Skip to content
🚨 Upcoming webinar: AI and the Future of GRC featuring Ant Stevens and Michael Rasmussen 🚨

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risk, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
Responding to Australia's new critical infrastructure laws
On-demand Webinar

Responding to Australia's new critical infrastruct...

Join industry experts Andrew Robinson, Matthew Chantrell and Ryan Turan to share their insights into how to automate and manage your compliance with A...

Webinars

Unlocking smart value for MSPs: Fro...

On-demand Webinar

Unlocking smart value for MSPs: From assessment to full vCISO services

Join us for a webinar designed for Managed Service Providers (MSPs) to explore how 6clicks can transform your services. ...
date-icon

Jul 17, 2024

location

Virtual

Register Now
A look behind the scenes at the GRC...

On-demand Webinar

A look behind the scenes at the GRC practices of an AI-powered GRC company

Discover the inner workings of 6clicks' Governance, Risk, and Compliance (GRC) practices with our exclusive on-demand we...
date-icon

Jul 12, 2024

location

Virtual

Register Now
IT risk management essentials: Miti...

On-demand Webinar

IT risk management essentials: Mitigate risk & stay secure

With cyber threats constantly evolving, understanding the essentials of IT risk management is crucial for businesses of ...
date-icon

Jun 12, 2024

location

Virtual

Register Now
See all webinars

Latest Answers

How does 6clicks support effective softw...

6clicks supports effective software vulnerability ...

What are the key steps involved in the i...

The internal audit process using 6clicks involves ...

What should be included in an ISO audit ...

An ISO audit checklist for cybersecurity complianc...

{tableName=glossary, name=NIST 800-53 Risk Assessment, description= NIST 800-53 Risk Assessment is a comprehensive process used to identify, assess, and manage the security risks associated with the use, processing, storage, and transmission of information and information systems. It involves analyzing the security controls in place, evaluating the potential threats and vulnerabilities, and determining the appropriate risk mitigation strategies. This process is designed to ensure that the organization has the appropriate security controls in place to protect its information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. The risk assessment should be conducted on a regular basis to ensure that the organization’s security posture is up to date and that any new threats or vulnerabilities have been identified and addressed. The NIST 800-53 Risk Assessment approach helps organizations to identify and address security risks in a timely and cost-effective manner., topic=[{id=97620570515, createdAt=1673040885373, updatedAt=1715624498921, path='nist-sp-800-53', name=' NIST SP 800-53 Security Guide: Protect Your Data', 1='{type=string, value=NIST SP 800-53}', 2='{type=string, value= This guide provides a comprehensive overview of NIST SP 800-53, a security and privacy control framework for federal information systems and organizations. Learn how to protect your data and comply with NIST}', 5='{type=string, value=This authoritative guide is based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, which provides guidance for federal agencies on selecting, implementing, and managing information security controls. The guide covers a wide range of topics, including risk assessment, security control selection, security control implementation, and security control monitoring. It also provides detailed information on the security controls that should be implemented in the organization, as well as guidance on how to assess and monitor the effectiveness of those controls. Additionally, the guide provides detailed information on the Federal Information Security Management Act (FISMA) and its requirements for information security. The guide is intended to help organizations ensure that their information systems are secure and compliant with applicable laws and regulations.}', 15='{type=list, value=[{id=97620570515, name='NIST SP 800-53'}]}'}], hs_path=nist-800-53-risk-assessment}--
{tableName=glossary, name=Threat Modeling Frameworks And Methodologies, description= Threat Modeling Frameworks and Methodologies are a set of concepts, processes, and techniques used to identify, analyze, and respond to potential threats to an organization’s information systems. These frameworks and methodologies are designed to help organizations better understand their security posture and identify areas of vulnerability. The goal of threat modeling is to provide an organized approach to understanding the threats that an organization faces and to provide a framework for taking appropriate actions to reduce or eliminate those threats. A threat model typically includes a threat assessment, risk analysis, and a strategy for mitigating any identified threats. The assessment typically includes identifying the assets that need to be protected, the threats posed to those assets, the likelihood of those threats, and the potential impact of those threats. Risk analysis includes understanding the potential risks associated with each threat, the potential cost of those risks, and the potential mitigation strategies available. Finally, the strategy for mitigating threats includes a plan for deploying countermeasures and monitoring the effectiveness of those countermeasures., topic=[{id=97620570512, createdAt=1673040885353, updatedAt=1715624422147, path='vulnerability-management', name='Vulnerability Management Guide: Learn to Protect Your Business', 1='{type=string, value=Vulnerability Management}', 2='{type=string, value= Learn how to identify, assess, and manage security vulnerabilities in your organization with this comprehensive guide to Vulnerability Management. Get started now!}', 5='{type=string, value=This Vulnerability Management Guide provides an authoritative overview of the processes, strategies, and best practices for effectively managing vulnerabilities in an organization's IT systems. It explains the importance of vulnerability management and outlines the steps needed to build an effective vulnerability management program. It also covers the various tools and techniques used to identify, assess, and remediate vulnerabilities, as well as the importance of monitoring and reporting on the program's progress. Finally, the guide provides guidance on how to select the appropriate security solutions for an organization's needs. By following the advice in this guide, organizations can ensure that their systems are secure and their data is protected.}', 15='{type=list, value=[{id=97620570512, name='Vulnerability Management'}]}'}], hs_path=threat-modeling-frameworks-and-methodologies}--
{tableName=glossary, name=Business Continuity, description= Business Continuity is a comprehensive approach to ensuring that an organization is able to maintain its essential operations and services in the face of any type of disruption or disaster. This includes planning for and responding to any kind of disruption, such as natural disasters, cyber-attacks, power outages, or system failures, and ensuring that the organization is able to quickly and effectively recover from these events. Business Continuity plans involve identifying critical business functions, prioritizing them, and developing strategies to keep them running during a disruption. These plans also include developing plans to back up and restore data, establishing procedures to protect vital records and information, and creating a system to communicate with employees during a disruption., topic=[{id=97620570528, createdAt=1673040885452, updatedAt=1715624222504, path='cybersecurity-risk-management', name=' Cybersecurity Risk Management: A Guide for Businesses', 1='{type=string, value=Cybersecurity Risk Management}', 2='{type=string, value= This guide provides essential information on cyber security risk management, including how to identify, assess, and mitigate risks to your organization's data and systems. Learn how to create a cyber security strategy that}', 5='{type=string, value=This Cybersecurity Risk Management Guide is designed to provide an authoritative overview of the key concepts and processes associated with effective cybersecurity risk management. It provides an introduction to the principles of risk management and the key steps involved in developing a successful risk management plan. It outlines the importance of understanding the threats and vulnerabilities that exist in the digital environment, as well as the steps that can be taken to mitigate these risks. It also discusses the need to develop a culture of security within an organization and the role of leadership in setting the tone for a secure environment. Finally, the guide provides guidance on the selection and implementation of security technologies, as well as the monitoring and review of risk management processes. This guide is an essential resource for anyone looking to understand and manage risks associated with cyber threats.}', 15='{type=list, value=[{id=97620570528, name='Cybersecurity Risk Management'}]}'}], hs_path=business-continuity}--
{tableName=glossary, name=Risk Management Tool, description= Risk Management Tool is a system or process used to identify, assess, and prioritize risks associated with a particular activity, project, or business venture in order to reduce or eliminate potential losses. Risk Management Tools help organizations identify and analyze potential risks, develop strategies to reduce or manage those risks, and monitor the effectiveness of those strategies. Risk Management Tools can include a variety of methods and techniques, such as risk analysis, risk assessment, risk control, risk avoidance, and risk transfer. Risk Management Tools can also include tools for monitoring and reporting on risk, such as an enterprise risk management system. Risk Management Tools are used to ensure that organizations are aware of the risks associated with their activities, and that those risks are managed effectively., topic=[{id=97620570509, createdAt=1673040885334, updatedAt=1715624292575, path='enterprise-risk-management', name=' Enterprise Risk Management Guide: A Comprehensive Guide', 1='{type=string, value=Enterprise Risk Management}', 2='{type=string, value= This guide provides an overview of Enterprise Risk Management and its processes, enabling you to develop a risk management strategy and plan for your organization. Learn how to identify, assess, and mitigate risks.}', 5='{type=string, value=This authoritative guide provides an overview of enterprise risk management (ERM) and its essential components. It is designed to help business leaders understand the fundamentals of ERM and develop the skills and knowledge needed to effectively manage risk in their organizations. The guide begins by defining ERM and outlining its main objectives. It then examines the key elements of ERM, including risk identification, assessment, and management. It also covers the importance of risk culture and the role of technology in ERM. Finally, the guide provides best practices for implementing and maintaining an effective ERM program. With this guide, business leaders will gain the knowledge and tools needed to effectively manage risk in their organizations.}', 15='{type=list, value=[{id=97620570509, name='Enterprise Risk Management'}]}'}], hs_path=risk-management-tool}--
{tableName=glossary, name=ISO/IEC 27102, description= ISO/IEC 27102 is an international standard for privacy information management systems (PIMS) developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). This standard is designed to provide organizations with a framework for developing and implementing a comprehensive privacy program that will protect personal data. The standard provides guidance on the collection, processing, storage, use, disclosure, and disposal of personal data. It also provides guidance on the development of policies and procedures to ensure that organizations are compliant with applicable privacy laws and regulations. The standard includes requirements for the protection of personal data, such as the establishment of a privacy impact assessment (PIA) process, the development of privacy policies and procedures, and the implementation of privacy management systems. In addition, it provides guidance on the use of privacy enhancing technologies (PETs) and the development of privacy education and awareness programs., topic=null, hs_path=iso-iec-27102}--
{tableName=glossary, name=ISO/IEC 27002:2022 Controls, description= ISO/IEC 27002:2022 Controls, also known as the Code of Practice for Information Security Controls, is a framework of security controls developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It provides a set of security controls and guidelines for organizations to follow to ensure the security of their information systems and data. The framework includes a list of security controls and procedures that organizations should implement to protect their information assets. The controls include physical, technical, and administrative measures that organizations should take to protect their information systems and data from unauthorized access, use, disclosure, modification, and destruction. The framework also provides guidance on how to assess, monitor, and review the effectiveness of the security controls. Additionally, the framework provides guidance on how to develop, implement, and maintain an information security management system., topic=null, hs_path=iso-iec-270022022-controls}--
NIST SP 800-53
NIST 800-53 Risk Assessment

NIST 800-53 Risk Assessment is a comprehensive process used to identify, assess, and manage the secu...

Vulnerability Management
Threat Modeling Frameworks And Methodologies

Threat Modeling Frameworks and Methodologies are a set of concepts, processes, and techniques used t...

Cybersecurity Risk Management
Business Continuity

Business Continuity is a comprehensive approach to ensuring that an organization is able to maintain...

Enterprise Risk Management
Risk Management Tool

Risk Management Tool is a system or process used to identify, assess, and prioritize risks associate...

ISO/IEC 27102

ISO/IEC 27102 is an international standard for privacy information management systems (PIMS) develop...

ISO/IEC 27002:2022 Controls

ISO/IEC 27002:2022 Controls, also known as the Code of Practice for Information Security Controls, i...

eBooks

Revolutionizing GRC with AI: Harnes...

eBook

Revolutionizing GRC with AI: Harnessing the power of LLM and RAG technologies

Download
GRC 5.0: Explaining the Paradigm Sh...

eBook

GRC 5.0: Explaining the Paradigm Shift in GRC

In this eBook, 6clicks CEO, Anthony Stevens, covers the major paradigm shift in GRC, integrating your risk approach, ma...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks