Skip to content
🚨 Master Security Compliance: Join our upcoming webinar! 🚨

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
How to enhance the governance of your company's cyber risk profile
On-demand Webinar

How to enhance the governance of your company's cy...

Our expert panelists Katherine Mansted from CyberXC, Peter Deans from Notwithoutrisk, and Andrew Robinson from 6clicks present their insights on cyber...

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Register Now
Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

Register Now
How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

Register Now
See all webinars

Latest Answers

ASD Essential 8

Who has to comply with ASD Essential 8?

What is ASD Essential 8? The Australian Signals Di...

NIST Cybersecurity Framework (CSF)

Is NIST a standard or framework?

What is NIST? NIST, which stands for the National ...

ASD Essential 8

What is the ASD Essential Eight model?

What is the ASD essential eight model? The ASD Ess...

{tableName=glossary, name=Information Security Risk Monitoring And Review, description= Information Security Risk Monitoring and Review is the process of continually assessing and managing the risks associated with information systems. It involves identifying and evaluating potential risks, developing plans to mitigate them, and monitoring the effectiveness of those plans. This process also includes reviewing the current security posture of the organization and its systems and ensuring that appropriate measures are taken to protect the organization and its data from malicious actors. Information Security Risk Monitoring and Review is a critical component of an effective information security program, as it helps organizations identify and address potential risks before they can cause significant damage., topic=null, hs_path=information-security-risk-monitoring-and-review}--
{tableName=glossary, name=ISO/IEC 27002:2022 Controls, description= ISO/IEC 27002:2022 Controls, also known as the Code of Practice for Information Security Controls, is a framework of security controls developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It provides a set of security controls and guidelines for organizations to follow to ensure the security of their information systems and data. The framework includes a list of security controls and procedures that organizations should implement to protect their information assets. The controls include physical, technical, and administrative measures that organizations should take to protect their information systems and data from unauthorized access, use, disclosure, modification, and destruction. The framework also provides guidance on how to assess, monitor, and review the effectiveness of the security controls. Additionally, the framework provides guidance on how to develop, implement, and maintain an information security management system., topic=null, hs_path=iso-iec-270022022-controls}--
{tableName=glossary, name=ISO/IEC 27001 Lead Implementer, description= ISO/IEC 27001 Lead Implementer is an individual with the knowledge and experience to plan, manage, and implement an Information Security Management System (ISMS) based on the ISO/IEC 27001 standard. The Lead Implementer is responsible for ensuring the ISMS meets the requirements of the standard, as well as providing guidance and support to the organization in the implementation of the ISMS. The Lead Implementer is also responsible for developing and maintaining the ISMS, auditing the ISMS, and providing training and awareness on the ISMS to the organization. The Lead Implementer must be knowledgeable in the principles of information security, risk management, and the ISO/IEC 27001 standard, and must have experience in the implementation of an ISMS., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-lead-implementer}--
{tableName=glossary, name=Web Security Threats, description= Web Security Threats are malicious attacks, exploits, or incidents that target or compromise the security of websites, web applications, networks, or computer systems. These threats can come in a variety of forms, including malware, phishing, SQL injection, cross-site scripting, and denial of service attacks. Malware is malicious software designed to infiltrate a computer system and gain access to sensitive information. Phishing is the practice of sending emails or other messages that appear to come from a legitimate source in order to gain access to confidential information. SQL injection is an attack that inserts malicious code into a web application in order to gain access to a database. Cross-site scripting is an attack that injects malicious code into a web page in order to gain access to a user’s browser. Denial of service attacks are attempts to make a website or computer system unavailable to users by flooding it with requests. Web Security Threats can have serious consequences and can lead to data loss, identity theft, and financial losses., topic=null, hs_path=web-security-threats}--
{tableName=glossary, name=Insider Threat Actors, description= The Insider Threat Actors are individuals within an organization that have access to sensitive information or systems that could be used to cause harm to the organization. These individuals may be malicious or accidental in their actions, but their actions can lead to data breaches, theft of intellectual property, or other security incidents. Insider threat actors can be current or former employees, contractors, vendors, or other third parties with access to the organization's networks or data. They can be malicious actors who deliberately use their access to gain unauthorized access to sensitive information or systems, or they can be accidental actors who unintentionally expose the organization to risk by not following security policies or procedures. Insider threat actors can also be malicious actors who use their access to steal intellectual property or other valuable assets. The goal of the Insider Threat Actors is to gain unauthorized access to sensitive information or systems, or to steal valuable assets from the organization., topic=null, hs_path=insider-threat-actors}--
{tableName=glossary, name=Regulatory Compliance, description= Regulatory Compliance is the process of ensuring that an organization adheres to all applicable laws, regulations, standards, and ethical practices set by governing bodies or other authorities. It involves creating and implementing policies, procedures, and processes that are designed to ensure that the organization is in compliance with all applicable laws, regulations, standards, and ethical practices. Regulatory compliance is a critical component of any organization’s risk management program, as non-compliance can lead to costly fines, sanctions, and other penalties. Regulatory compliance is also important for organizations to maintain their reputation and public trust., topic=null, hs_path=regulatory-compliance}--
Information Security Risk Monitoring And Review

Information Security Risk Monitoring and Review is the process of continually assessing and managing...

ISO/IEC 27002:2022 Controls

ISO/IEC 27002:2022 Controls, also known as the Code of Practice for Information Security Controls, i...

ISO 27001
ISO/IEC 27001 Lead Implementer

ISO/IEC 27001 Lead Implementer is an individual with the knowledge and experience to plan, manage, a...

Web Security Threats

Web Security Threats are malicious attacks, exploits, or incidents that target or compromise the sec...

Insider Threat Actors

The Insider Threat Actors are individuals within an organization that have access to sensitive infor...

Regulatory Compliance

Regulatory Compliance is the process of ensuring that an organization adheres to all applicable laws...

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Download
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks