Skip to content

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risk, and compliance trends.

Webinars

Reducing cost and complexity of GRC...

On-demand Webinar

Reducing cost and complexity of GRC with CyberCX

Join Andrew Robinson, CISO & Co-Founder of 6clicks, and Belinda Edwards, Manager - Governance, Risk, and Compliance of C...
date-icon

Sep 19, 2024

location

Virtual

6clicks Hub & Spoke: Smart GRC solu...

On-demand Webinar

6clicks Hub & Spoke: Smart GRC solution for enterprise needs

Explore how 6clicks' unique Hub & Spoke deployment architecture streamlines cyber GRC management for federated enterpris...
date-icon

Sep 2, 2024

location

Virtual

Q3 product showcase: Continuous Con...

On-demand Webinar

Q3 product showcase: Continuous Control Monitoring, Developer API, and more

Join our webinar for CISOs, risk and compliance professionals, and security teams to explore the latest 6clicks features...
date-icon

Aug 22, 2024

location

Virtual

See all webinars
{tableName=glossary, name=Fraud Management, description= Fraud Management is the process of identifying, preventing, and responding to fraudulent activities. It involves creating and implementing policies and procedures to detect and prevent fraudulent activities, such as identity theft, credit card fraud, and money laundering. It also involves developing strategies to respond to any fraudulent activity that is detected. Fraud Management requires a comprehensive approach that includes monitoring, analyzing, and responding to any suspicious activity. It also requires companies to have effective internal controls and to ensure that their employees are aware of the potential for fraud and how to detect and prevent it. Additionally, Fraud Management requires companies to stay abreast of changes in the industry and to adjust their policies and procedures accordingly., topic=null, hs_path=fraud-management}--
{tableName=guides, name=Managed Services Software: Streamlining Cyber GRC Processes, description=Managed Services Software streamlines cyber governance, risk, and compliance with automated assessments, control monitoring, and real-time reporting., topic=null, hs_path=managed-services-software}--
{tableName=glossary, name=Risk Owner, description= Risk Owner is an individual or organization responsible for the identification, assessment, and management of risks associated with a given activity, project, or business process. The Risk Owner is responsible for monitoring and controlling the risk and for ensuring that it is mitigated or eliminated in a timely manner. The Risk Owner should have the authority to make decisions regarding the risk and should be held accountable for the results. The Risk Owner should also be able to communicate the risk to stakeholders and ensure that they understand the implications of the risk and the actions that need to be taken to reduce or eliminate it. The Risk Owner should also have the ability to define and implement risk management processes and procedures., topic=[{id=97620570509, createdAt=1673040885334, updatedAt=1715624292575, path='enterprise-risk-management', name=' Enterprise Risk Management Guide: A Comprehensive Guide', 1='{type=string, value=Enterprise Risk Management}', 2='{type=string, value= This guide provides an overview of Enterprise Risk Management and its processes, enabling you to develop a risk management strategy and plan for your organization. Learn how to identify, assess, and mitigate risks.}', 5='{type=string, value=This authoritative guide provides an overview of enterprise risk management (ERM) and its essential components. It is designed to help business leaders understand the fundamentals of ERM and develop the skills and knowledge needed to effectively manage risk in their organizations. The guide begins by defining ERM and outlining its main objectives. It then examines the key elements of ERM, including risk identification, assessment, and management. It also covers the importance of risk culture and the role of technology in ERM. Finally, the guide provides best practices for implementing and maintaining an effective ERM program. With this guide, business leaders will gain the knowledge and tools needed to effectively manage risk in their organizations.}', 15='{type=list, value=[{id=97620570509, name='Enterprise Risk Management'}]}'}], hs_path=risk-owner}--
{tableName=guides, name=HITRUST Common Security Framework, description= This guide provides an overview of the HITRUST Common Security Framework, a comprehensive approach to security and privacy of healthcare data. Learn how to implement the framework to protect your organization and its data, topic=[{id=97620570518, createdAt=1673040885391, updatedAt=1715624514986, path='hitrust-common-security-framework', name=' HITRUST CSF Guide: Understanding & Implementing Security', 1='{type=string, value=HITRUST Common Security Framework}', 2='{type=string, value= This guide provides an overview of the HITRUST Common Security Framework, a comprehensive approach to security and privacy of healthcare data. Learn how to implement the framework to protect your organization and its data}', 5='{type=string, value=This authoritative guide provides an in-depth overview of the HITRUST Common Security Framework (CSF). It examines the components of the HITRUST CSF, including its core concepts, objectives, and implementation strategies. It also provides guidance on how organizations can use the HITRUST CSF to assess and manage their security risks. The guide provides detailed information on the HITRUST CSF's architecture, including its components and their relationships to each other. It also covers the various security controls and measures that can be implemented to ensure compliance with the HITRUST CSF. Finally, the guide provides a comprehensive overview of the HITRUST CSF's certification process, and how organizations can use it to achieve certification.}', 15='{type=list, value=[{id=97620570518, name='HITRUST Common Security Framework'}]}'}], hs_path=hitrust-common-security-framework}--
{tableName=glossary, name=Malware Vs. Viruses Vs. Worm, description=s Malware: Malware is a type of software designed to harm or exploit computer systems without the user’s knowledge or consent. It can be used to gain access to sensitive information, steal data, or cause damage to a computer system or network. Common types of malware include viruses, worms, spyware, adware, ransomware, and Trojans. Viruses: A virus is a type of malware that infects computer systems or networks by replicating itself without the user’s knowledge or consent. It can spread from one computer to another, often via email or malicious websites. Once a virus is installed on a computer, it can cause damage by deleting files, corrupting data, or stealing information. Worms: A worm is a type of malware that replicates itself across computer networks without the user’s knowledge or consent. Unlike a virus, a worm does not require a host program to spread. It can spread from one computer to another, often via email or malicious websites. Worms can be used to steal data, spread malicious code, or cause damage to a computer system or network., topic=null, hs_path=malware-vs.-viruses-vs.-worm}--
{tableName=glossary, name=ISO/IEC 27001 Back Up Policy, description= ISO/IEC 27001 is an international standard for information security management that provides a framework for organizations to establish and maintain an effective information security management system (ISMS). It is designed to help organizations protect their information assets, including information stored in digital form, from unauthorized access, use, disclosure, disruption, modification, or destruction. The standard also outlines the requirements for information security policies, procedures, processes, and controls. A Back Up Policy is a set of procedures and processes that are put in place to ensure that all information assets are backed up in a secure and reliable manner. This policy should include the frequency of backups, the type of backups, the location of the backups, the media used for the backups, and the procedures for restoring the backups. The policy should also include the responsibilities of the personnel involved in the backup process and the procedures for testing the backups to ensure that they are recoverable. The standard is designed to help organizations protect their information assets from unauthorized access, use, disclosure, disruption, modification, or destruction., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-back-up-policy}--