Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Taking the complexity out of distributed GRC
On-demand Webinar

Taking the complexity out of distributed GRC

Join industry experts Heather and Leigh to share their insights into how organizations operating in a distributed business model or organizational hie...

On-Demand Webinar

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Register Now
Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

Register Now
How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

Register Now
See all webinars

Latest Answers

ASD Essential 8

Who has to comply with ASD Essential 8?

What is ASD Essential 8? The Australian Signals Di...

NIST Cybersecurity Framework (CSF)

Is NIST a standard or framework?

What is NIST? NIST, which stands for the National ...

ASD Essential 8

What is the ASD Essential Eight model?

What is the ASD essential eight model? The ASD Ess...

{tableName=glossary, name=Fraud Management, description= Fraud Management is the process of identifying, preventing, and responding to fraudulent activities. It involves creating and implementing policies and procedures to detect and prevent fraudulent activities, such as identity theft, credit card fraud, and money laundering. It also involves developing strategies to respond to any fraudulent activity that is detected. Fraud Management requires a comprehensive approach that includes monitoring, analyzing, and responding to any suspicious activity. It also requires companies to have effective internal controls and to ensure that their employees are aware of the potential for fraud and how to detect and prevent it. Additionally, Fraud Management requires companies to stay abreast of changes in the industry and to adjust their policies and procedures accordingly., topic=null, hs_path=fraud-management}--
{tableName=glossary, name=ISO/IEC 27001 Or ISO/IEC 27018, description= ISO/IEC 27001 is an international standard developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) for information security management systems (ISMS). It provides a framework of specifications and best practices for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an ISMS. It is designed to help organizations ensure the confidentiality, integrity and availability of their information assets. The standard is divided into 14 clauses and is based on a process approach, with the main focus being on risk management. It requires organizations to identify and manage risks to their information assets, and to establish controls to mitigate those risks. ISO/IEC 27001 also requires organizations to define security policies and procedures, and to ensure that those policies and procedures are followed. ISO/IEC 27018 is a code of practice for the protection of personal data in the cloud. It provides a set of security controls and procedures that cloud service providers must implement when processing personal data. The code is based on the ISO/IEC 27001 ISMS and is designed to ensure that personal data is adequately protected and managed. It covers areas such as data security, data privacy, data security breach notification, data transfer, and data retention., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 3='{type=string, value=Write the overview for an authoritative guide based on: ISO 27001 Guide}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 7='{type=string, value=Write a web page title with no special characters and a maximum of 60 characters based on: ISO 27001 Guide}', 8='{type=string, value=Write the overview for an authoritative guide based on: ISO 27001 Guide}', 9='{type=string, value=20}', 10='{type=string, value=40}', 11='{type=string, value=200}', 12='{type=number, value=0}', 15='{type=list, value=[{id=97620570500, name='null'}]}'}], hs_path=iso-iec-27001-or-iso-iec-27018}--
{tableName=glossary, name=Risk Management Policy, description= A Risk Management Policy is a document that outlines steps and procedures to be taken by an organization to identify, assess, and manage risks associated with its operations. It is a comprehensive plan that outlines the roles and responsibilities of all stakeholders in the risk management process, as well as the process of monitoring and evaluating risks. The goal of a Risk Management Policy is to ensure that risks are identified and managed in a proactive, systematic, and cost-effective manner. It should also provide guidance on how to respond to potential risks and how to mitigate their impact. The policy should be reviewed and updated regularly to ensure that it remains current and relevant., topic=[{id=97620570509, createdAt=1673040885334, updatedAt=1683947919413, path='enterprise-risk-management', name=' Enterprise Risk Management Guide: A Comprehensive Guide', 1='{type=string, value=Enterprise Risk Management}', 2='{type=string, value= This guide provides an overview of Enterprise Risk Management and its processes, enabling you to develop a risk management strategy and plan for your organization. Learn how to identify, assess, and mitigate risks.}', 3='{type=string, value=Write the overview for an authoritative guide based on: Enterprise Risk Management Guide}', 5='{type=string, value=This authoritative guide provides an overview of enterprise risk management (ERM) and its essential components. It is designed to help business leaders understand the fundamentals of ERM and develop the skills and knowledge needed to effectively manage risk in their organizations. The guide begins by defining ERM and outlining its main objectives. It then examines the key elements of ERM, including risk identification, assessment, and management. It also covers the importance of risk culture and the role of technology in ERM. Finally, the guide provides best practices for implementing and maintaining an effective ERM program. With this guide, business leaders will gain the knowledge and tools needed to effectively manage risk in their organizations.}', 7='{type=string, value=Write a web page title with no special characters and a maximum of 60 characters based on: Enterprise Risk Management Guide}', 8='{type=string, value=Write the overview for an authoritative guide based on: Enterprise Risk Management Guide}', 9='{type=string, value=20}', 10='{type=string, value=40}', 11='{type=string, value=200}', 12='{type=number, value=0}'}], hs_path=risk-management-policy}--
{tableName=comparison, name=GDPR vs NIST SP 800-53, description=GDPR and NIST SP 800-53 are two of the most important regulations for data privacy and security. Learn more about the differences between., topic=[{id=97620570523, createdAt=1673040885422, updatedAt=1683947976779, path='gdpr', name=' GDPR: A Comprehensive Guide to Compliance', 1='{type=string, value=GDPR}', 2='{type=string, value= This GDPR Guide provides an authoritative overview of the General Data Protection Regulation (GDPR) and how it affects businesses and organizations. It outlines the key principles of the GDPR and provides an}', 3='{type=string, value=Write the overview for an authoritative guide based on: GDPR Guide}', 5='{type=string, value=This GDPR Guide provides a comprehensive overview of the European Union's General Data Protection Regulation (GDPR). It covers the full scope of the GDPR, including its purpose, scope, definitions, principles, rights, obligations, enforcement, and more. It also provides practical advice on how to comply with the GDPR, including best practices for data protection, data security, and data management. This guide is an essential resource for any organization that collects, stores, or processes personal data.}', 7='{type=string, value=Write a web page title with no special characters and a maximum of 60 characters based on: GDPR Guide}', 8='{type=string, value=Write the overview for an authoritative guide based on: GDPR Guide}', 9='{type=string, value=20}', 10='{type=string, value=40}', 11='{type=string, value=200}', 12='{type=number, value=0}'}], hs_path=gdpr-vs-nist-sp-800-53}--
{tableName=glossary, name=Risk Center, description= Risk Center is a term used to refer to a centralized location for managing, analyzing, and mitigating risk. It is the focal point for risk management activities within an organization and is responsible for establishing and maintaining a risk management framework. The Risk Center is responsible for developing and implementing policies, procedures, and processes to identify, assess, and monitor risk across the organization. It also ensures compliance with applicable regulations and standards and provides guidance on risk management best practices. The Risk Center also monitors and reports on risk levels and provides recommendations for risk mitigation strategies. Finally, the Risk Center may also provide training and education on risk management topics to ensure that the organization is prepared to respond to and manage risk., topic=[{id=97620570509, createdAt=1673040885334, updatedAt=1683947919413, path='enterprise-risk-management', name=' Enterprise Risk Management Guide: A Comprehensive Guide', 1='{type=string, value=Enterprise Risk Management}', 2='{type=string, value= This guide provides an overview of Enterprise Risk Management and its processes, enabling you to develop a risk management strategy and plan for your organization. Learn how to identify, assess, and mitigate risks.}', 3='{type=string, value=Write the overview for an authoritative guide based on: Enterprise Risk Management Guide}', 5='{type=string, value=This authoritative guide provides an overview of enterprise risk management (ERM) and its essential components. It is designed to help business leaders understand the fundamentals of ERM and develop the skills and knowledge needed to effectively manage risk in their organizations. The guide begins by defining ERM and outlining its main objectives. It then examines the key elements of ERM, including risk identification, assessment, and management. It also covers the importance of risk culture and the role of technology in ERM. Finally, the guide provides best practices for implementing and maintaining an effective ERM program. With this guide, business leaders will gain the knowledge and tools needed to effectively manage risk in their organizations.}', 7='{type=string, value=Write a web page title with no special characters and a maximum of 60 characters based on: Enterprise Risk Management Guide}', 8='{type=string, value=Write the overview for an authoritative guide based on: Enterprise Risk Management Guide}', 9='{type=string, value=20}', 10='{type=string, value=40}', 11='{type=string, value=200}', 12='{type=number, value=0}'}], hs_path=risk-center}--
{tableName=glossary, name=Network Security, description= Network Security is the practice of protecting networks, systems, and data from unauthorized access, misuse, modification, or destruction. It includes both physical security measures, such as firewalls, and logical security measures, such as authentication and encryption. Network security also involves the implementation of policies and procedures to ensure the safety of the network, its users, and the data stored on it. Network security is an important part of any organization's overall security strategy, and it is essential for protecting the privacy, integrity, and availability of the network and its data., topic=[{id=97620570528, createdAt=1673040885452, updatedAt=1683947994134, path='cybersecurity-risk-management', name=' Cybersecurity Risk Management: A Guide for Businesses', 1='{type=string, value=Cybersecurity Risk Management}', 2='{type=string, value= This guide provides essential information on cyber security risk management, including how to identify, assess, and mitigate risks to your organization's data and systems. Learn how to create a cyber security strategy that}', 3='{type=string, value=Write the overview for an authoritative guide based on: Cybersecurity Risk Management Guide}', 5='{type=string, value=This Cybersecurity Risk Management Guide is designed to provide an authoritative overview of the key concepts and processes associated with effective cybersecurity risk management. It provides an introduction to the principles of risk management and the key steps involved in developing a successful risk management plan. It outlines the importance of understanding the threats and vulnerabilities that exist in the digital environment, as well as the steps that can be taken to mitigate these risks. It also discusses the need to develop a culture of security within an organization and the role of leadership in setting the tone for a secure environment. Finally, the guide provides guidance on the selection and implementation of security technologies, as well as the monitoring and review of risk management processes. This guide is an essential resource for anyone looking to understand and manage risks associated with cyber threats.}', 7='{type=string, value=Write a web page title with no special characters and a maximum of 60 characters based on: Cybersecurity Risk Management Guide}', 8='{type=string, value=Write the overview for an authoritative guide based on: Cybersecurity Risk Management Guide}', 9='{type=string, value=20}', 10='{type=string, value=40}', 11='{type=string, value=200}', 12='{type=number, value=0}'}], hs_path=network-security}--
Fraud Management

Fraud Management is the process of identifying, preventing, and responding to fraudulent activities....

ISO 27001
ISO/IEC 27001 Or ISO/IEC 27018

ISO/IEC 27001 is an international standard developed by the International Organization for Standardi...

Enterprise Risk Management
Risk Management Policy

A Risk Management Policy is a document that outlines steps and procedures to be taken by an organiza...

GDPR
GDPR vs NIST SP 800-53

GDPR and NIST SP 800-53 are two of the most important regulations for data privacy and security. Lea...

Enterprise Risk Management
Risk Center

Risk Center is a term used to refer to a centralized location for managing, analyzing, and mitigatin...

Cybersecurity Risk Management
Network Security

Network Security is the practice of protecting networks, systems, and data from unauthorized access,...

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Download
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks