Skip to content
Master Security Compliance: Join our upcoming webinar!

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
CISO Challenges: Using AI with GRC to break down silos in your business
On-demand Webinar

CISO Challenges: Using AI with GRC to break down s...

Join us for our webinar event, "CISO Challenges: Using AI with GRC to break down silos in your business," where we'll explore Hub & Spoke, designe...

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Register Now
Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

Register Now
How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

Register Now
See all webinars

Latest Answers

ASD Essential 8

Who has to comply with ASD Essential 8?

What is ASD Essential 8? The Australian Signals Di...

NIST Cybersecurity Framework (CSF)

Is NIST a standard or framework?

What is NIST? NIST, which stands for the National ...

ASD Essential 8

What is the ASD Essential Eight model?

What is the ASD essential eight model? The ASD Ess...

{tableName=glossary, name=NIST Guidelines, description= NIST Guidelines are a set of recommendations developed by the National Institute of Standards and Technology (NIST) to help organizations protect their information systems from cyber threats. The guidelines are designed to provide a comprehensive approach to cybersecurity, including strategies for identifying and mitigating risks, developing secure architectures and designs, implementing secure development processes, and managing security operations. NIST Guidelines provide organizations with a framework for developing, implementing, and maintaining a secure information system. The guidelines are updated periodically to reflect the latest cyber threats and security best practices., topic=null, hs_path=nist-guidelines}--
{tableName=glossary, name=ISO/IEC 27001 As An Individual, description= ISO/IEC 27001 is an internationally recognized standard for Information Security Management Systems (ISMS). It is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization's information risk management processes. It includes the requirements for the establishment, implementation, maintenance and continual improvement of an organization's ISMS. It provides a systematic and proactive approach to managing sensitive company information and assets, and helps organizations to protect their information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. The standard is designed to ensure that organizations have appropriate and effective measures in place to protect their information assets, as well as to ensure compliance with applicable laws and regulations. ISO/IEC 27001 provides a comprehensive set of guidelines and requirements that organizations can use to manage, monitor and improve their information security posture., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-as-an-individual}--
{tableName=glossary, name=Risk Owner, description= Risk Owner is an individual or organization responsible for the identification, assessment, and management of risks associated with a given activity, project, or business process. The Risk Owner is responsible for monitoring and controlling the risk and for ensuring that it is mitigated or eliminated in a timely manner. The Risk Owner should have the authority to make decisions regarding the risk and should be held accountable for the results. The Risk Owner should also be able to communicate the risk to stakeholders and ensure that they understand the implications of the risk and the actions that need to be taken to reduce or eliminate it. The Risk Owner should also have the ability to define and implement risk management processes and procedures., topic=[{id=97620570509, createdAt=1673040885334, updatedAt=1683947919413, path='enterprise-risk-management', name=' Enterprise Risk Management Guide: A Comprehensive Guide', 1='{type=string, value=Enterprise Risk Management}', 2='{type=string, value= This guide provides an overview of Enterprise Risk Management and its processes, enabling you to develop a risk management strategy and plan for your organization. Learn how to identify, assess, and mitigate risks.}', 5='{type=string, value=This authoritative guide provides an overview of enterprise risk management (ERM) and its essential components. It is designed to help business leaders understand the fundamentals of ERM and develop the skills and knowledge needed to effectively manage risk in their organizations. The guide begins by defining ERM and outlining its main objectives. It then examines the key elements of ERM, including risk identification, assessment, and management. It also covers the importance of risk culture and the role of technology in ERM. Finally, the guide provides best practices for implementing and maintaining an effective ERM program. With this guide, business leaders will gain the knowledge and tools needed to effectively manage risk in their organizations.}'}], hs_path=risk-owner}--
{tableName=glossary, name=End Point Security, description= End Point Security is a form of cyber security that focuses on protecting the individual devices, such as computers, laptops, and mobile devices, that are connected to a network. It encompasses a range of security measures, including antivirus software, firewalls, intrusion detection systems, and encryption, to protect the devices from malicious attacks. End Point Security is important because it helps to protect the data stored on the device from unauthorized access, as well as the device itself from malicious software and other threats. End Point Security also helps to ensure that only authorized users have access to the network and the data stored on it. End Point Security is a key component of any organization's overall security strategy, as it helps to protect the organization's data and assets from external threats., topic=null, hs_path=end-point-security}--
{tableName=comparison, name=APRA CPS 234 vs ISO 27001, description= APRA CPS 234 & ISO 27001: Compare & contrast Australia's Prudential Standard 234 & International Standard 27001 to understand the differences & similarities., topic=[{id=97620570527, createdAt=1673040885446, updatedAt=1683947990333, path='apra-cps-234', name=' APRA CPS 234 Guide: Cyber Security Requirements', 1='{type=string, value=APRA CPS 234}', 2='{type=string, value= This guide provides a comprehensive overview of APRA CPS 234, the Australian Prudential Regulation Authority's (APRA) requirements for information security management. Learn how to protect your organisation's data}', 5='{type=string, value=The APRA CPS 234 Guide provides authoritative guidance to help organizations implement effective cybersecurity strategies. Written by the Australian Prudential Regulation Authority (APRA), this guide outlines the essential elements of a cyber security framework and outlines best practices for protecting data and systems from cyber threats. It provides detailed guidance on how to assess risk, implement safeguards, and respond to cyber incidents. The guide also includes information on how to develop policies and procedures, educate staff, and monitor cyber security performance. With this guide, organizations can ensure that their systems are secure and their data is protected.}'}], hs_path=apra-cps-234-vs-iso-27001}--
{tableName=glossary, name=ISO/IEC /IEC 27001:2017, description= ISO/IEC 27001:2017 is an international standard that provides specifications and guidance for organizations to establish, maintain, and continually improve an information security management system (ISMS). It is designed to help organizations protect their information assets and prevent unauthorized access, disclosure, destruction, or loss of data. The standard is based on a risk management approach and provides a framework for organizations to identify, assess, and manage their information security risks. It also provides guidance on how to select and implement appropriate security controls to protect and secure information assets. Organizations that meet the requirements of ISO/IEC 27001:2017 can demonstrate to customers, suppliers, and other stakeholders that they have taken appropriate measures to protect their information assets., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-iec-270012017}--
NIST Guidelines

NIST Guidelines are a set of recommendations developed by the National Institute of Standards and Te...

ISO 27001
ISO/IEC 27001 As An Individual

ISO/IEC 27001 is an internationally recognized standard for Information Security Management Systems ...

Enterprise Risk Management
Risk Owner

Risk Owner is an individual or organization responsible for the identification, assessment, and mana...

End Point Security

End Point Security is a form of cyber security that focuses on protecting the individual devices, su...

APRA CPS 234
APRA CPS 234 vs ISO 27001

APRA CPS 234 & ISO 27001: Compare & contrast Australia's Prudential Standard 234 & Inter...

ISO 27001
ISO/IEC /IEC 27001:2017

ISO/IEC 27001:2017 is an international standard that provides specifications and guidance for organi...

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Download
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks