# General tips

CISO Assistant is intended to be a multi-paradigm tool to suit everyone's background and approch to cyber security program organisation.

With that being said here are some standard recommendations to get the most of it, if you are just starting:

1. Map your organisation to the domains/perimeters (or create basic ones)
2. Add your users and assign them to the groups (SSO and MFA available even in Community)
3. (recommended) Identify what are the assets to protect
4. (recommended) Enumerate your existing capabilities/controls
5. Define your baseline and focus on the basics - pick your controls and/or create new ones
6. Get your actions implemented and reflect that on your audit progress
7. Conduct a contextual risk assessment
8. Share the insights with your organisation, review the priorities, and keep it alive
9. Expand your coverage: periodic tasks, incidents, TPRM, findings managements, etc.
10. Always keep focus on the actions and reflect their data on the other concepts


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://intuitem.gitbook.io/ciso-assistant/guide/general-tips.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.