Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
Microsoft AI FinTech Roadshow - Melbourne
Live Event

Microsoft AI FinTech Roadshow - Melbourne

Discover the future of Financial Services with insights from industry leaders at the AI Fintech Roadshow in Sydney. Join us to explore AI innovation a...

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Register Now
Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

Register Now
How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

Register Now
See all webinars

Latest Answers

ASD Essential 8

Who has to comply with ASD Essential 8?

What is ASD Essential 8? The Australian Signals Di...

NIST Cybersecurity Framework (CSF)

Is NIST a standard or framework?

What is NIST? NIST, which stands for the National ...

ASD Essential 8

What is the ASD Essential Eight model?

What is the ASD essential eight model? The ASD Ess...

{tableName=glossary, name=Common Vulnerability Scoring System (CVSS), description= The Common Vulnerability Scoring System (CVSS) is a standard for measuring and rating the severity of computer system security vulnerabilities. It is a numerical score ranging from 0 to 10, with 10 being the most severe. CVSS is used to compare the severity of different vulnerabilities and prioritize remediation efforts. It considers factors such as the complexity of the attack, the type of attack, the impact of the attack, the privileges needed to exploit the vulnerability, and the availability of the exploit. CVSS is designed to be vendor-neutral, so it can be used to evaluate vulnerabilities in any type of system or application. The CVSS score provides a consistent way to communicate the severity of a vulnerability, making it easier to compare and prioritize different vulnerabilities., topic=[{id=97620570512, createdAt=1673040885353, updatedAt=1683947931775, path='vulnerability-management', name=' Vuln Mgmt Guide: Learn to Protect Your Business', 1='{type=string, value=Vulnerability Management}', 2='{type=string, value= Learn how to identify, assess, and manage security vulnerabilities in your organization with this comprehensive guide to Vulnerability Management. Get started now!}', 5='{type=string, value=This Vulnerability Management Guide provides an authoritative overview of the processes, strategies, and best practices for effectively managing vulnerabilities in an organization's IT systems. It explains the importance of vulnerability management and outlines the steps needed to build an effective vulnerability management program. It also covers the various tools and techniques used to identify, assess, and remediate vulnerabilities, as well as the importance of monitoring and reporting on the program's progress. Finally, the guide provides guidance on how to select the appropriate security solutions for an organization's needs. By following the advice in this guide, organizations can ensure that their systems are secure and their data is protected.}'}], hs_path=common-vulnerability-scoring-system-cvss}--
{tableName=glossary, name=ISO/IEC Directives Part 2, description= ISO/IEC Directives Part 2 is a set of rules and procedures developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) to ensure that standards created by the two organizations are developed and published in a consistent and effective manner. This part of the ISO/IEC Directives sets out the overall structure of the ISO/IEC standards development process, the roles and responsibilities of the various stakeholders, and the procedures for the development, approval, and publication of ISO/IEC standards. It also provides guidance on how to ensure that standards are developed in a transparent and open manner, and that the interests of all stakeholders are taken into consideration. The ISO/IEC Directives Part 2 also outlines the procedures for the review and withdrawal of standards, and the procedures for the registration and maintenance of ISO/IEC standards., topic=null, hs_path=iso-iec-directives-part-2}--
{tableName=glossary, name=Non-Repudiation, description= Non-repudiation is a concept in computer science and cryptography that ensures that a party to a transaction or communication cannot deny having performed a certain action. It is a form of evidence that provides proof of the origin and delivery of data, as well as proof of the integrity of the data in question. Non-repudiation is used to prevent the sender of a message from later denying having sent the message, and to prevent the recipient from denying having received it. Non-repudiation is typically achieved through the use of digital signatures, timestamping, and other cryptographic techniques. Digital signatures are used to authenticate the identity of the sender and verify that the message has not been tampered with. Timestamping is used to prove that the message was sent at a certain time. Other cryptographic techniques, such as message authentication codes and hash functions, are used to verify the integrity of the data. Non-repudiation is an important element of secure communication, as it provides a means of ensuring that the sender and receiver of a message can be held accountable for their actions., topic=null, hs_path=non-repudiation}--
{tableName=glossary, name=Risk Mitigation, description= Risk mitigation is the process of identifying, assessing, and reducing the potential for negative impacts of risks to an organization's objectives. It involves developing strategies to manage the risks and implementing those strategies to reduce the likelihood of their occurrence and/or the severity of their impact. Risk mitigation strategies can include risk avoidance, risk transfer, risk sharing, risk reduction, risk acceptance, and risk control. Risk avoidance involves eliminating or avoiding activities or situations that could result in the risk. Risk transfer involves transferring the risk to another party, such as an insurance company, who will assume the risk in exchange for a fee. Risk sharing involves sharing the risk between parties, such as when two companies form a joint venture. Risk reduction involves reducing the likelihood of the risk occurring or the severity of its impact. Risk acceptance involves accepting the risk and taking no action to reduce it. Risk control involves implementing measures to reduce the risk, such as implementing safety protocols or installing security systems., topic=[{id=97620570509, createdAt=1673040885334, updatedAt=1683947919413, path='enterprise-risk-management', name=' Enterprise Risk Management Guide: A Comprehensive Guide', 1='{type=string, value=Enterprise Risk Management}', 2='{type=string, value= This guide provides an overview of Enterprise Risk Management and its processes, enabling you to develop a risk management strategy and plan for your organization. Learn how to identify, assess, and mitigate risks.}', 5='{type=string, value=This authoritative guide provides an overview of enterprise risk management (ERM) and its essential components. It is designed to help business leaders understand the fundamentals of ERM and develop the skills and knowledge needed to effectively manage risk in their organizations. The guide begins by defining ERM and outlining its main objectives. It then examines the key elements of ERM, including risk identification, assessment, and management. It also covers the importance of risk culture and the role of technology in ERM. Finally, the guide provides best practices for implementing and maintaining an effective ERM program. With this guide, business leaders will gain the knowledge and tools needed to effectively manage risk in their organizations.}'}], hs_path=risk-mitigation}--
{tableName=glossary, name=Email Security Solutions, description= Email Security Solutions are a set of tools, technologies, and processes used to protect email accounts and messages from malicious actors, cyber-attacks, and unauthorized access. These solutions can include encryption, authentication, malware detection, and spam filtering. They can also include advanced features such as data loss prevention, threat intelligence, and user behavior analytics. Additionally, some email security solutions provide monitoring and reporting capabilities to help organizations detect and respond to security incidents quickly. By implementing these solutions, organizations can reduce the risk of data breaches, protect their brand reputation, and ensure the confidentiality and integrity of their email communications., topic=null, hs_path=email-security-solutions}--
{tableName=glossary, name=Australian Prudential Regulation Authority (APRA), description= The Australian Prudential Regulation Authority (APRA) is an independent statutory authority of the Australian Government that was established in 1998 to oversee the prudential supervision of financial institutions in Australia. It is responsible for the regulation and supervision of banks, credit unions, building societies, insurance companies, friendly societies, superannuation funds, and other financial institutions. It does this by setting and enforcing prudential standards, monitoring and assessing compliance with those standards, and taking corrective action when necessary. APRA's primary objective is to protect the interests of depositors, policyholders, and superannuation fund members by ensuring the financial soundness and stability of the financial institutions it regulates. To achieve this, APRA works to promote the safety and soundness of the institutions it regulates, and to ensure that they are well managed and operate in accordance with prudent standards. APRA also works to ensure that the financial services industry operates in an efficient, fair and transparent manner, and to promote the orderly and fair functioning of financial markets., topic=null, hs_path=australian-prudential-regulation-authority-apra}--
Vulnerability Management
Common Vulnerability Scoring System (CVSS)

The Common Vulnerability Scoring System (CVSS) is a standard for measuring and rating the severity o...

ISO/IEC Directives Part 2

ISO/IEC Directives Part 2 is a set of rules and procedures developed by the International Organizati...

Non-Repudiation

Non-repudiation is a concept in computer science and cryptography that ensures that a party to a tra...

Enterprise Risk Management
Risk Mitigation

Risk mitigation is the process of identifying, assessing, and reducing the potential for negative im...

Email Security Solutions

Email Security Solutions are a set of tools, technologies, and processes used to protect email accou...

Australian Prudential Regulation Authority (APRA)

The Australian Prudential Regulation Authority (APRA) is an independent statutory authority of the A...

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Download
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks