Skip to content

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risk, and compliance trends.

Webinars

IT risk management essentials: Miti...

On-demand Webinar

IT risk management essentials: Mitigate risk & stay secure

With cyber threats constantly evolving, understanding the essentials of IT risk management is crucial for businesses of ...
date-icon

Jun 12, 2024

location

Virtual

Building intelligent vendor risk pr...

On-demand Webinar

Building intelligent vendor risk programs

Discover how to revolutionize your vendor risk management (VRM) processes with 6clicks' comprehensive solution in our on...
date-icon

May 29, 2024

location

Virtual

Mastering Security Compliance

On-demand Webinar

Mastering Security Compliance

Join our webinar to unlock the potential of AI-driven security compliance with 6clicks! Discover how to intelligently au...
date-icon

May 15, 2024

location

Virtual

See all webinars
{tableName=glossary, name=Passive Attack, description= A passive attack is a type of cyber attack that does not involve the direct manipulation of an information system or its data, but instead uses existing vulnerabilities to gain access to resources, such as user accounts, confidential information, or networks. Passive attacks are typically used to gain access to a system or network, or to gain intelligence about the system or network, such as what kind of data is stored, who has access to it, and what services are running. Examples of passive attacks include eavesdropping on unencrypted communications, exploiting weak passwords, and analyzing network traffic for sensitive information. In contrast to active attacks, passive attacks are difficult to detect because the attacker does not leave any evidence of their activity., topic=[{id=97620570512, createdAt=1673040885353, updatedAt=1715624422147, path='vulnerability-management', name='Vulnerability Management Guide: Learn to Protect Your Business', 1='{type=string, value=Vulnerability Management}', 2='{type=string, value= Learn how to identify, assess, and manage security vulnerabilities in your organization with this comprehensive guide to Vulnerability Management. Get started now!}', 5='{type=string, value=This Vulnerability Management Guide provides an authoritative overview of the processes, strategies, and best practices for effectively managing vulnerabilities in an organization's IT systems. It explains the importance of vulnerability management and outlines the steps needed to build an effective vulnerability management program. It also covers the various tools and techniques used to identify, assess, and remediate vulnerabilities, as well as the importance of monitoring and reporting on the program's progress. Finally, the guide provides guidance on how to select the appropriate security solutions for an organization's needs. By following the advice in this guide, organizations can ensure that their systems are secure and their data is protected.}', 15='{type=list, value=[{id=97620570512, name='Vulnerability Management'}]}'}], hs_path=passive-attack}--
{tableName=glossary, name=NIST Controls, description= NIST Controls are a set of security guidelines developed by the National Institute of Standards and Technology (NIST) to help organizations protect their information systems, networks, and data. They provide a comprehensive framework of security requirements and best practices that organizations can use to protect their systems and data from malicious attacks, unauthorized access, and other cyber threats. NIST Controls are based on the NIST Cybersecurity Framework, which outlines five core functions: Identify, Protect, Detect, Respond, and Recover. These functions provide a comprehensive approach to cybersecurity, helping organizations identify vulnerabilities and threats, develop appropriate security measures, detect and respond to incidents, and recover from them. NIST Controls also provide guidance on implementing security controls, including technical, administrative, and physical security measures., topic=[{id=97620570503, createdAt=1673040885296, updatedAt=1715624266851, path='nist-cybersecurity-framework-csf', name=' NIST Cybersecurity Framework: A Comprehensive Guide', 1='{type=string, value=NIST Cybersecurity Framework (CSF)}', 2='{type=string, value= A comprehensive guide to the NIST Cybersecurity Framework (CSF) and how to use it to protect your organization's IT infrastructure and data. Learn best practices and tips to help you improve}', 5='{type=string, value=This authoritative guide provides an overview of the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). The guide will provide an in-depth look at the five core functions of the CSF, which are Identify, Protect, Detect, Respond, and Recover. It will also explain the importance of the CSF and how it can help organizations of all sizes to protect their networks and data from cyber threats. The guide will also provide an overview of the various tools and resources available to help organizations implement the CSF, as well as best practices for using the framework to ensure the security of their systems. Finally, the guide will provide a comprehensive look at the various roles and responsibilities associated with the CSF, including the roles of the organization, its employees, and external partners. This guide is an essential resource for any organization looking to protect its networks and data from the ever-evolving cyber threats.}', 15='{type=list, value=[{id=97620570503, name='NIST Cybersecurity Framework (CSF)'}]}'}], hs_path=nist-controls}--
{tableName=guides, name=APRA CPS 234, description= This guide provides a comprehensive overview of APRA CPS 234, the Australian Prudential Regulation Authority's (APRA) requirements for information security management. Learn how to protect your organisation's data, topic=[{id=97620570527, createdAt=1673040885446, updatedAt=1715624228283, path='apra-cps-234', name=' APRA CPS 234 Guide: Cyber Security Requirements', 1='{type=string, value=APRA CPS 234}', 2='{type=string, value= This guide provides a comprehensive overview of APRA CPS 234, the Australian Prudential Regulation Authority's (APRA) requirements for information security management. Learn how to protect your organisation's data}', 5='{type=string, value=The APRA CPS 234 Guide provides authoritative guidance to help organizations implement effective cybersecurity strategies. Written by the Australian Prudential Regulation Authority (APRA), this guide outlines the essential elements of a cyber security framework and outlines best practices for protecting data and systems from cyber threats. It provides detailed guidance on how to assess risk, implement safeguards, and respond to cyber incidents. The guide also includes information on how to develop policies and procedures, educate staff, and monitor cyber security performance. With this guide, organizations can ensure that their systems are secure and their data is protected.}', 15='{type=list, value=[{id=97620570527, name='APRA CPS 234'}]}'}], hs_path=apra-cps-234}--
{tableName=comparison, name=SOC 2 vs NIST CSF, description=A comparison of SOC 2 and NIST Cybersecurity Framework (CSF). Learn the differences between the two frameworks, their security objectives., topic=[{id=97620570514, createdAt=1673040885366, updatedAt=1715624490265, path='soc-2', name=' SOC 2 Compliance: A Comprehensive Guide', 1='{type=string, value=SOC 2}', 2='{type=string, value= Compliance SOC 2 Compliance Guide: Learn the basics of SOC 2 compliance and how to ensure your organization meets the necessary standards. Get expert advice and resources to help you understand and implement the necessary}', 5='{type=string, value=This comprehensive guide provides an in-depth look at SOC 2, a set of standards used to assess the security, availability, processing integrity, confidentiality, and privacy of a service organization. It is designed to help service organizations understand the requirements of the SOC 2 framework, as well as how to implement and maintain the necessary controls to achieve compliance. This guide provides a detailed overview of the SOC 2 framework, including the five trust principles, the criteria used to evaluate those principles, and the process organizations must go through to become compliant. Additionally, this guide provides best practices for organizations to ensure they remain compliant, as well as advice on how to handle any non-compliance issues that may arise. With this guide, service organizations can gain a better understanding of the SOC 2 framework and how to use it to maintain the security and privacy of their customers' data.}', 15='{type=list, value=[{id=97620570514, name='SOC 2'}]}'}], hs_path=soc-2-vs-nist-cybersecurity-framework-csf}--
{tableName=glossary, name=Threat Modeling, description= Threat Modeling is a structured approach to identifying, analyzing, and responding to potential security threats in a system, network, or application. It is used to identify and assess threats, vulnerabilities, and risks, and to develop a strategy to mitigate them. The process typically involves analyzing the system architecture, identifying potential threats, assessing their likelihood and impact, and then determining the most appropriate countermeasures to reduce or eliminate the risks. Threat Modeling can also be used to identify and prioritize security requirements and to evaluate the security of existing systems. The goal of Threat Modeling is to reduce the attack surface of a system, network, or application and to protect it from malicious actors., topic=[{id=97620570512, createdAt=1673040885353, updatedAt=1715624422147, path='vulnerability-management', name='Vulnerability Management Guide: Learn to Protect Your Business', 1='{type=string, value=Vulnerability Management}', 2='{type=string, value= Learn how to identify, assess, and manage security vulnerabilities in your organization with this comprehensive guide to Vulnerability Management. Get started now!}', 5='{type=string, value=This Vulnerability Management Guide provides an authoritative overview of the processes, strategies, and best practices for effectively managing vulnerabilities in an organization's IT systems. It explains the importance of vulnerability management and outlines the steps needed to build an effective vulnerability management program. It also covers the various tools and techniques used to identify, assess, and remediate vulnerabilities, as well as the importance of monitoring and reporting on the program's progress. Finally, the guide provides guidance on how to select the appropriate security solutions for an organization's needs. By following the advice in this guide, organizations can ensure that their systems are secure and their data is protected.}', 15='{type=list, value=[{id=97620570512, name='Vulnerability Management'}]}'}], hs_path=threat-modeling}--
{tableName=glossary, name=Health Information Trust Alliance (HITRUST), description= The Health Information Trust Alliance (HITRUST) is a non-profit organization that was created to provide a unified framework for managing and protecting sensitive healthcare information. This framework is designed to help organizations of all sizes and types, including healthcare providers, health plans, healthcare technology vendors, and other stakeholders, better manage and protect their sensitive information. HITRUST provides an array of services, including standards, tools, and resources, to help organizations assess and improve their security and privacy posture. The HITRUST Common Security Framework (CSF) is a comprehensive, prescriptive, and scalable security framework that provides organizations with a unified approach to managing and protecting sensitive information. The CSF includes a variety of security and privacy controls, including those related to data security, system security, personnel security, access control, and incident response. HITRUST also provides a variety of educational and certification programs to help organizations better understand and implement the CSF., topic=[{id=97620570526, createdAt=1673040885440, updatedAt=1715624231354, path='vendor-risk-management', name=' Vendor Risk Management: A Guide to Best Practices', 1='{type=string, value=Vendor Risk Management}', 2='{type=string, value= Vendor Risk Management Guide: Learn the fundamentals of vendor risk management and how to identify, assess, and mitigate risks associated with third-party vendors.}', 5='{type=string, value=This Vendor Risk Management Guide provides a comprehensive overview of the key components of vendor risk management. It covers the fundamentals of vendor risk management, including risk identification, assessment, and mitigation strategies. It also provides guidance on the development of a vendor risk management program, including the process for selecting, onboarding, and monitoring vendors. Additionally, this guide provides guidance on the use of technology to automate and streamline the vendor risk management process. Finally, this guide provides a number of best practices for managing vendor risk and ensuring compliance with applicable regulations. With this guide, organizations can create a comprehensive and effective vendor risk management program that ensures the safety of their data and systems.}', 15='{type=list, value=[{id=97620570526, name='Vendor Risk Management'}]}'}], hs_path=health-information-trust-alliance-hitrust}--

eBooks

GRC 5.0: Explaining the Paradigm Sh...

eBook

GRC 5.0: Explaining the Paradigm Shift in GRC

In this eBook, 6clicks CEO, Anthony Stevens, covers the major paradigm shift in GRC, integrating your risk approach, ma...
GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...