Skip to content
🚨 Master Security Compliance: Join our upcoming webinar! 🚨

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
Eliminate GRC Reporting Nightmares
On-demand Webinar

Eliminate GRC Reporting Nightmares

Learn how to streamline GRC reporting and eliminate nightmares in our on-demand webinar, 'Eliminate GRC Reporting Nightmares.' Gain insights into effi...

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Register Now
Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

Register Now
How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

Register Now
See all webinars

Latest Answers

ASD Essential 8

Who has to comply with ASD Essential 8?

What is ASD Essential 8? The Australian Signals Di...

NIST Cybersecurity Framework (CSF)

Is NIST a standard or framework?

What is NIST? NIST, which stands for the National ...

ASD Essential 8

What is the ASD Essential Eight model?

What is the ASD essential eight model? The ASD Ess...

{tableName=glossary, name=ISO/IEC 27001 Scope, description= ISO/IEC 27001 Scope is a set of requirements for the implementation of an Information Security Management System (ISMS) that defines the boundaries of the system and its objectives. It is a framework that sets out the scope of the ISMS, the processes and procedures that will be used to manage the security of the organization’s information assets, and the resources that will be used to implement and maintain the system. The scope of the ISMS will be determined by the organization’s risk management process and should include, but not be limited to: the organization’s information assets, the security controls that will be implemented, the roles and responsibilities of personnel, the organizational structure, the procedures to be followed, the documentation and records to be maintained, and the implementation and monitoring of the system. The scope should also include the identification and assessment of risks, the implementation of measures to reduce those risks, the monitoring of the system and its effectiveness, and the continual improvement of the system., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-scope}--
{tableName=glossary, name=Risk Register, description= A Risk Register is a document used to record and track all identified risks associated with a project, process, or activity. It is a tool used to identify, monitor, and control potential risks that could arise during the project lifecycle. It typically includes information such as the risk description, its potential impact, the likelihood of occurrence, the actions taken to mitigate the risk, and the responsible party. The Risk Register is an essential part of the risk management process and is used to ensure that all risks are identified, evaluated, and managed appropriately. It also helps to ensure that potential risks are monitored and managed in a timely manner, and that the project team is informed of any changes to the risk status., topic=null, hs_path=risk-register}--
{tableName=glossary, name=ISO/IEC Data Security Standard, description= ISO/IEC Data Security Standard (ISO/IEC 27001) is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It is a globally recognized standard for information security management systems (ISMS) and provides a framework of requirements and guidance for organizations looking to protect their data, systems, and processes. The standard is based on the Plan-Do-Check-Act (PDCA) cycle and requires organizations to identify their information security risks and develop an ISMS to manage these risks, as well as to continually review and improve their security. The standard outlines a set of best practices for information security, including risk assessment, policies and procedures, user access control, encryption, and security incident management. The standard also includes a number of technical controls, such as physical security, network security, application security, and data security. The ISO/IEC 27001 standard is a comprehensive and rigorous approach to information security, and organizations that implement it can demonstrate their commitment to data protection and security., topic=null, hs_path=iso-iec-data-security-standard}--
{tableName=glossary, name=ISO/IEC 27001 Or ISO/IEC 27018, description= ISO/IEC 27001 is an international standard developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) for information security management systems (ISMS). It provides a framework of specifications and best practices for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an ISMS. It is designed to help organizations ensure the confidentiality, integrity and availability of their information assets. The standard is divided into 14 clauses and is based on a process approach, with the main focus being on risk management. It requires organizations to identify and manage risks to their information assets, and to establish controls to mitigate those risks. ISO/IEC 27001 also requires organizations to define security policies and procedures, and to ensure that those policies and procedures are followed. ISO/IEC 27018 is a code of practice for the protection of personal data in the cloud. It provides a set of security controls and procedures that cloud service providers must implement when processing personal data. The code is based on the ISO/IEC 27001 ISMS and is designed to ensure that personal data is adequately protected and managed. It covers areas such as data security, data privacy, data security breach notification, data transfer, and data retention., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-or-iso-iec-27018}--
{tableName=guides, name=HITRUST Common Security Framework, description= This guide provides an overview of the HITRUST Common Security Framework, a comprehensive approach to security and privacy of healthcare data. Learn how to implement the framework to protect your organization and its data, topic=[{id=97620570518, createdAt=1673040885391, updatedAt=1715624514986, path='hitrust-common-security-framework', name=' HITRUST CSF Guide: Understanding & Implementing Security', 1='{type=string, value=HITRUST Common Security Framework}', 2='{type=string, value= This guide provides an overview of the HITRUST Common Security Framework, a comprehensive approach to security and privacy of healthcare data. Learn how to implement the framework to protect your organization and its data}', 5='{type=string, value=This authoritative guide provides an in-depth overview of the HITRUST Common Security Framework (CSF). It examines the components of the HITRUST CSF, including its core concepts, objectives, and implementation strategies. It also provides guidance on how organizations can use the HITRUST CSF to assess and manage their security risks. The guide provides detailed information on the HITRUST CSF's architecture, including its components and their relationships to each other. It also covers the various security controls and measures that can be implemented to ensure compliance with the HITRUST CSF. Finally, the guide provides a comprehensive overview of the HITRUST CSF's certification process, and how organizations can use it to achieve certification.}', 15='{type=list, value=[{id=97620570518, name='HITRUST Common Security Framework'}]}'}], hs_path=hitrust-common-security-framework}--
{tableName=glossary, name=Vendor Risk Management (VRM), description= Vendor Risk Management (VRM) is an enterprise-wide approach to managing risks associated with third-party vendors. It involves an organization’s proactive identification, assessment, and mitigation of risks posed by vendors. VRM involves a comprehensive review of the vendor’s security and privacy policies, documentation, and processes. It also requires an organization to monitor vendors’ performance on an ongoing basis. This includes evaluating the vendor’s ability to meet requirements, maintain compliance, and adhere to industry standards. VRM also requires organizations to have a clear understanding of the potential risks associated with vendors, including financial, reputational, legal, and operational risks. Finally, VRM requires organizations to develop and maintain a comprehensive vendor risk management program that includes policies and procedures for vendor selection, contract negotiation, and ongoing monitoring., topic=[{id=97620570526, createdAt=1673040885440, updatedAt=1715624231354, path='vendor-risk-management', name=' Vendor Risk Management: A Guide to Best Practices', 1='{type=string, value=Vendor Risk Management}', 2='{type=string, value= Vendor Risk Management Guide: Learn the fundamentals of vendor risk management and how to identify, assess, and mitigate risks associated with third-party vendors.}', 5='{type=string, value=This Vendor Risk Management Guide provides a comprehensive overview of the key components of vendor risk management. It covers the fundamentals of vendor risk management, including risk identification, assessment, and mitigation strategies. It also provides guidance on the development of a vendor risk management program, including the process for selecting, onboarding, and monitoring vendors. Additionally, this guide provides guidance on the use of technology to automate and streamline the vendor risk management process. Finally, this guide provides a number of best practices for managing vendor risk and ensuring compliance with applicable regulations. With this guide, organizations can create a comprehensive and effective vendor risk management program that ensures the safety of their data and systems.}', 15='{type=list, value=[{id=97620570526, name='Vendor Risk Management'}]}'}], hs_path=vendor-risk-management-vrm}--
ISO 27001
ISO/IEC 27001 Scope

ISO/IEC 27001 Scope is a set of requirements for the implementation of an Information Security Manag...

Risk Register

A Risk Register is a document used to record and track all identified risks associated with a projec...

ISO/IEC Data Security Standard

ISO/IEC Data Security Standard (ISO/IEC 27001) is an information security standard published by the ...

ISO 27001
ISO/IEC 27001 Or ISO/IEC 27018

ISO/IEC 27001 is an international standard developed by the International Organization for Standardi...

HITRUST Common Security Framework
HITRUST Common Security Framework

This guide provides an overview of the HITRUST Common Security Framework, a comprehensive approach t...

Vendor Risk Management
Vendor Risk Management (VRM)

Vendor Risk Management (VRM) is an enterprise-wide approach to managing risks associated with third-...

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Download
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks