Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

On-Demand Webinar

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

See all webinars
{tableName=glossary, name=Endpoint Cybersecurity, description= Endpoint cybersecurity is a type of security measure taken to protect endpoints, such as computers, servers, mobile devices, and other network-connected devices, from malicious cyber threats. Endpoint cybersecurity is a comprehensive approach to protecting endpoints from the threats posed by hackers, malware, and other malicious actors. Endpoint cybersecurity solutions typically involve a combination of hardware and software solutions, such as firewalls, antivirus software, intrusion detection systems, and endpoint protection platforms. These solutions are designed to detect, prevent, and respond to malicious activity and threats. Endpoint cybersecurity solutions can also include measures such as user authentication, access control, encryption, and network segmentation. The goal of endpoint cybersecurity is to protect endpoints from malicious attacks and ensure that data and systems remain secure., topic=null, hs_path=endpoint-cybersecurity}--
{tableName=glossary, name=Business Continuity Management (BCM), description= Business Continuity Management (BCM) is a holistic management process that identifies potential threats to an organization and the impacts to business operations that those threats may have, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand, and value-creating activities. It includes the development of policies and procedures for preventing, responding to, and recovering from disruptive events. BCM also includes the identification of an organization’s critical business functions, the development of recovery strategies, the implementation of plans and procedures, the testing of plans and procedures, and the maintenance of plans and procedures. BCM helps organizations to protect their operations, financials, customers, and stakeholders in the event of a disruption. It also helps organizations to maintain their competitive edge by ensuring the continuity of their operations, products and services in the face of any disruption., topic=[{id=97620570528, createdAt=1673040885452, updatedAt=1683947994134, path='cybersecurity-risk-management', name=' Cybersecurity Risk Management: A Guide for Businesses', 1='{type=string, value=Cybersecurity Risk Management}', 2='{type=string, value= This guide provides essential information on cyber security risk management, including how to identify, assess, and mitigate risks to your organization's data and systems. Learn how to create a cyber security strategy that}', 5='{type=string, value=This Cybersecurity Risk Management Guide is designed to provide an authoritative overview of the key concepts and processes associated with effective cybersecurity risk management. It provides an introduction to the principles of risk management and the key steps involved in developing a successful risk management plan. It outlines the importance of understanding the threats and vulnerabilities that exist in the digital environment, as well as the steps that can be taken to mitigate these risks. It also discusses the need to develop a culture of security within an organization and the role of leadership in setting the tone for a secure environment. Finally, the guide provides guidance on the selection and implementation of security technologies, as well as the monitoring and review of risk management processes. This guide is an essential resource for anyone looking to understand and manage risks associated with cyber threats.}'}], hs_path=business-continuity-management-bcm}--
{tableName=glossary, name=Risk Management Framework, description= Risk Management Framework is a set of processes, policies, and tools used to identify, assess, monitor, and control risks associated with an organization’s activities. It is designed to help organizations manage the risks associated with their operations in order to minimize their potential impact on the organization's objectives. The framework typically includes the following components: risk identification, risk assessment, risk control, risk monitoring, and risk communication. Risk identification involves identifying potential risks and assigning them to specific categories. Risk assessment involves evaluating the probability and potential impact of the identified risks. Risk control involves implementing strategies to mitigate the identified risks. Risk monitoring involves tracking the progress of risk management activities. Risk communication involves informing stakeholders of the status of risk management activities. The Risk Management Framework is an integral part of an organization's overall risk management strategy and is necessary to ensure the organization is prepared to handle the risks associated with its operations., topic=[{id=97620570509, createdAt=1673040885334, updatedAt=1683947919413, path='enterprise-risk-management', name=' Enterprise Risk Management Guide: A Comprehensive Guide', 1='{type=string, value=Enterprise Risk Management}', 2='{type=string, value= This guide provides an overview of Enterprise Risk Management and its processes, enabling you to develop a risk management strategy and plan for your organization. Learn how to identify, assess, and mitigate risks.}', 5='{type=string, value=This authoritative guide provides an overview of enterprise risk management (ERM) and its essential components. It is designed to help business leaders understand the fundamentals of ERM and develop the skills and knowledge needed to effectively manage risk in their organizations. The guide begins by defining ERM and outlining its main objectives. It then examines the key elements of ERM, including risk identification, assessment, and management. It also covers the importance of risk culture and the role of technology in ERM. Finally, the guide provides best practices for implementing and maintaining an effective ERM program. With this guide, business leaders will gain the knowledge and tools needed to effectively manage risk in their organizations.}'}], hs_path=risk-management-framework}--
{tableName=glossary, name=ISO/IEC /IEC 27001 Foundation, description= ISO/IEC 27001 Foundation is an international standard for Information Security Management Systems (ISMS) which provides the framework for organizations to establish, implement, maintain and continually improve an effective ISMS. It helps organizations to identify, assess and manage the risks associated with the use, storage, transmission and disposal of information. It also helps organizations to ensure that the confidentiality, integrity and availability of information is maintained. The standard covers the requirements for an ISMS, including the establishment of policies and procedures, the implementation of controls, and the monitoring of performance. It also provides guidance on how to develop an ISMS and how to assess the effectiveness of the system. The standard is applicable to all types of organizations, regardless of size, nature or sector., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='null'}]}'}], hs_path=iso-iec-iec-27001-foundation}--
{tableName=glossary, name=Risk Mitigation, description= Risk mitigation is the process of identifying, assessing, and reducing the potential for negative impacts of risks to an organization's objectives. It involves developing strategies to manage the risks and implementing those strategies to reduce the likelihood of their occurrence and/or the severity of their impact. Risk mitigation strategies can include risk avoidance, risk transfer, risk sharing, risk reduction, risk acceptance, and risk control. Risk avoidance involves eliminating or avoiding activities or situations that could result in the risk. Risk transfer involves transferring the risk to another party, such as an insurance company, who will assume the risk in exchange for a fee. Risk sharing involves sharing the risk between parties, such as when two companies form a joint venture. Risk reduction involves reducing the likelihood of the risk occurring or the severity of its impact. Risk acceptance involves accepting the risk and taking no action to reduce it. Risk control involves implementing measures to reduce the risk, such as implementing safety protocols or installing security systems., topic=[{id=97620570509, createdAt=1673040885334, updatedAt=1683947919413, path='enterprise-risk-management', name=' Enterprise Risk Management Guide: A Comprehensive Guide', 1='{type=string, value=Enterprise Risk Management}', 2='{type=string, value= This guide provides an overview of Enterprise Risk Management and its processes, enabling you to develop a risk management strategy and plan for your organization. Learn how to identify, assess, and mitigate risks.}', 5='{type=string, value=This authoritative guide provides an overview of enterprise risk management (ERM) and its essential components. It is designed to help business leaders understand the fundamentals of ERM and develop the skills and knowledge needed to effectively manage risk in their organizations. The guide begins by defining ERM and outlining its main objectives. It then examines the key elements of ERM, including risk identification, assessment, and management. It also covers the importance of risk culture and the role of technology in ERM. Finally, the guide provides best practices for implementing and maintaining an effective ERM program. With this guide, business leaders will gain the knowledge and tools needed to effectively manage risk in their organizations.}'}], hs_path=risk-mitigation}--
{tableName=glossary, name=Defence In Depth, description= Defence In Depth is a military strategy which seeks to protect an area from attack by creating multiple layers of defence. It involves a series of mutually supporting defensive positions, often located at different depths within the defensive area. The aim is to force an attacker to penetrate multiple layers of defences, each of which can be used to slow the attackers' progress and buy time for reinforcements to arrive. This strategy can be used to defend a wide variety of areas and assets, including physical locations, networks, and information systems. Defence In Depth is also known as a layered defence, or a multi-tiered defence., topic=null, hs_path=defence-in-depth}--

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...