Skip to content

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risk, and compliance trends.

Webinars

IT risk management essentials: Miti...

On-demand Webinar

IT risk management essentials: Mitigate risk & stay secure

With cyber threats constantly evolving, understanding the essentials of IT risk management is crucial for businesses of ...
date-icon

Jun 12, 2024

location

Virtual

Building intelligent vendor risk pr...

On-demand Webinar

Building intelligent vendor risk programs

Discover how to revolutionize your vendor risk management (VRM) processes with 6clicks' comprehensive solution in our on...
date-icon

May 29, 2024

location

Virtual

Mastering Security Compliance

On-demand Webinar

Mastering Security Compliance

Join our webinar to unlock the potential of AI-driven security compliance with 6clicks! Discover how to intelligently au...
date-icon

May 15, 2024

location

Virtual

See all webinars
{tableName=glossary, name=ISO/IEC 27001 Controls, description= ISO/IEC 27001 Controls is a set of security controls and best practices established by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) to help organizations protect their information assets. It is a framework of policies and procedures that organizations must implement to ensure that their information is secure and protected from unauthorized access, use, disclosure, disruption, modification, or destruction. The controls are designed to reduce the risk of data loss and to protect the confidentiality, integrity, and availability of organizational information. The ISO/IEC 27001 standard is divided into two parts: the Code of Practice for Information Security Management (ISO/IEC 27002) and the Specification for Information Security Management Systems (ISO/IEC 27001). The Code of Practice outlines the security controls that organizations must implement, while the Specification provides guidance on how to design, implement, and maintain an effective information security management system. The ISO/IEC 27001 Controls are comprehensive and cover areas such as physical security, access control, encryption, incident response, and audit and compliance., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-controls}--
{tableName=glossary, name=ISO/IEC 27002:2022 Controls, description= ISO/IEC 27002:2022 Controls, also known as the Code of Practice for Information Security Controls, is a framework of security controls developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It provides a set of security controls and guidelines for organizations to follow to ensure the security of their information systems and data. The framework includes a list of security controls and procedures that organizations should implement to protect their information assets. The controls include physical, technical, and administrative measures that organizations should take to protect their information systems and data from unauthorized access, use, disclosure, modification, and destruction. The framework also provides guidance on how to assess, monitor, and review the effectiveness of the security controls. Additionally, the framework provides guidance on how to develop, implement, and maintain an information security management system., topic=null, hs_path=iso-iec-270022022-controls}--
{tableName=comparison, name=ISO 27001 vs ASD Essential 8, description= ISO 27001 and ASD Essential 8 are two popular frameworks for protecting information and systems. Learn about the key differences and how to use them together., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-27001-vs-asd-essential-8}--
{tableName=glossary, name=Dynamic Security Management, description= Dynamic Security Management is a comprehensive approach to managing security that incorporates the active monitoring, response, and prevention of threats. It involves the proactive identification and assessment of potential security risks, the development of a comprehensive security strategy, and the implementation of measures to protect the organization’s assets. Dynamic Security Management is a continuous process that involves a cycle of monitoring, analyzing, and responding to threats in order to maintain a secure environment. It involves the identification of potential threats and vulnerabilities, the implementation of security measures to protect against those threats, and the regular review of security policies and procedures. Dynamic Security Management also includes the development of incident response plans, the implementation of access control measures, and the use of encryption and other security technologies. These measures help to ensure the confidentiality, integrity, and availability of the organization’s data and systems., topic=null, hs_path=dynamic-security-management}--
{tableName=glossary, name=Statement Of Applicability (SOA), description= A Statement of Applicability (SOA) is a document that outlines the security controls and measures that an organization has implemented to protect its information systems and data assets. It is used to provide evidence of the organization's commitment to security and compliance. It typically includes a list of applicable security controls and measures, along with a description of how they are implemented and monitored. The SOA also includes a description of the organization's security policies, procedures, and guidelines, as well as any applicable laws and regulations. The SOA is typically reviewed and updated on a regular basis to ensure that the organization's security measures remain up to date and relevant., topic=[{id=97620570504, createdAt=1673040885302, updatedAt=1715750255339, path='information-security-management-system', name=' ISMS Guide: Info Security Mgmt System Overview', 1='{type=string, value=Information Security Management System (ISMS)}', 2='{type=string, value= This authoritative guide provides a comprehensive overview of Information Security Management Systems (ISMS). It covers the fundamentals of ISMS, as well as best practices for implementing an effective ISMS. It also}', 5='{type=string, value=This guide provides a comprehensive overview of Information Security Management Systems (ISMS), which are designed to protect organizations from the risks for which information security, cybersecurity and privacy protection are required. It covers the fundamentals of ISMS, including the components of an ISMS, the process of implementing an ISMS, and the various requirements and standards associated with ISMS. It also covers the different types of security threats, the best practices for mitigating them, and the importance of having a robust ISMS in place. Finally, this guide provides practical advice on how to design and implement an effective ISMS, as well as how to maintain it over time. With this guide, readers will gain a deeper understanding of how to protect their organizations from cyber threats and ensure their data is secure.}', 15='{type=list, value=[{id=97620570504, name='Information Security Management System (ISMS)'}]}'}], hs_path=statement-of-applicability-soa}--
{tableName=glossary, name=Strategic Risk, description= Strategic risk is the risk that an organization takes when it makes strategic decisions, such as entering a new market, introducing a new product, or changing its business model. This type of risk is associated with uncertainty and the potential for losses due to unexpected events or changes in the external environment. Strategic risk can include a wide range of risks, such as financial, operational, legal, reputational, and political risks. Strategic risk management involves identifying, assessing, and managing the risks associated with strategic decisions. Risk management strategies can include developing contingency plans, diversifying investments, and implementing risk mitigation measures. Strategic risk management is an important part of any organization’s overall risk management strategy., topic=null, hs_path=strategic-risk}--

eBooks

GRC 5.0: Explaining the Paradigm Sh...

eBook

GRC 5.0: Explaining the Paradigm Shift in GRC

In this eBook, 6clicks CEO, Anthony Stevens, covers the major paradigm shift in GRC, integrating your risk approach, ma...
GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...