Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Show filters
All
Answers
Framework comparisons
Webinars
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
Keeping pace with change in cyber GRC: An update for boards, CISOs and business leaders
On-demand Webinar

Keeping pace with change in cyber GRC: An update f...

Stay ahead of cyber GRC challenges with expert insights! Join our webinar for essential updates on governance, risk, and compliance strategies for boa...

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Register Now
Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

Register Now
How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

Register Now
See all webinars

Latest Answers

ASD Essential 8

Who has to comply with ASD Essential 8?

What is ASD Essential 8? The Australian Signals Di...

NIST Cybersecurity Framework (CSF)

Is NIST a standard or framework?

What is NIST? NIST, which stands for the National ...

ASD Essential 8

What is the ASD Essential Eight model?

What is the ASD essential eight model? The ASD Ess...

{tableName=glossary, name=Operational Risk, description= Operational risk is the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events. It is the risk of loss associated with inadequate or failed internal processes, people, and systems, or from external events. It encompasses a wide range of risks including strategic, compliance, reputational, financial, IT, and physical risks. Operational risk is a broad term that encompasses the risk of loss due to inadequate or failed internal processes, people, and systems, or from external events. It is the risk of losses resulting from inadequate or failed internal processes, people, and systems, or from external events. This includes risks associated with legal and regulatory compliance, financial losses, reputational damage, IT security breaches, and physical risks such as natural disasters. Operational risk management is the process of identifying, assessing, and mitigating operational risks in order to protect an organization’s assets and operations. This involves the development of policies and procedures, the implementation of risk management systems, and the monitoring of operational risks. Operational risk management is an essential component of any successful business, as it helps to ensure the safety and security of an organization’s resources and operations., topic=null, hs_path=operational-risk}--
{tableName=comparison, name=ISO 27001 vs SOC 2, description= ISO 27001 and SOC 2 are two global standards for information security management. Learn the key differences between them., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-27001-vs-soc-2}--
{tableName=glossary, name=Incident Response Tools, description= Incident Response Tools are software programs and applications that are designed to help organizations detect, investigate, analyze, and respond to cyber security incidents. These tools allow organizations to quickly identify and assess the scope of a security incident, as well as to develop and implement a response plan. Incident Response Tools typically include features such as network and host-based intrusion detection, log analysis, malware analysis, security incident correlation, and incident response automation. These tools can also enable organizations to quickly identify and assess the scope of a security incident, as well as to develop and implement a response plan. Additionally, Incident Response Tools can help organizations maintain compliance with industry standards, such as the Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPAA)., topic=[{id=97620570528, createdAt=1673040885452, updatedAt=1683947994134, path='cybersecurity-risk-management', name=' Cybersecurity Risk Management: A Guide for Businesses', 1='{type=string, value=Cybersecurity Risk Management}', 2='{type=string, value= This guide provides essential information on cyber security risk management, including how to identify, assess, and mitigate risks to your organization's data and systems. Learn how to create a cyber security strategy that}', 5='{type=string, value=This Cybersecurity Risk Management Guide is designed to provide an authoritative overview of the key concepts and processes associated with effective cybersecurity risk management. It provides an introduction to the principles of risk management and the key steps involved in developing a successful risk management plan. It outlines the importance of understanding the threats and vulnerabilities that exist in the digital environment, as well as the steps that can be taken to mitigate these risks. It also discusses the need to develop a culture of security within an organization and the role of leadership in setting the tone for a secure environment. Finally, the guide provides guidance on the selection and implementation of security technologies, as well as the monitoring and review of risk management processes. This guide is an essential resource for anyone looking to understand and manage risks associated with cyber threats.}'}], hs_path=incident-response-tools}--
{tableName=glossary, name=ISO/IEC 27002 Standard Focus, description= ISO/IEC 27002 Standard Focus is an internationally accepted standard for information security management which provides best practices and guidelines for organizations to implement, maintain, and assess an information security management system (ISMS). It is based on the ISO/IEC 27000 series of standards, which is a set of standards related to information security management systems. The ISO/IEC 27002 Standard Focus provides a comprehensive set of security controls to help organizations protect their information assets, including physical and environmental security, access control, security policy, cryptography, and business continuity management. It also provides guidance on risk assessment, risk management, and security auditing. The standard is regularly updated to keep up with the changing technology landscape, and organizations are encouraged to review their security procedures and update their practices in accordance with the latest version of the standard., topic=null, hs_path=iso-iec-27002-standard-focus}--
{tableName=glossary, name=Security Perimeter, description= Security Perimeter: A security perimeter is an arrangement of security measures designed to protect an asset or group of assets from unauthorized access. It is the boundary that separates the secure area from the unsecured area. The security perimeter typically consists of physical barriers such as fences, walls, and gates, as well as electronic surveillance and access control systems. It also includes procedures for authentication, authorization, and audit, as well as other security measures such as encryption, intrusion detection, and anti-virus software. The purpose of the security perimeter is to protect the asset or assets from external threats, such as hackers, malicious software, and other malicious actors. It is also used to protect the asset or assets from internal threats, such as employees or contractors with malicious intent. The security perimeter is an important part of any security strategy and should be regularly monitored and updated to ensure that it remains effective., topic=null, hs_path=security-perimeter}--
{tableName=comparison, name=ASD Essential 8 vs NIST CSF, description=Compare the ASD Essential 8 and NIST Cybersecurity Framework (CSF) to identify which security framework best meets your organisation's needs. , topic=[{id=97620570506, createdAt=1673040885315, updatedAt=1685498674506, path='asd-essential-8', name=' ASD Essential 8 Guide: A Comprehensive Overview', 1='{type=string, value=ASD Essential 8}', 2='{type=string, value= This guide provides an overview of the ASD Essential 8 - 8 evidence-based strategies to help improve the outcomes of children with Autism Spectrum Disorder. Learn how to identify and implement these strategies to help}', 5='{type=string, value=This authoritative guide provides an in-depth look at the ASD Essential 8 (E8), a set of eight measures developed by the Australian Signals Directorate (ASD) to protect organizations from cyber threats. It explores whether the ASD Essential 8 are mandatory or not for your organisations and covers the fundamentals of each of the eight measures, including the maturity levels, how to perform an assessment and implementation guidenace.}'}], hs_path=asd-essential-8-vs-nist-cybersecurity-framework-csf}--
Operational Risk

Operational risk is the risk of loss resulting from inadequate or failed internal processes, people,...

ISO 27001
ISO 27001 vs SOC 2

ISO 27001 and SOC 2 are two global standards for information security management. Learn the key diff...

Cybersecurity Risk Management
Incident Response Tools

Incident Response Tools are software programs and applications that are designed to help organizatio...

ISO/IEC 27002 Standard Focus

ISO/IEC 27002 Standard Focus is an internationally accepted standard for information security manage...

Security Perimeter

Security Perimeter: A security perimeter is an arrangement of security measures designed to protect ...

ASD Essential 8
ASD Essential 8 vs NIST CSF

Compare the ASD Essential 8 and NIST Cybersecurity Framework (CSF) to identify which security framew...

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Download
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks