Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

On-Demand Webinar

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

See all webinars
{tableName=glossary, name=Cybersecurity Credentials, description= Cybersecurity credentials are a set of qualifications and certifications that a person or organization holds to demonstrate their knowledge and proficiency in the field of cybersecurity. These credentials may include certifications from industry-recognized organizations such as the International Information Systems Security Certification Consortium (ISC2), the Computing Technology Industry Association (CompTIA), the Certified Information Systems Security Professional (CISSP), and the Information Systems Audit and Control Association (ISACA). Cybersecurity credentials also may include certifications from universities and other educational institutions, as well as certifications from government agencies like the National Security Agency (NSA). Cybersecurity credentials are important for both individuals and organizations, as they demonstrate the expertise and knowledge of the holder in the field of cybersecurity and provide assurance that the holder is up-to-date on the latest security practices and technologies., topic=null, hs_path=cybersecurity-credentials}--
{tableName=glossary, name=ISO/IEC 27001 Domains, description= ISO/IEC 27001 Domains refer to the five core areas of information security management that must be addressed in order to comply with the ISO/IEC 27001 standard. These domains are: Information Security Policy, Organisation of Information Security, Asset Management, Access Control, Cryptography, Physical and Environmental Security, System Acquisition, Development and Maintenance, Incident Management, Business Continuity Management, Compliance. Each domain is further broken down into specific requirements that must be met in order for an organisation to be compliant with the standard. The Information Security Policy domain requires the establishment of an information security policy, the Organisation of Information Security domain requires the implementation of a security management structure and the definition of roles and responsibilities, the Asset Management domain requires the identification, classification and control of assets, the Access Control domain requires the implementation of measures to protect against unauthorised access to assets, the Cryptography domain requires the use of cryptography to protect assets, the Physical and Environmental Security domain requires the implementation of physical and environmental security measures, the System Acquisition, Development and Maintenance domain requires the implementation of security measures throughout the system development life cycle, the Incident Management domain requires the establishment of incident response procedures, the Business Continuity Management domain requires the implementation of measures to ensure business continuity, and the Compliance domain requires the implementation of measures to ensure compliance with applicable laws and regulations., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-domains}--
{tableName=glossary, name=ISO/IEC Data Center, description= ISO/IEC Data Center is a facility that houses computer systems and associated components, such as telecommunications and storage systems. It generally includes redundant or backup power supplies, redundant data communications connections, environmental controls (e.g. air conditioning, fire suppression) and various security devices. The main purpose of a data center is to process, store, and distribute large amounts of data. Data centers are typically used by large organizations and businesses to store and process their data, including financial records, customer data, and other confidential information. ISO/IEC Data Centers are designed to adhere to the ISO/IEC standards for data center design, operation, and management. These standards provide guidelines for data center design, operation, and management that ensure the highest levels of reliability, availability, security, and performance. These standards also provide guidance on how to minimize the risk of data loss or corruption, and how to efficiently and securely manage and store data., topic=null, hs_path=iso-iec-data-center}--
{tableName=glossary, name=Governance Risk & Compliance (GRC) Software, description= Governance, Risk & Compliance (GRC) Software is a type of software that provides organizations with a comprehensive set of tools to effectively manage their risk and compliance obligations. GRC Software helps organizations identify, assess, monitor, and manage their risks and compliance obligations in a systematic and organized manner. It can also provide organizations with a clear view of their current risk and compliance posture, as well as the ability to detect and respond to potential risks and compliance issues. GRC Software typically includes features such as risk assessment, audit management, policy management, and reporting. GRC Software can be used to ensure that organizations are meeting their legal, regulatory, and internal requirements, as well as helping them to identify and mitigate potential risks before they become problems. GRC Software is essential for organizations to ensure that they are compliant with applicable laws and regulations, as well as to protect their reputation and assets., topic=null, hs_path=governance-risk-compliance-grc-software}--
{tableName=glossary, name=Cyber-Risk Quantification, description= Cyber-Risk Quantification is a process of assessing the potential risks associated with a company’s digital assets, networks, and data. This process involves evaluating the likelihood of a cyber-attack or data breach, the potential financial, operational, and reputational losses that may result from such an attack, and the cost of implementing measures to mitigate the risk. Cyber-Risk Quantification also includes the identification and assessment of the vulnerabilities that could lead to a successful attack, the likelihood of a successful attack, and the potential damage that could be done by a successful attack. Cyber-Risk Quantification is an essential part of any company’s risk management strategy, and it helps organizations to identify and prioritize the risks they face, understand the threats they face, and make informed decisions about how to protect their digital assets, networks, and data., topic=[{id=97620570512, createdAt=1673040885353, updatedAt=1683947931775, path='vulnerability-management', name=' Vuln Mgmt Guide: Learn to Protect Your Business', 1='{type=string, value=Vulnerability Management}', 2='{type=string, value= Learn how to identify, assess, and manage security vulnerabilities in your organization with this comprehensive guide to Vulnerability Management. Get started now!}', 5='{type=string, value=This Vulnerability Management Guide provides an authoritative overview of the processes, strategies, and best practices for effectively managing vulnerabilities in an organization's IT systems. It explains the importance of vulnerability management and outlines the steps needed to build an effective vulnerability management program. It also covers the various tools and techniques used to identify, assess, and remediate vulnerabilities, as well as the importance of monitoring and reporting on the program's progress. Finally, the guide provides guidance on how to select the appropriate security solutions for an organization's needs. By following the advice in this guide, organizations can ensure that their systems are secure and their data is protected.}'}], hs_path=cyber-risk-quantification}--
{tableName=glossary, name=APRA CPS 234, description= APRA CPS 234 is an information security standard developed by the Australian Prudential Regulation Authority (APRA) to provide guidance on the security controls organizations should implement to protect their information and systems. The standard is based on the ISO/IEC 27002:2013 and provides a set of security requirements which organizations must comply with in order to protect their information assets. It covers topics such as access control, physical and environmental security, asset management, cryptography, system development and maintenance, incident management, and business continuity. APRA CPS 234 requires organizations to identify, assess and manage risk, and to develop and implement an information security program that meets the requirements of the standard. The standard also requires organizations to monitor, test and review their security controls on an ongoing basis., topic=[{id=97620570527, createdAt=1673040885446, updatedAt=1683947990333, path='apra-cps-234', name=' APRA CPS 234 Guide: Cyber Security Requirements', 1='{type=string, value=APRA CPS 234}', 2='{type=string, value= This guide provides a comprehensive overview of APRA CPS 234, the Australian Prudential Regulation Authority's (APRA) requirements for information security management. Learn how to protect your organisation's data}', 5='{type=string, value=The APRA CPS 234 Guide provides authoritative guidance to help organizations implement effective cybersecurity strategies. Written by the Australian Prudential Regulation Authority (APRA), this guide outlines the essential elements of a cyber security framework and outlines best practices for protecting data and systems from cyber threats. It provides detailed guidance on how to assess risk, implement safeguards, and respond to cyber incidents. The guide also includes information on how to develop policies and procedures, educate staff, and monitor cyber security performance. With this guide, organizations can ensure that their systems are secure and their data is protected.}'}], hs_path=apra-cps-234}--

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...