Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

See all webinars
{tableName=glossary, name=Risk Register, description= A Risk Register is a document used to record and track all identified risks associated with a project, process, or activity. It is a tool used to identify, monitor, and control potential risks that could arise during the project lifecycle. It typically includes information such as the risk description, its potential impact, the likelihood of occurrence, the actions taken to mitigate the risk, and the responsible party. The Risk Register is an essential part of the risk management process and is used to ensure that all risks are identified, evaluated, and managed appropriately. It also helps to ensure that potential risks are monitored and managed in a timely manner, and that the project team is informed of any changes to the risk status., topic=null, hs_path=risk-register}--
{tableName=glossary, name=DPIS Stages, description= DPIS Stages: A DPIS (Data Processing and Information System) Stage is a set of activities that are used to acquire, process, store and analyze data in order to generate information that can be used to make decisions. The stages are usually divided into four categories: data acquisition, data processing, data storage and data analysis. Data acquisition involves collecting data from various sources, such as surveys, interviews, and databases. Data processing involves formatting and organizing the data into a usable format. Data storage involves storing the data in a secure and efficient manner. Finally, data analysis involves using the data to generate insights and inform decisions., topic=null, hs_path=dpis-stages}--
{tableName=glossary, name=Risk Management Policy, description= A Risk Management Policy is a document that outlines steps and procedures to be taken by an organization to identify, assess, and manage risks associated with its operations. It is a comprehensive plan that outlines the roles and responsibilities of all stakeholders in the risk management process, as well as the process of monitoring and evaluating risks. The goal of a Risk Management Policy is to ensure that risks are identified and managed in a proactive, systematic, and cost-effective manner. It should also provide guidance on how to respond to potential risks and how to mitigate their impact. The policy should be reviewed and updated regularly to ensure that it remains current and relevant., topic=[{id=97620570509, createdAt=1673040885334, updatedAt=1683947919413, path='enterprise-risk-management', name=' Enterprise Risk Management Guide: A Comprehensive Guide', 1='{type=string, value=Enterprise Risk Management}', 2='{type=string, value= This guide provides an overview of Enterprise Risk Management and its processes, enabling you to develop a risk management strategy and plan for your organization. Learn how to identify, assess, and mitigate risks.}', 5='{type=string, value=This authoritative guide provides an overview of enterprise risk management (ERM) and its essential components. It is designed to help business leaders understand the fundamentals of ERM and develop the skills and knowledge needed to effectively manage risk in their organizations. The guide begins by defining ERM and outlining its main objectives. It then examines the key elements of ERM, including risk identification, assessment, and management. It also covers the importance of risk culture and the role of technology in ERM. Finally, the guide provides best practices for implementing and maintaining an effective ERM program. With this guide, business leaders will gain the knowledge and tools needed to effectively manage risk in their organizations.}'}], hs_path=risk-management-policy}--
{tableName=glossary, name=Risk Mitigation, description= Risk mitigation is the process of identifying, assessing, and reducing the potential for negative impacts of risks to an organization's objectives. It involves developing strategies to manage the risks and implementing those strategies to reduce the likelihood of their occurrence and/or the severity of their impact. Risk mitigation strategies can include risk avoidance, risk transfer, risk sharing, risk reduction, risk acceptance, and risk control. Risk avoidance involves eliminating or avoiding activities or situations that could result in the risk. Risk transfer involves transferring the risk to another party, such as an insurance company, who will assume the risk in exchange for a fee. Risk sharing involves sharing the risk between parties, such as when two companies form a joint venture. Risk reduction involves reducing the likelihood of the risk occurring or the severity of its impact. Risk acceptance involves accepting the risk and taking no action to reduce it. Risk control involves implementing measures to reduce the risk, such as implementing safety protocols or installing security systems., topic=[{id=97620570509, createdAt=1673040885334, updatedAt=1683947919413, path='enterprise-risk-management', name=' Enterprise Risk Management Guide: A Comprehensive Guide', 1='{type=string, value=Enterprise Risk Management}', 2='{type=string, value= This guide provides an overview of Enterprise Risk Management and its processes, enabling you to develop a risk management strategy and plan for your organization. Learn how to identify, assess, and mitigate risks.}', 5='{type=string, value=This authoritative guide provides an overview of enterprise risk management (ERM) and its essential components. It is designed to help business leaders understand the fundamentals of ERM and develop the skills and knowledge needed to effectively manage risk in their organizations. The guide begins by defining ERM and outlining its main objectives. It then examines the key elements of ERM, including risk identification, assessment, and management. It also covers the importance of risk culture and the role of technology in ERM. Finally, the guide provides best practices for implementing and maintaining an effective ERM program. With this guide, business leaders will gain the knowledge and tools needed to effectively manage risk in their organizations.}'}], hs_path=risk-mitigation}--
{tableName=glossary, name=ISO/IEC 27001 Penetration Testing, description= ISO/IEC 27001 Penetration Testing is a type of security testing that is used to evaluate the security of an organization’s information systems and networks. It is designed to identify, analyze, and report on any vulnerabilities that may exist in an organization’s security infrastructure. The goal of penetration testing is to find, exploit, and help correct any weaknesses in the system before they can be exploited by malicious actors. During a penetration test, an ethical hacker attempts to gain access to an organization’s systems and networks, either by exploiting known vulnerabilities or by using social engineering tactics. The tester then documents and reports on the findings, including any potential risks and recommended countermeasures. The results of the penetration test are then used to develop a comprehensive security plan that can help protect the organization’s systems and data., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-penetration-testing}--
{tableName=glossary, name=Information Security Risk Management, description= Information Security Risk Management is the process of identifying, assessing, and controlling risks associated with the use of information systems. It involves analyzing the potential risks associated with the use of information systems, developing strategies to manage those risks, and implementing measures to protect the security of the information systems. Risk management includes assessing the likelihood of a security breach, evaluating the potential consequences of such a breach, and formulating a plan of action to reduce the risks. It also involves developing policies and procedures to ensure the security of information systems, establishing controls to prevent unauthorized access to information systems, monitoring security events, and responding to security incidents. Risk management is an ongoing process that must be regularly monitored and updated to ensure the security of information systems., topic=null, hs_path=information-security-risk-management}--

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...