Skip to content
🚨 Master Security Compliance: Join our upcoming webinar! 🚨

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
Delivering Hub & Spoke GRC in Distributed & Autonomous Business
On-demand Webinar

Delivering Hub & Spoke GRC in Distributed &...

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and is ready to share his findings....

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Register Now
Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

Register Now
How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

Register Now
See all webinars

Latest Answers

ASD Essential 8

Who has to comply with ASD Essential 8?

What is ASD Essential 8? The Australian Signals Di...

NIST Cybersecurity Framework (CSF)

Is NIST a standard or framework?

What is NIST? NIST, which stands for the National ...

ASD Essential 8

What is the ASD Essential Eight model?

What is the ASD essential eight model? The ASD Ess...

{tableName=glossary, name=ISO/IEC 27014, description= ISO/IEC 27014 is an international standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) that provides guidance on the development and implementation of an effective governance framework for information security. The standard outlines a comprehensive set of principles, processes, and practices to ensure the confidentiality, integrity, and availability of information. It emphasizes the importance of risk management, security controls, and the need to ensure that all information security activities are carried out in an organized and systematic manner. ISO/IEC 27014 also outlines the roles and responsibilities of all stakeholders involved in the governance of information security, including the security team, senior management, and the board of directors. Additionally, the standard provides guidance on the development of an information security policy, the implementation of security controls, and the monitoring and reporting of security incidents., topic=null, hs_path=iso-iec-27014}--
{tableName=glossary, name=Spear Phishing, description= Spear Phishing is a type of cyber attack that involves sending fraudulent emails or messages that appear to come from a trusted source in order to gain access to sensitive information such as usernames, passwords, financial data, or other confidential information. It is often used to target specific individuals or organizations, making it more difficult to detect than other types of phishing attacks. The attacker typically uses personal information gathered from the Internet or other sources to create a more convincing message that is tailored to the recipient. The attacker may also use social engineering techniques to further convince the recipient to open the message or click on a malicious link. Spear phishing is a serious threat as it can be used to gain access to confidential information and can lead to identity theft, fraud, and other malicious activities., topic=null, hs_path=spear-phishing}--
{tableName=glossary, name=The Health Insurance Portability and Accountability (HIPAA), description= The Health Insurance Portability and Accountability (HIPAA) is a federal law enacted in 1996 that provides data privacy and security provisions for safeguarding medical information. The law applies to health plans, health care clearinghouses, and those health care providers that conduct certain financial and administrative transactions electronically. The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain financial and administrative transactions electronically. The Privacy Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The HIPAA Security Rule requires covered entities to maintain reasonable and appropriate administrative, physical, and technical safeguards for protecting and securing protected health information. The Security Rule addresses both technical and non-technical safeguards, such as administrative, physical, and technical controls. The HIPAA Enforcement Rule provides the procedures for enforcing the privacy and security provisions of HIPAA. The Enforcement Rule outlines the procedures for investigating and resolving complaints of noncompliance and outlines the penalties for violations of the HIPAA Rules. The HIPAA Breach Notification Rule requires covered entities to provide notification following a breach of unsecured protected health information. The Breach Notification Rule requires covered entities to provide notification to affected individuals, the Secretary of the Department of Health and Human Services (HHS), and, in certain cases, to the media., topic=null, hs_path=the-health-insurance-portability-and-accountability-hipaa}--
{tableName=glossary, name=Cybersecurity Risk Appetite, description= Cybersecurity Risk Appetite is the level of risk an organization is willing to accept in order to achieve its objectives. It is determined by the organization’s overall risk management strategy and helps define the scope of acceptable risk to the organization’s assets and reputation. It is a critical component of an organization’s overall risk management program and should be tailored to the organization’s specific needs and objectives. The risk appetite should be regularly reviewed and updated to ensure it remains relevant and appropriate. It is important to note that the risk appetite should not be a static number, but should be based on an organization’s ability to identify, monitor, and respond to cyber threats and risks. Additionally, the risk appetite should be regularly monitored to ensure it is aligned with the organization’s objectives and risk management strategy., topic=[{id=97620570528, createdAt=1673040885452, updatedAt=1715624222504, path='cybersecurity-risk-management', name=' Cybersecurity Risk Management: A Guide for Businesses', 1='{type=string, value=Cybersecurity Risk Management}', 2='{type=string, value= This guide provides essential information on cyber security risk management, including how to identify, assess, and mitigate risks to your organization's data and systems. Learn how to create a cyber security strategy that}', 5='{type=string, value=This Cybersecurity Risk Management Guide is designed to provide an authoritative overview of the key concepts and processes associated with effective cybersecurity risk management. It provides an introduction to the principles of risk management and the key steps involved in developing a successful risk management plan. It outlines the importance of understanding the threats and vulnerabilities that exist in the digital environment, as well as the steps that can be taken to mitigate these risks. It also discusses the need to develop a culture of security within an organization and the role of leadership in setting the tone for a secure environment. Finally, the guide provides guidance on the selection and implementation of security technologies, as well as the monitoring and review of risk management processes. This guide is an essential resource for anyone looking to understand and manage risks associated with cyber threats.}', 15='{type=list, value=[{id=97620570528, name='Cybersecurity Risk Management'}]}'}], hs_path=cybersecurity-risk-appetite}--
{tableName=glossary, name=Data Mining, description= Data Mining is the process of extracting meaningful information from large amounts of data. It is a type of analysis that uses sophisticated algorithms and software to uncover hidden patterns, correlations, and other insights from large datasets. Data Mining is used to uncover trends, customer preferences, and customer segmentation, as well as to predict future outcomes and behaviors. Data Mining helps organizations to make better decisions, improve customer service, increase efficiency, and optimize operations. Data Mining can be used in a variety of industries, including healthcare, finance, marketing, and retail. Data Mining techniques include clustering, classification, association, and anomaly detection., topic=null, hs_path=data-mining}--
{tableName=glossary, name=Operational Risk, description= Operational risk is the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events. It is the risk of loss associated with inadequate or failed internal processes, people, and systems, or from external events. It encompasses a wide range of risks including strategic, compliance, reputational, financial, IT, and physical risks. Operational risk is a broad term that encompasses the risk of loss due to inadequate or failed internal processes, people, and systems, or from external events. It is the risk of losses resulting from inadequate or failed internal processes, people, and systems, or from external events. This includes risks associated with legal and regulatory compliance, financial losses, reputational damage, IT security breaches, and physical risks such as natural disasters. Operational risk management is the process of identifying, assessing, and mitigating operational risks in order to protect an organization’s assets and operations. This involves the development of policies and procedures, the implementation of risk management systems, and the monitoring of operational risks. Operational risk management is an essential component of any successful business, as it helps to ensure the safety and security of an organization’s resources and operations., topic=null, hs_path=operational-risk}--
ISO/IEC 27014

ISO/IEC 27014 is an international standard published by the International Organization for Standardi...

Spear Phishing

Spear Phishing is a type of cyber attack that involves sending fraudulent emails or messages that ap...

The Health Insurance Portability and Accountabilit...

The Health Insurance Portability and Accountability (HIPAA) is a federal law enacted in 1996 that pr...

Cybersecurity Risk Management
Cybersecurity Risk Appetite

Cybersecurity Risk Appetite is the level of risk an organization is willing to accept in order to ac...

Data Mining

Data Mining is the process of extracting meaningful information from large amounts of data. It is a ...

Operational Risk

Operational risk is the risk of loss resulting from inadequate or failed internal processes, people,...

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Download
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks