Skip to content

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Webinars

Building intelligent vendor risk pr...

On-demand Webinar

Building intelligent vendor risk programs

Discover how to revolutionize your vendor risk management (VRM) processes with 6clicks' comprehensive solution in our on...
date-icon

May 29, 2024

location

Virtual

Q2 product showcase: Discover the n...

On-demand Webinar

Q2 product showcase: Discover the next wave of innovation

Join us for an exclusive webinar where our product managers unveil the latest advancements in our platform and provide i...
date-icon

Apr 17, 2024

location

Virtual

Introducing Hailey Assist: Your con...

On-demand Webinar

Introducing Hailey Assist: Your conversational AI assistant for GRC

Discover the power of Hailey Assist in our on-demand webinar. Learn how this conversational AI assistant revolutionizes ...
date-icon

Mar 28, 2024

location

Virtual

See all webinars
{tableName=glossary, name=Consequence, description= Consequence is the result or effect of an action, decision, or set of circumstances. It is the outcome of a particular course of action and can either be positive or negative. Consequences can be immediate, such as the result of a choice made in the moment, or they can be far-reaching and long-term, such as the result of a decision made years ago. They can also be physical, mental, emotional, or spiritual in nature. Consequences can be direct, such as the result of a particular action, or indirect, such as the result of a decision made by someone else. Consequences are an integral part of life, as every action we take has a consequence that can shape our future and the future of those around us., topic=null, hs_path=consequence}--
{tableName=glossary, name=Operational Security, description= Operational Security (OPSEC) is a process that helps protect sensitive information from being compromised by unauthorized individuals. It is a systematic process of identifying, controlling, and protecting information that, if revealed, could be used by adversaries to harm an organization or individual. It is a continuous process of assessing threats and establishing countermeasures to protect information and operations. OPSEC includes physical security, personnel security, communications security, information security, and computer security. Physical security includes measures such as locks, fences, guards, and surveillance systems. Personnel security involves background checks, clearances, and security awareness training. Communications security involves encryption, authentication, and secure transmission protocols. Information security involves protecting data from unauthorized access, modification, or destruction. Computer security involves measures such as firewalls, antivirus software, and intrusion detection systems. OPSEC also involves developing and implementing policies and procedures to ensure the security of information, operations, and personnel., topic=[{id=97620570528, createdAt=1673040885452, updatedAt=1715624222504, path='cybersecurity-risk-management', name=' Cybersecurity Risk Management: A Guide for Businesses', 1='{type=string, value=Cybersecurity Risk Management}', 2='{type=string, value= This guide provides essential information on cyber security risk management, including how to identify, assess, and mitigate risks to your organization's data and systems. Learn how to create a cyber security strategy that}', 5='{type=string, value=This Cybersecurity Risk Management Guide is designed to provide an authoritative overview of the key concepts and processes associated with effective cybersecurity risk management. It provides an introduction to the principles of risk management and the key steps involved in developing a successful risk management plan. It outlines the importance of understanding the threats and vulnerabilities that exist in the digital environment, as well as the steps that can be taken to mitigate these risks. It also discusses the need to develop a culture of security within an organization and the role of leadership in setting the tone for a secure environment. Finally, the guide provides guidance on the selection and implementation of security technologies, as well as the monitoring and review of risk management processes. This guide is an essential resource for anyone looking to understand and manage risks associated with cyber threats.}', 15='{type=list, value=[{id=97620570528, name='Cybersecurity Risk Management'}]}'}], hs_path=operational-security}--
{tableName=glossary, name=ISO/IEC 27002 Importance, description= ISO/IEC 27002 is an international standard for information security management, which provides best practice recommendations for organizations to implement security controls in order to protect their information assets. The standard is based on the principles of the ISO/IEC 27000 series of standards and provides guidance on the selection, implementation, and management of information security controls. It is an important tool for organizations to ensure that their information assets are adequately protected from unauthorized access, disclosure, destruction, or other unauthorized activities. It can also be used as a reference for organizations to assess their own security posture and identify areas for improvement. The standard is regularly updated to reflect the changing security landscape and new threats., topic=null, hs_path=iso-iec-27002-importance}--
{tableName=glossary, name=ISO/IEC /IEC 27001:2017, description= ISO/IEC 27001:2017 is an international standard that provides specifications and guidance for organizations to establish, maintain, and continually improve an information security management system (ISMS). It is designed to help organizations protect their information assets and prevent unauthorized access, disclosure, destruction, or loss of data. The standard is based on a risk management approach and provides a framework for organizations to identify, assess, and manage their information security risks. It also provides guidance on how to select and implement appropriate security controls to protect and secure information assets. Organizations that meet the requirements of ISO/IEC 27001:2017 can demonstrate to customers, suppliers, and other stakeholders that they have taken appropriate measures to protect their information assets., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-iec-270012017}--
{tableName=glossary, name=Segregation Of Duties (SOD), description= Segregation of Duties (SOD) is a security control that is used to ensure that no single individual has complete control over a business process. This is typically accomplished by assigning different individuals to perform different tasks related to the process. For example, one person may be responsible for entering data into a system, while another person is responsible for approving the data. This prevents any one person from having control over the entire process and reduces the risk of fraud or errors. SOD is an important part of any internal control system and can help to ensure that processes are conducted in an efficient and secure manner., topic=null, hs_path=segregation-of-duties-sod}--
{tableName=glossary, name=Cloud Control Matrix (CCm), description= A Cloud Control Matrix (CCm) is an organizational tool used to monitor and maintain the security, availability, and reliability of cloud-based services. It is a comprehensive framework that defines the policies, procedures, and controls necessary to ensure that cloud-based services are secure and compliant with applicable regulations. The CCm is typically composed of a set of policies and procedures that define the roles and responsibilities of all parties involved in the cloud services, including cloud service providers, customers, and other stakeholders. The CCm also outlines the security controls necessary to ensure the confidentiality, integrity, and availability of the cloud services and data. Additionally, the CCm may include audit and compliance requirements, user access controls, and incident response plans. The CCm is designed to help organizations ensure that their cloud services are secure and compliant with applicable regulations., topic=null, hs_path=cloud-control-matrix-ccm}--

eBooks

GRC 5.0: Explaining the Paradigm Sh...

eBook

GRC 5.0: Explaining the Paradigm Shift in GRC

In this eBook, 6clicks CEO, Anthony Stevens, covers the major paradigm shift in GRC, integrating your risk approach, ma...
GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...