Skip to content

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risk, and compliance trends.

Webinars

6clicks product roadshow: Discover ...

On-demand Webinar

6clicks product roadshow: Discover the latest updates

Gain exclusive insights into the latest advancements on the 6clicks platform, starting with our integration with Wiz and...
date-icon

Oct 31, 2024

location

Virtual

Reducing cost and complexity of GRC...

On-demand Webinar

Reducing cost and complexity of GRC with CyberCX

Join Andrew Robinson, CISO & Co-Founder of 6clicks, and Belinda Edwards, Manager - Governance, Risk, and Compliance of C...
date-icon

Sep 19, 2024

location

Virtual

6clicks Hub & Spoke: Smart GRC solu...

On-demand Webinar

6clicks Hub & Spoke: Smart GRC solution for enterprise needs

Explore how 6clicks' unique Hub & Spoke deployment architecture streamlines cyber GRC management for federated enterpris...
date-icon

Sep 2, 2024

location

Virtual

See all webinars
{tableName=comparison, name=PCI-DSS vs SOC 2, description= PCI-DSS and SOC 2 are two of the most important compliance standards for businesses. Learn the differences between them and how they can help you., topic=[{id=97620570502, createdAt=1673040885290, updatedAt=1715624259698, path='pci-dss', name=' PCI-DSS: A Guide to Meeting Security Requirements', 1='{type=string, value=PCI-DSS}', 2='{type=string, value=This guide provides an overview of the Payment Card Industry Data Security Standard (PCI-DSS) and the steps to take to ensure compliance with}', 5='{type=string, value=

This comprehensive guide provides a comprehensive overview of the Payment Card Industry Data Security Standard (PCI-DSS), a set of security standards designed to protect cardholder data and reduce the risk of data breaches. It covers the key components of the PCI-DSS, including the 12 requirements, the 6 goals, and the 6 core principles. It also provides a detailed description of the processes, technologies, and tools required to comply with the standard. Furthermore, the guide includes best practices for implementing the standard and provides resources to help organizations stay on top of the latest developments in the industry.

This guide provides a roadmap for achieving PCI-DSS compliance and maintaining a secure environment.

}', 15='{type=list, value=[{id=97620570502, name='PCI-DSS'}]}'}], hs_path=pci-dss-vs-soc-2}--
{tableName=glossary, name=Risk Reduction, description= Risk Reduction is a process that seeks to reduce the probability and/or impact of an adverse event or outcome. It involves identifying risks and then taking steps to reduce or eliminate them. Risk reduction can be achieved through a variety of strategies, including avoidance, control, transfer, and/or acceptance. Avoidance means eliminating or avoiding the risk altogether. Control involves taking steps to reduce the likelihood of the risk occurring or the severity of its consequences. Transferring the risk involves transferring the responsibility for dealing with the risk to another party. Finally, risk acceptance means accepting the risk and its consequences and taking steps to minimize their impact. Risk reduction is an important component of any successful risk management program., topic=[{id=97620570509, createdAt=1673040885334, updatedAt=1715624292575, path='enterprise-risk-management', name=' Enterprise Risk Management Guide: A Comprehensive Guide', 1='{type=string, value=Enterprise Risk Management}', 2='{type=string, value= This guide provides an overview of Enterprise Risk Management and its processes, enabling you to develop a risk management strategy and plan for your organization. Learn how to identify, assess, and mitigate risks.}', 5='{type=string, value=This authoritative guide provides an overview of enterprise risk management (ERM) and its essential components. It is designed to help business leaders understand the fundamentals of ERM and develop the skills and knowledge needed to effectively manage risk in their organizations. The guide begins by defining ERM and outlining its main objectives. It then examines the key elements of ERM, including risk identification, assessment, and management. It also covers the importance of risk culture and the role of technology in ERM. Finally, the guide provides best practices for implementing and maintaining an effective ERM program. With this guide, business leaders will gain the knowledge and tools needed to effectively manage risk in their organizations.}', 15='{type=list, value=[{id=97620570509, name='Enterprise Risk Management'}]}'}], hs_path=risk-reduction}--
{tableName=glossary, name=Consequence, description= Consequence is the result or effect of an action, decision, or set of circumstances. It is the outcome of a particular course of action and can either be positive or negative. Consequences can be immediate, such as the result of a choice made in the moment, or they can be far-reaching and long-term, such as the result of a decision made years ago. They can also be physical, mental, emotional, or spiritual in nature. Consequences can be direct, such as the result of a particular action, or indirect, such as the result of a decision made by someone else. Consequences are an integral part of life, as every action we take has a consequence that can shape our future and the future of those around us., topic=null, hs_path=consequence}--
{tableName=glossary, name=ISO/IEC 27001 Annex A, description= ISO/IEC 27001 Annex A is a set of information security controls developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). These controls are designed to help organizations protect their information assets from unauthorized access, use, disclosure, disruption, modification, or destruction. The controls are organized into 14 categories, including Access Control, Asset Management, Business Continuity Management, Cryptography, Human Resources Security, Information Security Incident Management, and Physical and Environmental Security. Each category includes a list of specific controls that organizations can implement to ensure the security of their information assets. The controls are designed to be comprehensive, flexible, and adaptable to the needs of any organization. The Annex also includes guidance on how to implement the controls and measure their effectiveness., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-annex-a}--
{tableName=glossary, name=Notifiable data breach, description= A notifiable data breach is an incident where there is unauthorized access to, or disclosure, of personal information, or a reasonable belief exists that such unauthorized access or disclosure has occurred. This type of breach is required to be reported to the relevant data protection authority or other regulatory body, depending on the jurisdiction in which it occurs. It can also be reported to the individuals whose data has been exposed, and to the public in some circumstances. Notifiable data breaches can occur due to a variety of reasons, including cyber-attacks, malicious insiders, human error, and system or process failures. The data involved can range from financial information and health records to intellectual property and other sensitive information. The consequences of a notifiable data breach can be significant, ranging from financial losses to reputational damage, and even regulatory fines in some cases. As such, organizations must have robust data security measures in place to protect against unauthorized access and disclosure of personal information, and they must be aware of the potential consequences of a data breach., topic=null, hs_path=notifiable-data-breach}--
{tableName=glossary, name=Email Encryption, description= Email Encryption is a security measure used to protect the privacy of email messages. It is a process of using encryption algorithms to scramble the contents of an email message, making it unreadable by anyone except the intended recipient. The encryption process takes the contents of the message, scrambles it using a mathematical algorithm, and produces a ciphertext. The ciphertext is then sent over the internet, where it is decrypted by the intended recipient using a key. Email encryption is a critical component of online security, as it helps protect the confidentiality of sensitive information and prevents unauthorized access to the contents of an email message., topic=null, hs_path=email-encryption}--