Claude Prompts for Security in IT & Security

Generate a structured gap analysis comparing your current security posture to the FedRAMP-Moderate baseline, with prioritized remediation plan.

Draft a factual insider risk incident narrative for internal review, covering timeline, evidence, scope, and next-step recommendations without prejudging intent.

Design a realistic, ethical phishing simulation campaign with templates, success metrics, and a remediation path that doesn't humiliate employees.

Produce honest, legally-defensible customer communication about a security incident — covering what happened, impact, what we did, and what customers should do.

Produce an acceptable use policy that employees will read, understand, and follow — clear about what's allowed, what isn't, and consequences.

Draft a SOC 2 Type II control narrative section that maps cleanly to federal contractor expectations, including NIST 800-53 control crosswalk.

Generate a SOC 2 control narrative that maps a specific Trust Services Criterion to your actual implementation, evidence, and testing approach.

Conduct a structured third-party risk assessment of a SaaS vendor — security posture, data handling, contractual gaps, and recommendations.

Apply the STRIDE methodology to a system architecture and produce a prioritized list of threats with mitigations.

Convert raw vulnerability scanner output into a prioritized, contextualized remediation list with owners, deadlines, and false-positive flags.