Skip to content
Master Security Compliance: Join our upcoming webinar!

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
Responding to Australia's new critical infrastructure laws
On-demand Webinar

Responding to Australia's new critical infrastruct...

Join industry experts Andrew Robinson, Matthew Chantrell and Ryan Turan to share their insights into how to automate and manage your compliance with A...

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Register Now
Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

Register Now
How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

Register Now
See all webinars

Latest Answers

ASD Essential 8

Who has to comply with ASD Essential 8?

What is ASD Essential 8? The Australian Signals Di...

NIST Cybersecurity Framework (CSF)

Is NIST a standard or framework?

What is NIST? NIST, which stands for the National ...

ASD Essential 8

What is the ASD Essential Eight model?

What is the ASD essential eight model? The ASD Ess...

{tableName=glossary, name=ISO/IEC 27001 Certification Requirements, description= ISO/IEC 27001 Certification Requirements are a set of international standards developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) to help organizations protect their information assets. The standards provide a framework to ensure that organizations have appropriate controls, processes, and procedures in place to protect their information assets. The standards are divided into two parts: the ISO/IEC 27001 standard, which outlines the requirements for an information security management system (ISMS), and the ISO/IEC 27002 standard, which provides detailed guidance on how to implement the requirements. The ISO/IEC 27001 standard requires organizations to have a documented ISMS that covers all aspects of their information security, including risk assessments, policies and procedures, and organizational structures. The standard also requires organizations to have a documented process for regularly monitoring and assessing the effectiveness of their ISMS. Organizations must also have procedures in place to respond to security incidents, as well as to ensure that their ISMS is continuously improved. Finally, organizations must demonstrate that their ISMS meets the requirements of the ISO/IEC 27001 standard through independent third-party certification., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-certification-requirements}--
{tableName=comparison, name=GDPR vs PCI-DSS, description=GDPR and PCI-DSS are two data privacy and security standards. Learn about their differences and how to comply with both. , topic=[{id=97620570523, createdAt=1673040885422, updatedAt=1683947976779, path='gdpr', name=' GDPR: A Comprehensive Guide to Compliance', 1='{type=string, value=GDPR}', 2='{type=string, value= This GDPR Guide provides an authoritative overview of the General Data Protection Regulation (GDPR) and how it affects businesses and organizations. It outlines the key principles of the GDPR and provides an}', 5='{type=string, value=This GDPR Guide provides a comprehensive overview of the European Union's General Data Protection Regulation (GDPR). It covers the full scope of the GDPR, including its purpose, scope, definitions, principles, rights, obligations, enforcement, and more. It also provides practical advice on how to comply with the GDPR, including best practices for data protection, data security, and data management. This guide is an essential resource for any organization that collects, stores, or processes personal data.}'}], hs_path=gdpr-vs-pci-dss}--
{tableName=glossary, name=Network Security, description= Network Security is the practice of protecting networks, systems, and data from unauthorized access, misuse, modification, or destruction. It includes both physical security measures, such as firewalls, and logical security measures, such as authentication and encryption. Network security also involves the implementation of policies and procedures to ensure the safety of the network, its users, and the data stored on it. Network security is an important part of any organization's overall security strategy, and it is essential for protecting the privacy, integrity, and availability of the network and its data., topic=[{id=97620570528, createdAt=1673040885452, updatedAt=1683947994134, path='cybersecurity-risk-management', name=' Cybersecurity Risk Management: A Guide for Businesses', 1='{type=string, value=Cybersecurity Risk Management}', 2='{type=string, value= This guide provides essential information on cyber security risk management, including how to identify, assess, and mitigate risks to your organization's data and systems. Learn how to create a cyber security strategy that}', 5='{type=string, value=This Cybersecurity Risk Management Guide is designed to provide an authoritative overview of the key concepts and processes associated with effective cybersecurity risk management. It provides an introduction to the principles of risk management and the key steps involved in developing a successful risk management plan. It outlines the importance of understanding the threats and vulnerabilities that exist in the digital environment, as well as the steps that can be taken to mitigate these risks. It also discusses the need to develop a culture of security within an organization and the role of leadership in setting the tone for a secure environment. Finally, the guide provides guidance on the selection and implementation of security technologies, as well as the monitoring and review of risk management processes. This guide is an essential resource for anyone looking to understand and manage risks associated with cyber threats.}'}], hs_path=network-security}--
{tableName=glossary, name=Risk Source, description= Risk Source is a term used to describe the origin of a potential risk that could affect an organization, project, or process. It is typically used to identify and assess the potential risks associated with a given situation and can help in developing strategies to reduce or avoid those risks. Risk Sources can include external factors such as economic conditions, natural disasters, legal or regulatory changes, or internal factors such as organizational structure, processes, or personnel. Risk Sources can also include a combination of both external and internal factors. Risk Source identification and assessment is a critical component of any risk management program and can help organizations to identify and mitigate potential risks before they become a problem., topic=[{id=97620570509, createdAt=1673040885334, updatedAt=1683947919413, path='enterprise-risk-management', name=' Enterprise Risk Management Guide: A Comprehensive Guide', 1='{type=string, value=Enterprise Risk Management}', 2='{type=string, value= This guide provides an overview of Enterprise Risk Management and its processes, enabling you to develop a risk management strategy and plan for your organization. Learn how to identify, assess, and mitigate risks.}', 5='{type=string, value=This authoritative guide provides an overview of enterprise risk management (ERM) and its essential components. It is designed to help business leaders understand the fundamentals of ERM and develop the skills and knowledge needed to effectively manage risk in their organizations. The guide begins by defining ERM and outlining its main objectives. It then examines the key elements of ERM, including risk identification, assessment, and management. It also covers the importance of risk culture and the role of technology in ERM. Finally, the guide provides best practices for implementing and maintaining an effective ERM program. With this guide, business leaders will gain the knowledge and tools needed to effectively manage risk in their organizations.}'}], hs_path=risk-source}--
{tableName=glossary, name=ISO/IEC 27001 Domains, description= ISO/IEC 27001 Domains refer to the five core areas of information security management that must be addressed in order to comply with the ISO/IEC 27001 standard. These domains are: Information Security Policy, Organisation of Information Security, Asset Management, Access Control, Cryptography, Physical and Environmental Security, System Acquisition, Development and Maintenance, Incident Management, Business Continuity Management, Compliance. Each domain is further broken down into specific requirements that must be met in order for an organisation to be compliant with the standard. The Information Security Policy domain requires the establishment of an information security policy, the Organisation of Information Security domain requires the implementation of a security management structure and the definition of roles and responsibilities, the Asset Management domain requires the identification, classification and control of assets, the Access Control domain requires the implementation of measures to protect against unauthorised access to assets, the Cryptography domain requires the use of cryptography to protect assets, the Physical and Environmental Security domain requires the implementation of physical and environmental security measures, the System Acquisition, Development and Maintenance domain requires the implementation of security measures throughout the system development life cycle, the Incident Management domain requires the establishment of incident response procedures, the Business Continuity Management domain requires the implementation of measures to ensure business continuity, and the Compliance domain requires the implementation of measures to ensure compliance with applicable laws and regulations., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-domains}--
{tableName=comparison, name=ASD Essential 8 vs NIST CSF, description=Compare the ASD Essential 8 and NIST Cybersecurity Framework (CSF) to identify which security framework best meets your organisation's needs. , topic=[{id=97620570506, createdAt=1673040885315, updatedAt=1685498674506, path='asd-essential-8', name=' ASD Essential 8 Guide: A Comprehensive Overview', 1='{type=string, value=ASD Essential 8}', 2='{type=string, value= This guide provides an overview of the ASD Essential 8 - 8 evidence-based strategies to help improve the outcomes of children with Autism Spectrum Disorder. Learn how to identify and implement these strategies to help}', 5='{type=string, value=This authoritative guide provides an in-depth look at the ASD Essential 8 (E8), a set of eight measures developed by the Australian Signals Directorate (ASD) to protect organizations from cyber threats. It explores whether the ASD Essential 8 are mandatory or not for your organisations and covers the fundamentals of each of the eight measures, including the maturity levels, how to perform an assessment and implementation guidenace.}'}], hs_path=asd-essential-8-vs-nist-cybersecurity-framework-csf}--
ISO 27001
ISO/IEC 27001 Certification Requirements

ISO/IEC 27001 Certification Requirements are a set of international standards developed by the Inter...

GDPR
GDPR vs PCI-DSS

GDPR and PCI-DSS are two data privacy and security standards. Learn about their differences and how ...

Cybersecurity Risk Management
Network Security

Network Security is the practice of protecting networks, systems, and data from unauthorized access,...

Enterprise Risk Management
Risk Source

Risk Source is a term used to describe the origin of a potential risk that could affect an organizat...

ISO 27001
ISO/IEC 27001 Domains

ISO/IEC 27001 Domains refer to the five core areas of information security management that must be a...

ASD Essential 8
ASD Essential 8 vs NIST CSF

Compare the ASD Essential 8 and NIST Cybersecurity Framework (CSF) to identify which security framew...

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Download
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks