Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

See all webinars
{tableName=glossary, name=ISO/IEC 27001 And ISO/IEC 27002, description= ISO/IEC 27001 and ISO/IEC 27002 are international standards developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO/IEC 27001 is an Information Security Management System (ISMS) standard that provides organizations with a framework for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an information security management system. It helps organizations manage the security of assets such as financial information, intellectual property, employee details, or information entrusted to them by third parties. ISO/IEC 27002 is a code of practice for information security management that provides guidelines for the selection, implementation, and management of security controls to protect information assets. It is based on the Plan-Do-Check-Act (PDCA) cycle and provides advice on the best practices for managing information security. It is designed to be used in conjunction with ISO/IEC 27001, but can also be used as a standalone guide., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-and-iso-iec-27002}--
{tableName=glossary, name=Dynamic Security Management, description= Dynamic Security Management is a comprehensive approach to managing security that incorporates the active monitoring, response, and prevention of threats. It involves the proactive identification and assessment of potential security risks, the development of a comprehensive security strategy, and the implementation of measures to protect the organization’s assets. Dynamic Security Management is a continuous process that involves a cycle of monitoring, analyzing, and responding to threats in order to maintain a secure environment. It involves the identification of potential threats and vulnerabilities, the implementation of security measures to protect against those threats, and the regular review of security policies and procedures. Dynamic Security Management also includes the development of incident response plans, the implementation of access control measures, and the use of encryption and other security technologies. These measures help to ensure the confidentiality, integrity, and availability of the organization’s data and systems., topic=null, hs_path=dynamic-security-management}--
{tableName=glossary, name=Database Audit And Protection (DAP), description= Database Audit and Protection (DAP) is a set of processes and procedures used to monitor, audit, and protect data stored in a database. DAP involves the use of software tools to detect, analyze, and report on any unauthorized access, modification, or deletion of data stored in a database. DAP also involves the use of encryption to protect the data from being accessed by unauthorized users. DAP processes are designed to ensure that data is secure from unauthorized access, modification, or deletion, and that all changes made to the data are tracked and logged. DAP also helps organizations comply with applicable laws and regulations, such as the General Data Protection Regulation (GDPR). DAP is an important part of an organization's overall security strategy and helps to ensure that data is secure, accessible, and compliant with applicable laws and regulations., topic=null, hs_path=database-audit-and-protection-dap}--
{tableName=glossary, name=ISO/IEC Data Security Standard, description= ISO/IEC Data Security Standard (ISO/IEC 27001) is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It is a globally recognized standard for information security management systems (ISMS) and provides a framework of requirements and guidance for organizations looking to protect their data, systems, and processes. The standard is based on the Plan-Do-Check-Act (PDCA) cycle and requires organizations to identify their information security risks and develop an ISMS to manage these risks, as well as to continually review and improve their security. The standard outlines a set of best practices for information security, including risk assessment, policies and procedures, user access control, encryption, and security incident management. The standard also includes a number of technical controls, such as physical security, network security, application security, and data security. The ISO/IEC 27001 standard is a comprehensive and rigorous approach to information security, and organizations that implement it can demonstrate their commitment to data protection and security., topic=null, hs_path=iso-iec-data-security-standard}--
{tableName=glossary, name=Risk Source, description= Risk Source is a term used to describe the origin of a potential risk that could affect an organization, project, or process. It is typically used to identify and assess the potential risks associated with a given situation and can help in developing strategies to reduce or avoid those risks. Risk Sources can include external factors such as economic conditions, natural disasters, legal or regulatory changes, or internal factors such as organizational structure, processes, or personnel. Risk Sources can also include a combination of both external and internal factors. Risk Source identification and assessment is a critical component of any risk management program and can help organizations to identify and mitigate potential risks before they become a problem., topic=[{id=97620570509, createdAt=1673040885334, updatedAt=1683947919413, path='enterprise-risk-management', name=' Enterprise Risk Management Guide: A Comprehensive Guide', 1='{type=string, value=Enterprise Risk Management}', 2='{type=string, value= This guide provides an overview of Enterprise Risk Management and its processes, enabling you to develop a risk management strategy and plan for your organization. Learn how to identify, assess, and mitigate risks.}', 5='{type=string, value=This authoritative guide provides an overview of enterprise risk management (ERM) and its essential components. It is designed to help business leaders understand the fundamentals of ERM and develop the skills and knowledge needed to effectively manage risk in their organizations. The guide begins by defining ERM and outlining its main objectives. It then examines the key elements of ERM, including risk identification, assessment, and management. It also covers the importance of risk culture and the role of technology in ERM. Finally, the guide provides best practices for implementing and maintaining an effective ERM program. With this guide, business leaders will gain the knowledge and tools needed to effectively manage risk in their organizations.}'}], hs_path=risk-source}--
{tableName=glossary, name=Information Management System, description= An Information Management System is a system of organized procedures and processes used to collect, store, organize, analyze, retrieve, and distribute data and information. It is designed to help users efficiently manage and access data, information, and knowledge. It typically includes a combination of hardware, software, and other technologies, such as databases, networks, and cloud computing, to provide users with secure access to the data they need. An Information Management System is used to improve the efficiency of business operations, streamline processes, reduce costs, and improve customer service. It can also be used to improve decision-making, communication, collaboration, and productivity., topic=null, hs_path=information-management-system}--

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...