Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
See 6clicks in Action: Simplifying GRC with a Quick Demo
On-demand Webinar

See 6clicks in Action: Simplifying GRC with a Quic...

Join us for a demo with Michelle Teunissen, Chief Revenue Officer of 6clicks, as she showcases how our platform can simplify your GRC processes.

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Register Now
Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

Register Now
How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

Register Now
See all webinars

Latest Answers

ASD Essential 8

Who has to comply with ASD Essential 8?

What is ASD Essential 8? The Australian Signals Di...

NIST Cybersecurity Framework (CSF)

Is NIST a standard or framework?

What is NIST? NIST, which stands for the National ...

ASD Essential 8

What is the ASD Essential Eight model?

What is the ASD essential eight model? The ASD Ess...

{tableName=glossary, name=Cybersecurity Gamification, description= Cybersecurity Gamification is the process of using game-like elements and techniques to enhance the effectiveness of cybersecurity awareness and training. It can involve creating interactive, game-like experiences to simulate real-world scenarios, providing rewards and recognition for completing challenges, and providing incentives to motivate users to engage in cybersecurity activities. Cybersecurity gamification may also involve creating a competitive environment to encourage users to practice and improve their cybersecurity skills, as well as to promote collaboration between users in order to increase overall security. Cybersecurity gamification is becoming increasingly popular as a way to engage users in cybersecurity training and to increase their awareness of the importance of security., topic=null, hs_path=cybersecurity-gamification}--
{tableName=glossary, name=COBIT Framework Goals, description= The COBIT Framework Goals are a set of high-level objectives that provide guidance on the desired outcomes of IT governance and management processes. They are used to define the scope of IT governance and management activities and to ensure that IT-related activities are aligned with the organization’s overall business objectives. The COBIT Framework Goals provide a comprehensive view of IT governance and management activities and are designed to enable organizations to optimize the use of IT resources to achieve their strategic objectives. The COBIT Framework Goals are divided into four domains: Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate. The Plan and Organize domain focuses on the strategic planning and organizational design of IT governance and management processes. The Acquire and Implement domain focuses on the procurement and implementation of IT systems. The Deliver and Support domain focuses on the delivery of IT services and the management of IT operations. The Monitor and Evaluate domain focuses on the monitoring and evaluation of IT performance. The COBIT Framework Goals are designed to provide organizations with a comprehensive view of IT governance and management activities and to ensure that IT-related activities are aligned with the organization’s overall business objectives., topic=null, hs_path=cobit-framework-goals}--
{tableName=glossary, name=ISO/IEC 27002:2022, description= ISO/IEC 27002:2022 is an international standard for information security management systems (ISMS) developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It provides best practice recommendations for organizations on how to manage their information security in order to protect their information assets. The standard provides a comprehensive set of control objectives and controls to help organizations protect their information assets, including those related to information security management, risk assessment and management, asset management, access control, cryptography, physical and environmental security, operations security, communications security, system acquisition, development, and maintenance, and supplier relationships. The standard also provides guidance on the implementation of an ISMS, including the roles and responsibilities of personnel, the selection and implementation of security controls, and the monitoring and review of the ISMS., topic=null, hs_path=iso-iec-270022022}--
{tableName=glossary, name=Threat Modeling Frameworks And Methodologies, description= Threat Modeling Frameworks and Methodologies are a set of concepts, processes, and techniques used to identify, analyze, and respond to potential threats to an organization’s information systems. These frameworks and methodologies are designed to help organizations better understand their security posture and identify areas of vulnerability. The goal of threat modeling is to provide an organized approach to understanding the threats that an organization faces and to provide a framework for taking appropriate actions to reduce or eliminate those threats. A threat model typically includes a threat assessment, risk analysis, and a strategy for mitigating any identified threats. The assessment typically includes identifying the assets that need to be protected, the threats posed to those assets, the likelihood of those threats, and the potential impact of those threats. Risk analysis includes understanding the potential risks associated with each threat, the potential cost of those risks, and the potential mitigation strategies available. Finally, the strategy for mitigating threats includes a plan for deploying countermeasures and monitoring the effectiveness of those countermeasures., topic=[{id=97620570512, createdAt=1673040885353, updatedAt=1683947931775, path='vulnerability-management', name=' Vuln Mgmt Guide: Learn to Protect Your Business', 1='{type=string, value=Vulnerability Management}', 2='{type=string, value= Learn how to identify, assess, and manage security vulnerabilities in your organization with this comprehensive guide to Vulnerability Management. Get started now!}', 5='{type=string, value=This Vulnerability Management Guide provides an authoritative overview of the processes, strategies, and best practices for effectively managing vulnerabilities in an organization's IT systems. It explains the importance of vulnerability management and outlines the steps needed to build an effective vulnerability management program. It also covers the various tools and techniques used to identify, assess, and remediate vulnerabilities, as well as the importance of monitoring and reporting on the program's progress. Finally, the guide provides guidance on how to select the appropriate security solutions for an organization's needs. By following the advice in this guide, organizations can ensure that their systems are secure and their data is protected.}'}], hs_path=threat-modeling-frameworks-and-methodologies}--
{tableName=guides, name=Distributed GRC, description=This expert guide explores the challenges of managing risk and compliance in distributed organizations..., topic=null, hs_path=distributed-grc}--
{tableName=glossary, name=ISO/IEC /IEC 27003:2017 Requirements, description= for an Information Security Management System ISO/IEC 27003:2017 is an international standard that provides guidance on the establishment, implementation, monitoring, maintenance, and improvement of an Information Security Management System (ISMS). It outlines the requirements for an organization to define, implement, and maintain an effective ISMS that meets the organization’s security objectives. The standard is based on the ISO/IEC 27002:2013 code of practice for information security management and the ISO/IEC 27001:2013 information security management system requirements. ISO/IEC 27003:2017 provides guidance on the planning, design, implementation, assessment, and improvement of an ISMS. It also provides guidance on how to develop and maintain an ISMS that meets the organization’s security objectives, including the implementation of information security controls and the management of information security risks. Additionally, the standard provides guidance on the management of information security incidents and the development of information security policies and procedures., topic=null, hs_path=iso-iec-iec-270032017-requirements}--
Cybersecurity Gamification

Cybersecurity Gamification is the process of using game-like elements and techniques to enhance the ...

COBIT Framework Goals

The COBIT Framework Goals are a set of high-level objectives that provide guidance on the desired ou...

ISO/IEC 27002:2022

ISO/IEC 27002:2022 is an international standard for information security management systems (ISMS) d...

Vulnerability Management
Threat Modeling Frameworks And Methodologies

Threat Modeling Frameworks and Methodologies are a set of concepts, processes, and techniques used t...

Distributed GRC

This expert guide explores the challenges of managing risk and compliance in distributed organizatio...

ISO/IEC /IEC 27003:2017 Requirements

for an Information Security Management System ISO/IEC 27003:2017 is an international standard that p...

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Download
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks