity-breach-summary
- language:
- en
- description:
- >-
- notification prep. Triggers:
- data breach, cybersecurity incident, breach
Cybersecurity Breach Summary
Legally defensible, source-attributed incident summary for executive, counsel, and regulator review.
Quick Start
- Gather incident reports, forensic analyses, system logs, and response documentation.
- Confirm privilege boundaries and confidentiality flags from counsel.
- Populate the template below with verified facts only — attribute each assertion to a source and date.
- Separate known facts from hypotheses or open questions.
Template
# Executive Overview
- Discovery date/time (timezone):
- Incident window (earliest to latest evidence):
- Incident type / attack vector:
- Affected systems:
- Data categories involved:
- Estimated affected individuals:
- Current status (contained/ongoing):
- Immediate actions taken:
- Material business impact:
# Incident Timeline
| Date/Time (TZ) | Event | Source (doc + date) | Owner | Confidence |
|---|---|---|---|---|
# Technical Summary
- Initial access vector:
- Vulnerability or control failure:
- Lateral movement / persistence:
- Exfiltration evidence:
- Integrity/availability impacts:
# Systems Affected
| System/App | Environment | Data Stored | Impact | Status | Source |
|---|---|---|---|---|---|
# Data Impact
| Data Category | Regulated? | Population Type | Est. Count | Jurisdictions | Source |
|---|---|---|---|---|---|
# Affected Population
| Population | Est. Count | Jurisdictions | Notes |
|---|---|---|---|
# Response Actions
| Action | Date | Owner | Status | Source |
|---|---|---|---|---|
# Notifications
| Recipient | Legal Basis | Deadline | Sent Date | Method | Summary | Source |
|---|---|---|---|---|---|---|
# Legal/Regulatory Assessment
| Regime | Trigger | Deadline Rule | Status | Notes |
|---|---|---|---|---|
| GDPR Art. 33/34 [VERIFY] | | | | |
| HIPAA (45 CFR 164.400–414) [VERIFY] | | | | |
| CCPA/CPRA [VERIFY] | | | | |
| State breach laws (list states) | | | | |
# Contractual / Litigation Exposure
- Contracts with notice obligations:
- SLAs or security addenda implicated:
- Potential claims and venues:
- Preservation actions taken:
# Insurance
- Carrier/policy:
- Notice sent (date/time):
- Coverage issues or reservations:
# Open Issues
-
# Remediation
| Gap/Root Cause | Corrective Action | Owner | Due Date | Status |
|---|---|---|---|---|
# Source Map
| Fact | Source Document | Date | Page/Section |
|---|---|---|---|
Pitfalls
- Speculation: Label unknowns explicitly. Do not opine on liability — describe exposure factors only.
- Timezone drift: Use consistent date/time with timezone; maintain a single chronological basis.
- Jurisdiction scope: List all jurisdictions implicated by affected individuals, not just HQ location.
- Unverified citations: Mark uncertain legal citations or deadlines with
[VERIFY]. - Privilege leaks: Keep privileged content in clearly marked sections per counsel direction.
- Vague counts: Use ranges when scope is uncertain and explain the estimation basis.
Related Skills
casemark/skills/legal/automated-contract-summary
development
VerifiedTrustedCommunity
name: automated-contract-summary language: en description: Generates structured executive summaries of contracts using ML — captures key terms, party obligations, risk allocations, and compliance requirements in a standardized format. Optimized for high-volume review where speed and consistency matter. tags: - summarization - agreement - corporate --- # Automated Contract Summarization Produces standardized executive summaries of contracts using machine learning, capturing essential term
21SKILL.mdUpdated May 26, 2026
casemark/obligation-mapping
tools
VerifiedTrustedCommunity
Extracts regulatory obligations from dense regulations across jurisdictions. Breaks down multi-level regulations into clear article-level obligations, classifies applicability to a business, and prioritizes by risk level. Use when translating regulations into actionable compliance requirements.
21SKILL.mdUpdated May 25, 2026
casemark/horizon-scanning
development
VerifiedTrustedCommunity
Continuously monitors regulatory landscapes for changes relevant to a specific business. Ingests global regulatory updates, filters by relevance, summarizes impact, and produces an actionable change advisory. Use when tracking regulatory developments affecting a particular product or market.
21SKILL.mdUpdated May 25, 2026
casemark/gap-analysis
testing
VerifiedTrustedCommunity
Compares an organization's existing compliance controls, policies, and procedures against extracted regulatory obligations to identify coverage gaps. Produces a remediation plan with prioritized actions. Use when assessing compliance maturity or preparing for regulatory audits.
21SKILL.mdUpdated May 25, 2026