Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

See all webinars
{tableName=glossary, name=ISO/IEC 27005, description= ISO/IEC 27005 is an international standard for security risk management. It provides a framework for organizations to identify, assess, and manage information security risks. It is based on the ISO/IEC 27001 standard and provides guidance on how to implement the principles of risk management and security controls. The standard covers topics such as risk assessment, risk treatment, risk monitoring, and security control selection. It also provides guidance on how to develop a security risk management program and outlines the roles and responsibilities of those involved in the program. ISO/IEC 27005 is intended to be used in conjunction with other standards and guidance, such as ISO/IEC 27002, to help organizations protect their information assets., topic=null, hs_path=iso-iec-27005}--
{tableName=glossary, name=ISO/IEC 27003, description= ISO/IEC 27003, also known as the Information Security Management System (ISMS) Standard, is an international standard that provides guidance and best practices for the implementation of an information security management system (ISMS) within an organization. It is based on the widely accepted ISO/IEC 27001 standard and provides additional guidance on the implementation of the ISMS. This standard provides a framework of requirements and guidance on how to develop, implement, maintain, and improve an ISMS. It also provides guidance on how to assess and manage information security risks and how to establish, document, implement, operate, monitor, review, maintain, and improve the ISMS. Additionally, it provides guidance on how to manage the ISMS in accordance with the organizations’ information security objectives. ISO/IEC 27003 is applicable to all organizations regardless of size, type, and nature, and is intended to be used in conjunction with other management system standards, such as ISO/IEC 27001., topic=null, hs_path=iso-iec-27003}--
{tableName=glossary, name=Risk Management Tool, description= Risk Management Tool is a system or process used to identify, assess, and prioritize risks associated with a particular activity, project, or business venture in order to reduce or eliminate potential losses. Risk Management Tools help organizations identify and analyze potential risks, develop strategies to reduce or manage those risks, and monitor the effectiveness of those strategies. Risk Management Tools can include a variety of methods and techniques, such as risk analysis, risk assessment, risk control, risk avoidance, and risk transfer. Risk Management Tools can also include tools for monitoring and reporting on risk, such as an enterprise risk management system. Risk Management Tools are used to ensure that organizations are aware of the risks associated with their activities, and that those risks are managed effectively., topic=[{id=97620570509, createdAt=1673040885334, updatedAt=1683947919413, path='enterprise-risk-management', name=' Enterprise Risk Management Guide: A Comprehensive Guide', 1='{type=string, value=Enterprise Risk Management}', 2='{type=string, value= This guide provides an overview of Enterprise Risk Management and its processes, enabling you to develop a risk management strategy and plan for your organization. Learn how to identify, assess, and mitigate risks.}', 5='{type=string, value=This authoritative guide provides an overview of enterprise risk management (ERM) and its essential components. It is designed to help business leaders understand the fundamentals of ERM and develop the skills and knowledge needed to effectively manage risk in their organizations. The guide begins by defining ERM and outlining its main objectives. It then examines the key elements of ERM, including risk identification, assessment, and management. It also covers the importance of risk culture and the role of technology in ERM. Finally, the guide provides best practices for implementing and maintaining an effective ERM program. With this guide, business leaders will gain the knowledge and tools needed to effectively manage risk in their organizations.}'}], hs_path=risk-management-tool}--
{tableName=glossary, name=Information Security Governance Benefits, description= Information security governance benefits refer to the advantages that organizations gain from implementing a comprehensive information security governance program. This program is designed to ensure that information security policies, procedures, and controls are in place to protect the confidentiality, integrity, and availability of an organization's information assets. The benefits of information security governance include improved risk management, better compliance with applicable laws and regulations, enhanced customer trust, improved operational efficiency, and improved employee morale. Additionally, an effective information security governance program can help an organization to identify and address potential security vulnerabilities, protect its information assets from unauthorized access, and reduce the costs associated with data breaches. Furthermore, an effective information security governance program can help to ensure that the organization is prepared to respond quickly and effectively to any security incidents that may occur., topic=null, hs_path=information-security-governance-benefits}--
{tableName=glossary, name=Risk, description= Risk is the potential for loss or harm that can be caused by making a decision or taking an action. It is the uncertainty of an outcome or the potential of suffering harm or loss. Risk can be both positive and negative; it can include financial, physical, psychological, and legal risks. Risk can be managed through an assessment of the potential outcomes, the likelihood of each outcome, and the consequences of each outcome. Risk management involves identifying, assessing, and managing risks, as well as developing strategies to minimize or prevent potential losses. Risk management is a critical part of any business, organization, or individual's decision-making process., topic=[{id=97620570509, createdAt=1673040885334, updatedAt=1683947919413, path='enterprise-risk-management', name=' Enterprise Risk Management Guide: A Comprehensive Guide', 1='{type=string, value=Enterprise Risk Management}', 2='{type=string, value= This guide provides an overview of Enterprise Risk Management and its processes, enabling you to develop a risk management strategy and plan for your organization. Learn how to identify, assess, and mitigate risks.}', 5='{type=string, value=This authoritative guide provides an overview of enterprise risk management (ERM) and its essential components. It is designed to help business leaders understand the fundamentals of ERM and develop the skills and knowledge needed to effectively manage risk in their organizations. The guide begins by defining ERM and outlining its main objectives. It then examines the key elements of ERM, including risk identification, assessment, and management. It also covers the importance of risk culture and the role of technology in ERM. Finally, the guide provides best practices for implementing and maintaining an effective ERM program. With this guide, business leaders will gain the knowledge and tools needed to effectively manage risk in their organizations.}'}], hs_path=risk}--
{tableName=glossary, name=Business Resilience, description= Business resilience is the ability of an organization to anticipate, prepare for, respond to, and recover from disruptions while maintaining continuous operations and safeguarding people, assets, and operations. It is the capacity to withstand and quickly recover from any kind of disruption, such as natural disasters, cyber-attacks, supply chain disruptions, or financial losses. Business resilience involves having the right strategies, processes, and systems in place to ensure a quick response to any kind of disruption. This includes having a well-defined plan of action, a well-trained and informed workforce, and the right technology and tools to help manage the situation. Business resilience also involves having the right resources to help the organization get back on its feet, such as financial resources, insurance, and the right partnerships and collaborations. Business resilience is an essential part of any organization’s risk management strategy and is key to its long-term success., topic=null, hs_path=business-resilience}--

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...