S181
Embassy Cyber Governance Charter (Defensive)
Create cyber governance: roles, reporting, risk acceptance, incident response, and training cadence.
Inputs:Strategic Priority
Output:Charter + SOPs + compliance gates.
30 Services
Cybersecurity & Information Environment Defense
Defensive cyber operations, information environment monitoring, threat intelligence, and digital resilience frameworks.
All Services
30 services in this domainS182
Threat Modeling for Mission Systems (Non-Exploit)
Build threat model (assets, threats, controls, residual risk); no exploit instructions; include audit appendix.
Inputs:Strategic Priority
Output:Threat model + control priorities + roadmap.
S183
Critical Infrastructure Cyber Maturity Roadmap
Define maturity stages and prioritized controls; include governance and measurement.
Inputs:Strategic Priority
Output:Roadmap + KPIs + quarterly milestones.
S184
Incident Response Playbook (Embassy/Operator)
Draft IR playbook: detection, containment, comms, legal gates, recovery, AAR; no offensive content.
Inputs:Strategic Priority
Output:Playbook + checklists + comms templates.
S185
Data Breach Communications Ladder (Truthful)
Create comms ladder: internal, host authorities, partners, public; include attribution rules and legal gates.
Inputs:Strategic Priority
Output:Comms plan + Q&A + timeline checklist.
S186
Ransomware Resilience Plan (Defensive)
Develop resilience plan: backups, segmentation, training, decision gates; no negotiation tactics for criminals.
Inputs:Strategic Priority
Output:Resilience plan + controls checklist + governance.
S187
Supply Chain Cyber Risk Governance (Vendor Controls)
Create vendor security requirements, audit rights, and monitoring; include procurement gates.
Inputs:Strategic Priority
Output:Vendor governance pack + clause menu + KPIs.
S188
Zero Trust Adoption Blueprint (High-Level)
Produce high-level zero trust blueprint: identity, device, network, data; include phased plan.
Inputs:Strategic Priority
Output:Blueprint + milestones + audit appendix.
S189
Secure Communications and Data Hygiene Training
Build training module: travel hygiene, meeting protocols, data minimization, incident reporting.
Inputs:Strategic Priority
Output:Training pack + checklists + evaluation rubric.
S190
Information Integrity Monitoring Plan (Ethical)
Create monitoring plan for false narratives; verification workflow; truthful response options; no manipulation.
Inputs:Strategic Priority, Reference Sources
Output:Monitoring plan + response playbook + triggers.
S191
Rumor Control “Prebunk” Pack (Truth-Forward)
Create factual prebunk messages and transparency practices; avoid propaganda; include “do not say.”
Inputs:Strategic Priority
Output:Prebunk pack + messenger guidance + timing plan.
S192
Digital Sovereignty Risk Assessment (Policy Level)
Assess sovereignty risks in data flows and platforms; cite RS; propose governance and clauses.
Inputs:Strategic Priority, Reference Sources
Output:Risk assessment + mitigations + legal flags.
S193
Cyber Incident Tabletop Exercise (Embassy + Partners)
Design tabletop: injects, decisions, evaluation; focus governance and comms; no exploit detail.
Inputs:Strategic Priority
Output:Tabletop pack + scoring rubric + AAR template.
S194
Protective Monitoring KPI Dashboard Spec
Define defensive KPIs (patch latency, backup integrity, training coverage) and governance for review.
Inputs:Strategic Priority
Output:KPI dashboard spec + review cadence + thresholds.
S195
Security Control Gap Analysis (Policy/Process/Tech)
Identify gaps and prioritized mitigations; require evidence for claims; label unknowns.
Inputs:Strategic Priority
Output:Gap analysis + remediation plan + audit appendix.
S196
Secure-by-Design Requirements for New Embassy Tech
Draft security requirements: logging, access control, data minimization, audit, IR integration.
Inputs:Strategic Priority
Output:Requirements doc + acceptance tests + governance gates.
S197
Disinformation Attribution Caution Protocol
Create protocol to avoid false attribution; verification steps; safe public wording.
Inputs:Strategic Priority
Output:Protocol + templates + escalation triggers.
S198
Cross-Org Incident Coordination Charter (Host + Partners)
Define lawful information-sharing during incidents, classification handling, and comms synchronization.
Inputs:Strategic Priority
Output:Charter + contact-role schema + SOPs.
S199
Privacy Impact Assessment Template (Operational)
Produce PIA template with data inventory, lawful basis, minimization, retention, and audit steps.
Inputs:Strategic Priority
Output:PIA template + populated draft if data provided.
S200
Differential Privacy/Minimization Guidance (Non-Technical User)
Provide practical minimization rules and privacy-by-design governance, without implementation exploit details.
Inputs:Strategic Priority
Output:Guidance + SOP + review checklist.
S201
Insider Risk Governance (Non-Accusatory)
Develop insider risk governance: training, access controls, reporting, wellbeing safeguards; no suspicion-based targeting.
Inputs:Strategic Priority
Output:Governance pack + policies + escalation flow.
S202
Secure Records and Provenance Logging Policy
Define logging policy: what, why, retention, access, audit, and incident use.
Inputs:Strategic Priority
Output:Policy + audit checklist + compliance gates.
S203
Encryption and Key Management Governance (High-Level)
Produce governance: key ownership, rotation, access, incident handling; avoid operational exploitation.
Inputs:Strategic Priority
Output:Governance blueprint + controls checklist.
S204
Cybersecurity Partner Engagement Talking Points
Draft talking points and cooperation asks (CERT/CIRT, training); include data sovereignty safeguards.
Inputs:Strategic Priority
Output:Talking points + MOU outline + risk cautions.
S205
Content Authenticity and Deepfake Response Plan
Design response plan for deepfakes: verification, comms ladder, partner sync; truthful and cautious.
Inputs:Strategic Priority
Output:Plan + templates + escalation triggers.
S206
Security Budget Prioritization (MCDA)
Rank security investments by risk reduction and feasibility; include “minimum viable security” set.
Inputs:Strategic Priority
Output:Ranked investment plan + milestones + audit appendix.
S207
Operational Technology Security Governance (Critical Infra)
Create OT governance: segmentation, access, monitoring, incident response coordination.
Inputs:Strategic Priority
Output:Governance model + SOPs + training plan.
S208
Third-Party Access Control Playbook
Define rules for third-party access: approvals, least privilege, logging, audits, termination.
Inputs:Strategic Priority
Output:Playbook + checklist + contract clauses to draft.
S209
Public Messaging Guardrails During Cyber Incidents
Generate guardrails: what to say, what not to say, how to avoid escalation and legal exposure.
Inputs:Strategic Priority
Output:Guardrails + Q&A + clearance steps.
S210
Cyber Resilience “No-Regrets” Actions
Identify actions robust across threat scenarios; list actions requiring counsel clearance.
Inputs:Strategic Priority
Output:No-regrets list + triggers + governance.