Skip to content
🚨 Upcoming webinar: AI and the Future of GRC featuring Ant Stevens and Michael Rasmussen 🚨

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risk, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
Responding to Australia's new critical infrastructure laws
On-demand Webinar

Responding to Australia's new critical infrastruct...

Join industry experts Andrew Robinson, Matthew Chantrell and Ryan Turan to share their insights into how to automate and manage your compliance with A...

Webinars

Unlocking smart value for MSPs: Fro...

On-demand Webinar

Unlocking smart value for MSPs: From assessment to full vCISO services

Join us for a webinar designed for Managed Service Providers (MSPs) to explore how 6clicks can transform your services. ...
date-icon

Jul 17, 2024

location

Virtual

Register Now
A look behind the scenes at the GRC...

On-demand Webinar

A look behind the scenes at the GRC practices of an AI-powered GRC company

Discover the inner workings of 6clicks' Governance, Risk, and Compliance (GRC) practices with our exclusive on-demand we...
date-icon

Jul 12, 2024

location

Virtual

Register Now
IT risk management essentials: Miti...

On-demand Webinar

IT risk management essentials: Mitigate risk & stay secure

With cyber threats constantly evolving, understanding the essentials of IT risk management is crucial for businesses of ...
date-icon

Jun 12, 2024

location

Virtual

Register Now
See all webinars

Latest Answers

How does 6clicks support effective softw...

6clicks supports effective software vulnerability ...

What are the key steps involved in the i...

The internal audit process using 6clicks involves ...

What should be included in an ISO audit ...

An ISO audit checklist for cybersecurity complianc...

{tableName=comparison, name=ISO 27001 vs APRA CPS 234, description= ISO 27001 vs APRA CPS 234: Compare the two leading international information security standards. Learn the differences between ISO 27001 and APRA CPS 234., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-27001-vs-apra-cps-234}--
{tableName=glossary, name=Configuration Management Database (CMDB), description= A Configuration Management Database (CMDB) is a database that stores and organizes detailed information about the components of an organization's IT infrastructure, including hardware, software, networks, and services. It is used to track and manage changes to the infrastructure, such as upgrades, new installations, and decommissioning of components, as well as to monitor the health and performance of the system. The CMDB is also used to ensure that the IT infrastructure is compliant with organizational policies and regulations. In addition, the CMDB can be used to provide a comprehensive view of the IT environment and its relationships, which can be used for capacity planning, forecasting, and decision making. The CMDB is also used to automate and streamline IT operations, such as incident management and change management. The CMDB is a powerful tool for IT departments to ensure the reliability and availability of their IT infrastructure., topic=null, hs_path=configuration-management-database-cmdb}--
{tableName=comparison, name=NIST SP 800-53 vs ASD Essential 8, description= Learn the key differences between NIST SP 800-53 and ASD Essential 8 security frameworks. Understand how these two frameworks can help., topic=[{id=97620570515, createdAt=1673040885373, updatedAt=1715624498921, path='nist-sp-800-53', name=' NIST SP 800-53 Security Guide: Protect Your Data', 1='{type=string, value=NIST SP 800-53}', 2='{type=string, value= This guide provides a comprehensive overview of NIST SP 800-53, a security and privacy control framework for federal information systems and organizations. Learn how to protect your data and comply with NIST}', 5='{type=string, value=This authoritative guide is based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, which provides guidance for federal agencies on selecting, implementing, and managing information security controls. The guide covers a wide range of topics, including risk assessment, security control selection, security control implementation, and security control monitoring. It also provides detailed information on the security controls that should be implemented in the organization, as well as guidance on how to assess and monitor the effectiveness of those controls. Additionally, the guide provides detailed information on the Federal Information Security Management Act (FISMA) and its requirements for information security. The guide is intended to help organizations ensure that their information systems are secure and compliant with applicable laws and regulations.}', 15='{type=list, value=[{id=97620570515, name='NIST SP 800-53'}]}'}], hs_path=nist-sp-800-53-vs-asd-essential-8}--
{tableName=glossary, name=Vendor Management Policy (Vmp), description= A Vendor Management Policy (VMP) is a set of guidelines and procedures for managing relationships with vendors that provide goods and services to an organization. It defines the roles and responsibilities of both the organization and the vendors, and outlines the process for selecting, evaluating, and managing vendor relationships. It also outlines the expectations for communication, performance, and delivery of services, as well as the processes for resolving disputes and managing changes in the relationship. A VMP is designed to ensure that all vendor relationships are conducted in a fair and transparent manner, with the organization's best interests in mind. It also helps to ensure that the organization is able to make informed decisions about which vendors to use and how to manage them., topic=[{id=97620570526, createdAt=1673040885440, updatedAt=1715624231354, path='vendor-risk-management', name=' Vendor Risk Management: A Guide to Best Practices', 1='{type=string, value=Vendor Risk Management}', 2='{type=string, value= Vendor Risk Management Guide: Learn the fundamentals of vendor risk management and how to identify, assess, and mitigate risks associated with third-party vendors.}', 5='{type=string, value=This Vendor Risk Management Guide provides a comprehensive overview of the key components of vendor risk management. It covers the fundamentals of vendor risk management, including risk identification, assessment, and mitigation strategies. It also provides guidance on the development of a vendor risk management program, including the process for selecting, onboarding, and monitoring vendors. Additionally, this guide provides guidance on the use of technology to automate and streamline the vendor risk management process. Finally, this guide provides a number of best practices for managing vendor risk and ensuring compliance with applicable regulations. With this guide, organizations can create a comprehensive and effective vendor risk management program that ensures the safety of their data and systems.}', 15='{type=list, value=[{id=97620570526, name='Vendor Risk Management'}]}'}], hs_path=vendor-management-policy-vmp}--
{tableName=glossary, name=ISO/IEC 27001 Risk Register, description= ISO/IEC 27001 Risk Register is a document that identifies and records potential risks to an organization’s information security system. It is a comprehensive list of all the risks that have been identified and assessed, along with the associated mitigation strategies. The Risk Register should be maintained and updated regularly to ensure that all risks are properly identified, assessed, and addressed. It should also be used to track progress on the implementation of risk management strategies, as well as to identify any new risks that may arise. The Risk Register should be reviewed periodically to ensure that all risks are being managed in an effective and efficient manner. Additionally, the Risk Register should be reviewed by senior management to ensure that the organization is taking appropriate steps to protect its information assets., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-risk-register}--
{tableName=comparison, name=ISO 27001 vs SOC 2, description= ISO 27001 and SOC 2 are two global standards for information security management. Learn the key differences between them., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-27001-vs-soc-2}--
ISO 27001
ISO 27001 vs APRA CPS 234

ISO 27001 vs APRA CPS 234: Compare the two leading international information security standards. Lea...

Configuration Management Database (CMDB)

A Configuration Management Database (CMDB) is a database that stores and organizes detailed informat...

NIST SP 800-53
NIST SP 800-53 vs ASD Essential 8

Learn the key differences between NIST SP 800-53 and ASD Essential 8 security frameworks. Understand...

Vendor Risk Management
Vendor Management Policy (Vmp)

A Vendor Management Policy (VMP) is a set of guidelines and procedures for managing relationships wi...

ISO 27001
ISO/IEC 27001 Risk Register

ISO/IEC 27001 Risk Register is a document that identifies and records potential risks to an organiza...

ISO 27001
ISO 27001 vs SOC 2

ISO 27001 and SOC 2 are two global standards for information security management. Learn the key diff...

eBooks

Revolutionizing GRC with AI: Harnes...

eBook

Revolutionizing GRC with AI: Harnessing the power of LLM and RAG technologies

Download
GRC 5.0: Explaining the Paradigm Sh...

eBook

GRC 5.0: Explaining the Paradigm Shift in GRC

In this eBook, 6clicks CEO, Anthony Stevens, covers the major paradigm shift in GRC, integrating your risk approach, ma...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks