Skip to content
Master Security Compliance: Join our upcoming webinar!

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
Cyber Threat Intelligence and AI-Driven GRC: Your Cybersecurity Solution
On-demand Webinar

Cyber Threat Intelligence and AI-Driven GRC: Your ...

Join industry experts Dr. Heather Buker - Chief Technology Officer, 6clicks and Karla Reffold, General Manager, Orpheus Cyber as they delve into how o...

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Register Now
Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

Register Now
How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

Register Now
See all webinars

Latest Answers

ASD Essential 8

Who has to comply with ASD Essential 8?

What is ASD Essential 8? The Australian Signals Di...

NIST Cybersecurity Framework (CSF)

Is NIST a standard or framework?

What is NIST? NIST, which stands for the National ...

ASD Essential 8

What is the ASD Essential Eight model?

What is the ASD essential eight model? The ASD Ess...

{tableName=glossary, name=Attack Surface, description= Attack Surface is the total sum of potential points of attack in a system, network, or application. It is the combination of hardware, software, and network configurations that can be targeted by an attacker. It includes all the services, ports, protocols, user interfaces, authentication mechanisms, and other components that are exposed to the outside world. Attack Surface can also be defined as the sum of all the vulnerabilities that exist in a system, network, or application. A large attack surface can increase the chances of a successful attack, as it provides more potential points of entry for an attacker. Therefore, reducing the attack surface of a system or application is an important part of any security strategy., topic=[{id=97620570512, createdAt=1673040885353, updatedAt=1683947931775, path='vulnerability-management', name=' Vuln Mgmt Guide: Learn to Protect Your Business', 1='{type=string, value=Vulnerability Management}', 2='{type=string, value= Learn how to identify, assess, and manage security vulnerabilities in your organization with this comprehensive guide to Vulnerability Management. Get started now!}', 5='{type=string, value=This Vulnerability Management Guide provides an authoritative overview of the processes, strategies, and best practices for effectively managing vulnerabilities in an organization's IT systems. It explains the importance of vulnerability management and outlines the steps needed to build an effective vulnerability management program. It also covers the various tools and techniques used to identify, assess, and remediate vulnerabilities, as well as the importance of monitoring and reporting on the program's progress. Finally, the guide provides guidance on how to select the appropriate security solutions for an organization's needs. By following the advice in this guide, organizations can ensure that their systems are secure and their data is protected.}'}], hs_path=attack-surface}--
{tableName=comparison, name=SOC 2 vs PCI-DSS, description= SOC 2 and PCI-DSS are two important security standards for organizations. Learn the differences between them and how they can help you protect your data., topic=[{id=97620570514, createdAt=1673040885366, updatedAt=1683947939686, path='soc-2', name=' SOC 2 Compliance: A Comprehensive Guide', 1='{type=string, value=SOC 2}', 2='{type=string, value= Compliance SOC 2 Compliance Guide: Learn the basics of SOC 2 compliance and how to ensure your organization meets the necessary standards. Get expert advice and resources to help you understand and implement the necessary}', 5='{type=string, value=This comprehensive guide provides an in-depth look at SOC 2, a set of standards used to assess the security, availability, processing integrity, confidentiality, and privacy of a service organization. It is designed to help service organizations understand the requirements of the SOC 2 framework, as well as how to implement and maintain the necessary controls to achieve compliance. This guide provides a detailed overview of the SOC 2 framework, including the five trust principles, the criteria used to evaluate those principles, and the process organizations must go through to become compliant. Additionally, this guide provides best practices for organizations to ensure they remain compliant, as well as advice on how to handle any non-compliance issues that may arise. With this guide, service organizations can gain a better understanding of the SOC 2 framework and how to use it to maintain the security and privacy of their customers' data.}'}], hs_path=soc-2-vs-pci-dss}--
{tableName=glossary, name=ISO/IEC 27001 And ISO/IEC 27002, description= ISO/IEC 27001 and ISO/IEC 27002 are international standards developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO/IEC 27001 is an Information Security Management System (ISMS) standard that provides organizations with a framework for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an information security management system. It helps organizations manage the security of assets such as financial information, intellectual property, employee details, or information entrusted to them by third parties. ISO/IEC 27002 is a code of practice for information security management that provides guidelines for the selection, implementation, and management of security controls to protect information assets. It is based on the Plan-Do-Check-Act (PDCA) cycle and provides advice on the best practices for managing information security. It is designed to be used in conjunction with ISO/IEC 27001, but can also be used as a standalone guide., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-and-iso-iec-27002}--
{tableName=glossary, name=Integrated Risk Management (IRM), description= Integrated Risk Management (IRM) is a comprehensive approach to managing risk across an organization. It is a structured process for identifying, assessing, and responding to risk factors in a coordinated and systematic way. IRM takes into account the entire organization’s risk profile and identifies areas of risk that could have an impact on the organization’s objectives. It is designed to ensure that risks are managed in a holistic manner and that resources are used efficiently to reduce the overall risk to the organization. IRM includes risk identification, risk assessment, risk response, and risk monitoring. It also includes the development of risk management plans and strategies, as well as the implementation of risk management processes and procedures. IRM is a proactive approach to risk management and seeks to identify, assess, and manage risks before they become a problem., topic=null, hs_path=integrated-risk-management-irm}--
{tableName=glossary, name=Incident Response Plan, description= An Incident Response Plan is a set of written instructions that outlines the steps an organization should take when responding to a security incident. It is a comprehensive document that covers all aspects of incident response, from initial detection and analysis to containment, eradication, and recovery. The plan should also include post-incident activities such as reporting, analysis, and follow-up. The plan should be tailored to the organization’s specific needs, and should include policies and procedures for responding to incidents, such as a communications plan, a notification plan, and a process for gathering evidence. The plan should also include roles and responsibilities for staff and resources, both internal and external, that will be involved in the incident response process., topic=null, hs_path=incident-response-plan}--
{tableName=glossary, name=APRA CPS 234, description= APRA CPS 234 is an information security standard developed by the Australian Prudential Regulation Authority (APRA) to provide guidance on the security controls organizations should implement to protect their information and systems. The standard is based on the ISO/IEC 27002:2013 and provides a set of security requirements which organizations must comply with in order to protect their information assets. It covers topics such as access control, physical and environmental security, asset management, cryptography, system development and maintenance, incident management, and business continuity. APRA CPS 234 requires organizations to identify, assess and manage risk, and to develop and implement an information security program that meets the requirements of the standard. The standard also requires organizations to monitor, test and review their security controls on an ongoing basis., topic=[{id=97620570527, createdAt=1673040885446, updatedAt=1683947990333, path='apra-cps-234', name=' APRA CPS 234 Guide: Cyber Security Requirements', 1='{type=string, value=APRA CPS 234}', 2='{type=string, value= This guide provides a comprehensive overview of APRA CPS 234, the Australian Prudential Regulation Authority's (APRA) requirements for information security management. Learn how to protect your organisation's data}', 5='{type=string, value=The APRA CPS 234 Guide provides authoritative guidance to help organizations implement effective cybersecurity strategies. Written by the Australian Prudential Regulation Authority (APRA), this guide outlines the essential elements of a cyber security framework and outlines best practices for protecting data and systems from cyber threats. It provides detailed guidance on how to assess risk, implement safeguards, and respond to cyber incidents. The guide also includes information on how to develop policies and procedures, educate staff, and monitor cyber security performance. With this guide, organizations can ensure that their systems are secure and their data is protected.}'}], hs_path=apra-cps-234}--
Vulnerability Management
Attack Surface

Attack Surface is the total sum of potential points of attack in a system, network, or application. ...

SOC 2
SOC 2 vs PCI-DSS

SOC 2 and PCI-DSS are two important security standards for organizations. Learn the differences betw...

ISO 27001
ISO/IEC 27001 And ISO/IEC 27002

ISO/IEC 27001 and ISO/IEC 27002 are international standards developed by the International Organizat...

Integrated Risk Management (IRM)

Integrated Risk Management (IRM) is a comprehensive approach to managing risk across an organization...

Incident Response Plan

An Incident Response Plan is a set of written instructions that outlines the steps an organization s...

APRA CPS 234
APRA CPS 234

APRA CPS 234 is an information security standard developed by the Australian Prudential Regulation A...

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Download
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks