Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Cyber Threat Intelligence and AI-Driven GRC: Your Cybersecurity Solution
Live Webinar

Cyber Threat Intelligence and AI-Driven GRC: Your ...

Join industry experts Dr. Heather Buker - Chief Technology Officer, 6clicks and Karla Reffold, General Manager, Orpheus Cyber as they delve into how o...

On-Demand Webinar

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Register Now
Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

Register Now
How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

Register Now
See all webinars

Latest Answers

ASD Essential 8

Who has to comply with ASD Essential 8?

What is ASD Essential 8? The Australian Signals Di...

NIST Cybersecurity Framework (CSF)

Is NIST a standard or framework?

What is NIST? NIST, which stands for the National ...

ASD Essential 8

What is the ASD Essential Eight model?

What is the ASD essential eight model? The ASD Ess...

{tableName=glossary, name=Incident Management Framework, description= Incident Management Framework is a set of processes, procedures, and systems that organizations use to manage and respond to incidents. It is an organized approach to addressing and resolving incidents quickly and efficiently. The framework typically includes the following components: incident identification, incident classification, incident response, incident resolution, and incident reporting. The goal of an incident management framework is to ensure that incidents are handled in a timely, consistent, and effective manner. It also helps to ensure that the organization is prepared to handle any potential incidents that may arise. This framework can help organizations to reduce the amount of time and resources required to respond to incidents, as well as to improve the organization's overall security posture., topic=[{id=97620570528, createdAt=1673040885452, updatedAt=1683947994134, path='cybersecurity-risk-management', name=' Cybersecurity Risk Management: A Guide for Businesses', 1='{type=string, value=Cybersecurity Risk Management}', 2='{type=string, value= This guide provides essential information on cyber security risk management, including how to identify, assess, and mitigate risks to your organization's data and systems. Learn how to create a cyber security strategy that}', 3='{type=string, value=Write the overview for an authoritative guide based on: Cybersecurity Risk Management Guide}', 5='{type=string, value=This Cybersecurity Risk Management Guide is designed to provide an authoritative overview of the key concepts and processes associated with effective cybersecurity risk management. It provides an introduction to the principles of risk management and the key steps involved in developing a successful risk management plan. It outlines the importance of understanding the threats and vulnerabilities that exist in the digital environment, as well as the steps that can be taken to mitigate these risks. It also discusses the need to develop a culture of security within an organization and the role of leadership in setting the tone for a secure environment. Finally, the guide provides guidance on the selection and implementation of security technologies, as well as the monitoring and review of risk management processes. This guide is an essential resource for anyone looking to understand and manage risks associated with cyber threats.}', 7='{type=string, value=Write a web page title with no special characters and a maximum of 60 characters based on: Cybersecurity Risk Management Guide}', 8='{type=string, value=Write the overview for an authoritative guide based on: Cybersecurity Risk Management Guide}', 9='{type=string, value=20}', 10='{type=string, value=40}', 11='{type=string, value=200}', 12='{type=number, value=0}'}], hs_path=incident-management-framework}--
{tableName=glossary, name=ISO/IEC 27014, description= ISO/IEC 27014 is an international standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) that provides guidance on the development and implementation of an effective governance framework for information security. The standard outlines a comprehensive set of principles, processes, and practices to ensure the confidentiality, integrity, and availability of information. It emphasizes the importance of risk management, security controls, and the need to ensure that all information security activities are carried out in an organized and systematic manner. ISO/IEC 27014 also outlines the roles and responsibilities of all stakeholders involved in the governance of information security, including the security team, senior management, and the board of directors. Additionally, the standard provides guidance on the development of an information security policy, the implementation of security controls, and the monitoring and reporting of security incidents., topic=null, hs_path=iso-iec-27014}--
{tableName=glossary, name=ISO/IEC /IEC 27004:2016 Clauses, description= ISO/IEC 27004:2016 Clauses is an international standard that provides guidance and best practices for measuring and managing the performance of Information Security Management Systems (ISMS). It is based on the ISO/IEC 27001:2013 standard and provides a framework for organizations to assess and improve their security posture. The standard is divided into six main sections, each of which contains a number of clauses. The sections cover topics such as security management, security controls, risk assessment and management, security incident management, security monitoring, and security assurance. Each clause provides guidance on the requirements for the specific topic and includes examples of how to implement the requirements. The standard also includes a number of annexes which provide additional guidance on security management, security controls, and security assurance. ISO/IEC 27004:2016 Clauses is designed to help organizations develop and maintain an effective ISMS, and to ensure that their security posture is up to date and in line with industry best practices., topic=null, hs_path=iso-iec-iec-270042016-clauses}--
{tableName=glossary, name=Incident management, description= Incident management is the process of managing the lifecycle of all incidents that occur within an organization. This process includes the identification, triage, investigation, resolution, and closure of each incident. It also includes the communication of the incident to all stakeholders, and the monitoring of the incident to ensure it is being addressed in a timely and effective manner. Incident management is a critical component of an organization's overall risk management strategy, as it helps to ensure that incidents are addressed quickly and effectively, and that any risks associated with the incident are minimized., topic=null, hs_path=incident-management}--
{tableName=glossary, name=SOC 2 Audit, description= A SOC 2 Audit is an independent evaluation of a service provider’s information security controls and practices. It is based on the Trust Services Principles and Criteria (TSPC) developed by the American Institute of Certified Public Accountants (AICPA). The audit is performed by a third-party auditor and assesses the design and effectiveness of the service provider’s controls and processes related to security, availability, processing integrity, confidentiality and privacy. The audit also assesses the service provider’s ability to meet the TSPC criteria, which include requirements for the service provider’s technical infrastructure, data security, and customer data protection. The SOC 2 Report is a valuable tool for organizations that are looking to assess the security of their service providers and ensure that they are meeting their security and privacy requirements., topic=null, hs_path=soc-2-audit}--
{tableName=glossary, name=Data Democratization, description= Data Democratization is the process of making data and data-related resources available to a broad range of users and stakeholders, regardless of their technical ability or access to resources. This process allows for the sharing of data and information to be more widely distributed, enabling more people to access, understand, and use data to inform decisions and drive change. Data democratization is often associated with open data initiatives, which provide open access to data and make it available to anyone with an internet connection. This can include data from government agencies, businesses, or other organizations. Data democratization also includes the use of tools and technologies to make data more accessible and understandable, such as data visualization, natural language processing, and machine learning. By democratizing data, the potential for data-driven decision making increases, and data can be used to create more informed and equitable decisions., topic=null, hs_path=data-democratization}--
Cybersecurity Risk Management
Incident Management Framework

Incident Management Framework is a set of processes, procedures, and systems that organizations use ...

ISO/IEC 27014

ISO/IEC 27014 is an international standard published by the International Organization for Standardi...

ISO/IEC /IEC 27004:2016 Clauses

ISO/IEC 27004:2016 Clauses is an international standard that provides guidance and best practices fo...

Incident management

Incident management is the process of managing the lifecycle of all incidents that occur within an o...

SOC 2 Audit

A SOC 2 Audit is an independent evaluation of a service provider’s information security controls and...

Data Democratization

Data Democratization is the process of making data and data-related resources available to a broad r...

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Download
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks