Skip to content
🚨 Upcoming webinar: AI and the Future of GRC featuring Ant Stevens and Michael Rasmussen 🚨

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risk, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
Responding to Australia's new critical infrastructure laws
On-demand Webinar

Responding to Australia's new critical infrastruct...

Join industry experts Andrew Robinson, Matthew Chantrell and Ryan Turan to share their insights into how to automate and manage your compliance with A...

Webinars

Unlocking smart value for MSPs: Fro...

On-demand Webinar

Unlocking smart value for MSPs: From assessment to full vCISO services

Join us for a webinar designed for Managed Service Providers (MSPs) to explore how 6clicks can transform your services. ...
date-icon

Jul 17, 2024

location

Virtual

Register Now
A look behind the scenes at the GRC...

On-demand Webinar

A look behind the scenes at the GRC practices of an AI-powered GRC company

Discover the inner workings of 6clicks' Governance, Risk, and Compliance (GRC) practices with our exclusive on-demand we...
date-icon

Jul 12, 2024

location

Virtual

Register Now
IT risk management essentials: Miti...

On-demand Webinar

IT risk management essentials: Mitigate risk & stay secure

With cyber threats constantly evolving, understanding the essentials of IT risk management is crucial for businesses of ...
date-icon

Jun 12, 2024

location

Virtual

Register Now
See all webinars

Latest Answers

How does 6clicks support effective softw...

6clicks supports effective software vulnerability ...

What are the key steps involved in the i...

The internal audit process using 6clicks involves ...

What should be included in an ISO audit ...

An ISO audit checklist for cybersecurity complianc...

{tableName=glossary, name=ISO/IEC 27001 Certification Requirements, description= ISO/IEC 27001 Certification Requirements are a set of international standards developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) to help organizations protect their information assets. The standards provide a framework to ensure that organizations have appropriate controls, processes, and procedures in place to protect their information assets. The standards are divided into two parts: the ISO/IEC 27001 standard, which outlines the requirements for an information security management system (ISMS), and the ISO/IEC 27002 standard, which provides detailed guidance on how to implement the requirements. The ISO/IEC 27001 standard requires organizations to have a documented ISMS that covers all aspects of their information security, including risk assessments, policies and procedures, and organizational structures. The standard also requires organizations to have a documented process for regularly monitoring and assessing the effectiveness of their ISMS. Organizations must also have procedures in place to respond to security incidents, as well as to ensure that their ISMS is continuously improved. Finally, organizations must demonstrate that their ISMS meets the requirements of the ISO/IEC 27001 standard through independent third-party certification., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-certification-requirements}--
{tableName=glossary, name=ISO/IEC 27001 Or ISO/IEC 27018, description= ISO/IEC 27001 is an international standard developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) for information security management systems (ISMS). It provides a framework of specifications and best practices for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an ISMS. It is designed to help organizations ensure the confidentiality, integrity and availability of their information assets. The standard is divided into 14 clauses and is based on a process approach, with the main focus being on risk management. It requires organizations to identify and manage risks to their information assets, and to establish controls to mitigate those risks. ISO/IEC 27001 also requires organizations to define security policies and procedures, and to ensure that those policies and procedures are followed. ISO/IEC 27018 is a code of practice for the protection of personal data in the cloud. It provides a set of security controls and procedures that cloud service providers must implement when processing personal data. The code is based on the ISO/IEC 27001 ISMS and is designed to ensure that personal data is adequately protected and managed. It covers areas such as data security, data privacy, data security breach notification, data transfer, and data retention., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-or-iso-iec-27018}--
{tableName=glossary, name=Mandatory Access Control (MAC), description= Mandatory Access Control (MAC) is an access control system that requires users to be explicitly identified and authorized before they can access any resources or information. It is a type of access control system that is enforced by a centralized authority, such as a system administrator, and is based on the classification and labeling of resources. MAC is a type of access control system that is based on a set of predetermined rules, rather than user-defined rules, and is typically used in highly secure environments, such as government or military networks. MAC prevents users from accessing resources or information that they are not authorized to access, and is often used in conjunction with other access control systems, such as Discretionary Access Control (DAC) or Role-Based Access Control (RBAC)., topic=null, hs_path=mandatory-access-control-mac}--
{tableName=glossary, name=Security Metrics, description= Security Metrics are measurements used to assess the effectiveness of an organization's security posture. They enable organizations to track and monitor the performance of their security systems and processes, as well as to identify areas of improvement. Security Metrics provide organizations with a better understanding of the effectiveness of their security infrastructure, allowing them to make informed decisions about security investments and strategies. Security Metrics encompass a wide range of measurements, including but not limited to: vulnerability assessments, security incident response times, security awareness training completion rates, and compliance with security policies and standards. Security Metrics are used to evaluate the effectiveness of an organization's security program, as well as to identify potential areas of improvement and risk., topic=[{id=97620570512, createdAt=1673040885353, updatedAt=1715624422147, path='vulnerability-management', name='Vulnerability Management Guide: Learn to Protect Your Business', 1='{type=string, value=Vulnerability Management}', 2='{type=string, value= Learn how to identify, assess, and manage security vulnerabilities in your organization with this comprehensive guide to Vulnerability Management. Get started now!}', 5='{type=string, value=This Vulnerability Management Guide provides an authoritative overview of the processes, strategies, and best practices for effectively managing vulnerabilities in an organization's IT systems. It explains the importance of vulnerability management and outlines the steps needed to build an effective vulnerability management program. It also covers the various tools and techniques used to identify, assess, and remediate vulnerabilities, as well as the importance of monitoring and reporting on the program's progress. Finally, the guide provides guidance on how to select the appropriate security solutions for an organization's needs. By following the advice in this guide, organizations can ensure that their systems are secure and their data is protected.}', 15='{type=list, value=[{id=97620570512, name='Vulnerability Management'}]}'}], hs_path=security-metrics}--
{tableName=comparison, name=GDPR vs PCI-DSS, description=GDPR and PCI-DSS are two data privacy and security standards. Learn about their differences and how to comply with both. , topic=[{id=97620570523, createdAt=1673040885422, updatedAt=1715624542336, path='gdpr', name=' GDPR: A Comprehensive Guide to Compliance', 1='{type=string, value=GDPR}', 2='{type=string, value= This GDPR Guide provides an authoritative overview of the General Data Protection Regulation (GDPR) and how it affects businesses and organizations. It outlines the key principles of the GDPR and provides an}', 5='{type=string, value=This GDPR Guide provides a comprehensive overview of the European Union's General Data Protection Regulation (GDPR). It covers the full scope of the GDPR, including its purpose, scope, definitions, principles, rights, obligations, enforcement, and more. It also provides practical advice on how to comply with the GDPR, including best practices for data protection, data security, and data management. This guide is an essential resource for any organization that collects, stores, or processes personal data.}', 15='{type=list, value=[{id=97620570523, name='GDPR'}]}'}], hs_path=gdpr-vs-pci-dss}--
{tableName=glossary, name=ISO/IEC Directives, description= ISO/IEC Directives are a set of standards and guidelines issued by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) to ensure that all of their standards, technical specifications, and other documents are developed in a consistent, reliable, and transparent manner. They provide guidance on topics such as the structure and content of documents, the development and review process, the use of symbols, terminology, and abbreviations, and the use of language, among other things. They also provide guidance on the management and maintenance of standards and other documents, including their publication, registration, and withdrawal. The ISO/IEC Directives are designed to ensure that all of the documents produced by ISO and IEC are of the highest quality and provide the most reliable information to the public., topic=null, hs_path=iso-iec-directives}--
ISO 27001
ISO/IEC 27001 Certification Requirements

ISO/IEC 27001 Certification Requirements are a set of international standards developed by the Inter...

ISO 27001
ISO/IEC 27001 Or ISO/IEC 27018

ISO/IEC 27001 is an international standard developed by the International Organization for Standardi...

Mandatory Access Control (MAC)

Mandatory Access Control (MAC) is an access control system that requires users to be explicitly iden...

Vulnerability Management
Security Metrics

Security Metrics are measurements used to assess the effectiveness of an organization's security pos...

GDPR
GDPR vs PCI-DSS

GDPR and PCI-DSS are two data privacy and security standards. Learn about their differences and how ...

ISO/IEC Directives

ISO/IEC Directives are a set of standards and guidelines issued by the International Organization fo...

eBooks

Revolutionizing GRC with AI: Harnes...

eBook

Revolutionizing GRC with AI: Harnessing the power of LLM and RAG technologies

Download
GRC 5.0: Explaining the Paradigm Sh...

eBook

GRC 5.0: Explaining the Paradigm Shift in GRC

In this eBook, 6clicks CEO, Anthony Stevens, covers the major paradigm shift in GRC, integrating your risk approach, ma...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks