Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

On-Demand Webinar

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

See all webinars
{tableName=glossary, name=Risk, description= Risk is the potential for loss or harm that can be caused by making a decision or taking an action. It is the uncertainty of an outcome or the potential of suffering harm or loss. Risk can be both positive and negative; it can include financial, physical, psychological, and legal risks. Risk can be managed through an assessment of the potential outcomes, the likelihood of each outcome, and the consequences of each outcome. Risk management involves identifying, assessing, and managing risks, as well as developing strategies to minimize or prevent potential losses. Risk management is a critical part of any business, organization, or individual's decision-making process., topic=[{id=97620570509, createdAt=1673040885334, updatedAt=1683947919413, path='enterprise-risk-management', name=' Enterprise Risk Management Guide: A Comprehensive Guide', 1='{type=string, value=Enterprise Risk Management}', 2='{type=string, value= This guide provides an overview of Enterprise Risk Management and its processes, enabling you to develop a risk management strategy and plan for your organization. Learn how to identify, assess, and mitigate risks.}', 5='{type=string, value=This authoritative guide provides an overview of enterprise risk management (ERM) and its essential components. It is designed to help business leaders understand the fundamentals of ERM and develop the skills and knowledge needed to effectively manage risk in their organizations. The guide begins by defining ERM and outlining its main objectives. It then examines the key elements of ERM, including risk identification, assessment, and management. It also covers the importance of risk culture and the role of technology in ERM. Finally, the guide provides best practices for implementing and maintaining an effective ERM program. With this guide, business leaders will gain the knowledge and tools needed to effectively manage risk in their organizations.}'}], hs_path=risk}--
{tableName=glossary, name=Watering Hole Attack, description= A watering hole attack is a type of cyber attack that targets a specific group of users by compromising a website that they are known to visit. The attacker will infect the website with malicious code, such as malware, that can be used to gain access to the user's computer or network. The malicious code can be used to steal user data, install ransomware, or even launch further attacks. In some cases, the attacker may use the website to spread their malicious code to other users. Watering hole attacks can be difficult to detect and prevent, and they can be used to target specific individuals, organizations, or even entire countries., topic=null, hs_path=watering-hole-attack}--
{tableName=glossary, name=Implementation ISO/IEC 27003, description= Implementation ISO/IEC 27003 is a standard for information security management systems (ISMS) that provides guidelines and best practices for establishing, implementing, and maintaining an effective ISMS. It is based on the ISO/IEC 27001 standard and is intended to help organizations develop, implement, and maintain an ISMS that will protect their information assets and comply with applicable laws and regulations. The standard is divided into five sections: scope, objectives and principles, implementation, management, and assessment and audit. The scope section outlines the scope of the standard and provides an overview of the ISMS. The objectives and principles section describes the objectives of the ISMS and the principles that should be followed in order to achieve these objectives. The implementation section outlines the steps and processes necessary to implement an effective ISMS. The management section provides guidance for the management of the ISMS, including the development of policies and procedures, the implementation of security controls, and the monitoring and review of the ISMS. The assessment and audit section provides guidance on the assessment and audit of the ISMS., topic=null, hs_path=implementation-iso-iec-27003}--
{tableName=glossary, name=Risk Control Self Assessment (RCSA), description= Risk Control Self Assessment (RCSA) is a systematic process used to identify, assess, monitor, and control risks within an organization. It is a tool used to ensure that risks are managed effectively, efficiently, and in accordance with organizational objectives. The RCSA process typically involves the identification of risk areas, the assessment of the risks, the application of control measures, the monitoring of risk levels, and the review of the risk management program. The RCSA process is designed to be an ongoing cycle, with continual feedback and improvement of the risk management program. The goal of the RCSA process is to ensure that risks are identified, assessed, and managed in a timely and effective manner. The RCSA process also helps to ensure that risks are managed in a way that is consistent with the organization's objectives., topic=null, hs_path=risk-control-self-assessment-rcsa}--
{tableName=glossary, name=Incident management, description= Incident management is the process of managing the lifecycle of all incidents that occur within an organization. This process includes the identification, triage, investigation, resolution, and closure of each incident. It also includes the communication of the incident to all stakeholders, and the monitoring of the incident to ensure it is being addressed in a timely and effective manner. Incident management is a critical component of an organization's overall risk management strategy, as it helps to ensure that incidents are addressed quickly and effectively, and that any risks associated with the incident are minimized., topic=null, hs_path=incident-management}--
{tableName=glossary, name=Data Access Management, description= Data Access Management is the practice of controlling and monitoring the access of users to an organization’s data and systems. It is a critical component of an organization’s security strategy, as it can help prevent unauthorized access to sensitive data and systems, as well as ensure that only authorized users are able to access the data and systems. Data Access Management can include the implementation of policies, procedures, and technologies to ensure that only those users with the appropriate access rights are able to access the data and systems. Examples of Data Access Management technologies include user authentication, authorization, and access control. Additionally, Data Access Management can be used to ensure that the data and systems are being used in accordance with the organization’s security policies and procedures. Data Access Management is essential to protect the organization’s data and systems from unauthorized access and to ensure that only authorized users are able to access the data and systems., topic=null, hs_path=data-access-management}--

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...