Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
Eliminate GRC Reporting Nightmares
On-demand Webinar

Eliminate GRC Reporting Nightmares

Learn how to streamline GRC reporting and eliminate nightmares in our on-demand webinar, 'Eliminate GRC Reporting Nightmares.' Gain insights into effi...

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Register Now
Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

Register Now
How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

Register Now
See all webinars

Latest Answers

ASD Essential 8

Who has to comply with ASD Essential 8?

What is ASD Essential 8? The Australian Signals Di...

NIST Cybersecurity Framework (CSF)

Is NIST a standard or framework?

What is NIST? NIST, which stands for the National ...

ASD Essential 8

What is the ASD Essential Eight model?

What is the ASD essential eight model? The ASD Ess...

{tableName=glossary, name=Cybersecurity Risk Appetite, description= Cybersecurity Risk Appetite is the level of risk an organization is willing to accept in order to achieve its objectives. It is determined by the organization’s overall risk management strategy and helps define the scope of acceptable risk to the organization’s assets and reputation. It is a critical component of an organization’s overall risk management program and should be tailored to the organization’s specific needs and objectives. The risk appetite should be regularly reviewed and updated to ensure it remains relevant and appropriate. It is important to note that the risk appetite should not be a static number, but should be based on an organization’s ability to identify, monitor, and respond to cyber threats and risks. Additionally, the risk appetite should be regularly monitored to ensure it is aligned with the organization’s objectives and risk management strategy., topic=[{id=97620570528, createdAt=1673040885452, updatedAt=1683947994134, path='cybersecurity-risk-management', name=' Cybersecurity Risk Management: A Guide for Businesses', 1='{type=string, value=Cybersecurity Risk Management}', 2='{type=string, value= This guide provides essential information on cyber security risk management, including how to identify, assess, and mitigate risks to your organization's data and systems. Learn how to create a cyber security strategy that}', 5='{type=string, value=This Cybersecurity Risk Management Guide is designed to provide an authoritative overview of the key concepts and processes associated with effective cybersecurity risk management. It provides an introduction to the principles of risk management and the key steps involved in developing a successful risk management plan. It outlines the importance of understanding the threats and vulnerabilities that exist in the digital environment, as well as the steps that can be taken to mitigate these risks. It also discusses the need to develop a culture of security within an organization and the role of leadership in setting the tone for a secure environment. Finally, the guide provides guidance on the selection and implementation of security technologies, as well as the monitoring and review of risk management processes. This guide is an essential resource for anyone looking to understand and manage risks associated with cyber threats.}'}], hs_path=cybersecurity-risk-appetite}--
{tableName=glossary, name=NIST SP 800-53 Enhanced Controls, description= NIST SP 800-53 Enhanced Controls are additional security controls that are designed to supplement the baseline security controls outlined in the NIST SP 800-53 security control framework. These enhanced controls are designed to provide additional security measures that organizations can use to protect their systems and data from cyber threats. The enhanced controls are divided into three categories: Supplemental, Derived, and Additional. Supplemental controls are designed to supplement existing baseline security controls in order to provide additional protection. Derived controls are derived from existing baseline security controls and provide additional security measures that are tailored to the specific needs of the organization. Additional controls are additional security measures that are not covered by baseline security controls and are designed to provide additional protection. The enhanced controls are designed to provide organizations with the flexibility to tailor their security posture to their specific needs, while still adhering to the security requirements outlined in the NIST SP 800-53 security control framework., topic=[{id=97620570515, createdAt=1673040885373, updatedAt=1683947942816, path='nist-sp-800-53', name=' NIST SP 800-53 Security Guide: Protect Your Data', 1='{type=string, value=NIST SP 800-53}', 2='{type=string, value= This guide provides a comprehensive overview of NIST SP 800-53, a security and privacy control framework for federal information systems and organizations. Learn how to protect your data and comply with NIST}', 5='{type=string, value=This authoritative guide is based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, which provides guidance for federal agencies on selecting, implementing, and managing information security controls. The guide covers a wide range of topics, including risk assessment, security control selection, security control implementation, and security control monitoring. It also provides detailed information on the security controls that should be implemented in the organization, as well as guidance on how to assess and monitor the effectiveness of those controls. Additionally, the guide provides detailed information on the Federal Information Security Management Act (FISMA) and its requirements for information security. The guide is intended to help organizations ensure that their information systems are secure and compliant with applicable laws and regulations.}'}], hs_path=nist-sp-800-53-enhanced-controls}--
{tableName=glossary, name=ISO/IEC 27002 Importance, description= ISO/IEC 27002 is an international standard for information security management, which provides best practice recommendations for organizations to implement security controls in order to protect their information assets. The standard is based on the principles of the ISO/IEC 27000 series of standards and provides guidance on the selection, implementation, and management of information security controls. It is an important tool for organizations to ensure that their information assets are adequately protected from unauthorized access, disclosure, destruction, or other unauthorized activities. It can also be used as a reference for organizations to assess their own security posture and identify areas for improvement. The standard is regularly updated to reflect the changing security landscape and new threats., topic=null, hs_path=iso-iec-27002-importance}--
{tableName=glossary, name=Network, description= A network is a system of interconnected components, such as computers, servers, and other peripherals, that are capable of exchanging data and sharing resources. Networks are typically composed of hardware, such as routers, switches, and cables, as well as software and protocols that allow the components to communicate. Networks can be used for a variety of purposes, such as file sharing, data storage and retrieval, communication, and entertainment. Networks can be local, such as a home or office network, or global, such as the Internet. They can also be wired or wireless. Networks are an essential part of modern life, as they allow us to access information, communicate with others, and collaborate on projects., topic=null, hs_path=network}--
{tableName=glossary, name=Asset Security, description= Asset security is the protection of physical and digital assets from unauthorized access, use, disclosure, disruption, modification, or destruction. It involves the application of security controls to ensure the confidentiality, integrity, and availability of assets. Asset security is a critical component of an organization's overall security strategy, as it helps protect its data, systems, and networks from malicious actors. This includes protecting against malicious actors who may attempt to gain access to sensitive information, disrupt operations, or damage the organization's reputation. Asset security also helps organizations protect their investments in hardware, software, and intellectual property. It involves the implementation of technical controls such as firewalls, authentication, encryption, and access control systems, as well as the development of policies and procedures for asset management, such as asset tracking, inventory control, and asset disposal. Asset security also includes the monitoring of assets to detect any unauthorized access or suspicious activity., topic=[{id=97620570528, createdAt=1673040885452, updatedAt=1683947994134, path='cybersecurity-risk-management', name=' Cybersecurity Risk Management: A Guide for Businesses', 1='{type=string, value=Cybersecurity Risk Management}', 2='{type=string, value= This guide provides essential information on cyber security risk management, including how to identify, assess, and mitigate risks to your organization's data and systems. Learn how to create a cyber security strategy that}', 5='{type=string, value=This Cybersecurity Risk Management Guide is designed to provide an authoritative overview of the key concepts and processes associated with effective cybersecurity risk management. It provides an introduction to the principles of risk management and the key steps involved in developing a successful risk management plan. It outlines the importance of understanding the threats and vulnerabilities that exist in the digital environment, as well as the steps that can be taken to mitigate these risks. It also discusses the need to develop a culture of security within an organization and the role of leadership in setting the tone for a secure environment. Finally, the guide provides guidance on the selection and implementation of security technologies, as well as the monitoring and review of risk management processes. This guide is an essential resource for anyone looking to understand and manage risks associated with cyber threats.}'}], hs_path=asset-security}--
{tableName=glossary, name=Cryptography, description= Cryptography is the practice and study of techniques for secure communication in the presence of third parties. It is used to protect confidential information and to ensure its authenticity and integrity. Cryptography involves the use of mathematical algorithms, protocols, and techniques to protect data from unauthorized access, modification, and disclosure. It is also used to protect data from being read or intercepted by an unintended recipient. Cryptography includes both symmetric and asymmetric encryption, digital signatures, and public-key infrastructure. Cryptography is used to protect data in transit, at rest, and in storage. It is also used to protect data from being tampered with or manipulated. Cryptography is used in various applications, such as banking, military, and government communications, to ensure the confidentiality, integrity, and authenticity of information., topic=null, hs_path=cryptography}--
Cybersecurity Risk Management
Cybersecurity Risk Appetite

Cybersecurity Risk Appetite is the level of risk an organization is willing to accept in order to ac...

NIST SP 800-53
NIST SP 800-53 Enhanced Controls

NIST SP 800-53 Enhanced Controls are additional security controls that are designed to supplement th...

ISO/IEC 27002 Importance

ISO/IEC 27002 is an international standard for information security management, which provides best ...

Network

A network is a system of interconnected components, such as computers, servers, and other peripheral...

Cybersecurity Risk Management
Asset Security

Asset security is the protection of physical and digital assets from unauthorized access, use, discl...

Cryptography

Cryptography is the practice and study of techniques for secure communication in the presence of thi...

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Download
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks