Skip to content
🚨 Upcoming webinar: AI and the Future of GRC featuring Ant Stevens and Michael Rasmussen 🚨

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risk, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
Responding to Australia's new critical infrastructure laws
On-demand Webinar

Responding to Australia's new critical infrastruct...

Join industry experts Andrew Robinson, Matthew Chantrell and Ryan Turan to share their insights into how to automate and manage your compliance with A...

Webinars

Unlocking smart value for MSPs: Fro...

On-demand Webinar

Unlocking smart value for MSPs: From assessment to full vCISO services

Join us for a webinar designed for Managed Service Providers (MSPs) to explore how 6clicks can transform your services. ...
date-icon

Jul 17, 2024

location

Virtual

Register Now
A look behind the scenes at the GRC...

On-demand Webinar

A look behind the scenes at the GRC practices of an AI-powered GRC company

Discover the inner workings of 6clicks' Governance, Risk, and Compliance (GRC) practices with our exclusive on-demand we...
date-icon

Jul 12, 2024

location

Virtual

Register Now
IT risk management essentials: Miti...

On-demand Webinar

IT risk management essentials: Mitigate risk & stay secure

With cyber threats constantly evolving, understanding the essentials of IT risk management is crucial for businesses of ...
date-icon

Jun 12, 2024

location

Virtual

Register Now
See all webinars

Latest Answers

How does 6clicks support effective softw...

6clicks supports effective software vulnerability ...

What are the key steps involved in the i...

The internal audit process using 6clicks involves ...

What should be included in an ISO audit ...

An ISO audit checklist for cybersecurity complianc...

{tableName=glossary, name=UK Cyber Essentials, description= UK Cyber Essentials is a government-backed scheme designed to help organisations protect themselves against common cyber threats. It provides a set of simple, but effective, safeguards to help organisations protect their data, systems and networks from the most common cyber threats. It is the minimum standard for cyber security in the UK and is a mandatory requirement for organisations that handle sensitive information or provide certain types of services. The scheme consists of five key controls, which are: boundary firewalls and internet gateways; secure configuration; access control; malware protection; and patch management. These five controls are designed to protect organisations from the most common cyber threats, such as phishing attacks, malware infections, and unauthorised access to systems and networks. The scheme also provides guidance on how organisations can protect themselves from more sophisticated cyber threats. It is designed to be simple to implement and maintain, and is suitable for organisations of all sizes., topic=null, hs_path=uk-cyber-essentials}--
{tableName=glossary, name=PCI DSS, description= PCI DSS (Payment Card Industry Data Security Standard) is an information security standard for organizations that handle credit card and debit card information. It was created by major credit card companies such as Visa, MasterCard, American Express, and Discover, to ensure that all merchants and service providers who accept, process, store, or transmit credit card information do so securely and protect customers’ data from theft and fraud. PCI DSS outlines twelve requirements for organizations to follow in order to protect cardholder data, including maintaining a secure network, protecting cardholder data, regularly monitoring and testing networks, and maintaining an information security policy. It also requires organizations to assign a unique ID to each person with computer access, restrict physical access to cardholder data, and regularly monitor and test networks. PCI DSS applies to all organizations that accept, process, store, or transmit credit card information, regardless of size or number of transactions. Compliance with PCI DSS is mandatory for any organization that handles credit card information, and failure to comply may result in fines, penalties, and loss of the ability to accept credit cards., topic=[{id=97620570502, createdAt=1673040885290, updatedAt=1715624259698, path='pci-dss', name=' PCI-DSS: A Guide to Meeting Security Requirements', 1='{type=string, value=PCI-DSS}', 2='{type=string, value=This guide provides an overview of the Payment Card Industry Data Security Standard (PCI-DSS) and the steps to take to ensure compliance with}', 5='{type=string, value=

This comprehensive guide provides a comprehensive overview of the Payment Card Industry Data Security Standard (PCI-DSS), a set of security standards designed to protect cardholder data and reduce the risk of data breaches. It covers the key components of the PCI-DSS, including the 12 requirements, the 6 goals, and the 6 core principles. It also provides a detailed description of the processes, technologies, and tools required to comply with the standard. Furthermore, the guide includes best practices for implementing the standard and provides resources to help organizations stay on top of the latest developments in the industry.

This guide provides a roadmap for achieving PCI-DSS compliance and maintaining a secure environment.

}', 15='{type=list, value=[{id=97620570502, name='PCI-DSS'}]}'}], hs_path=pci-dss}--
{tableName=glossary, name=Notifiable data breach, description= A notifiable data breach is an incident where there is unauthorized access to, or disclosure, of personal information, or a reasonable belief exists that such unauthorized access or disclosure has occurred. This type of breach is required to be reported to the relevant data protection authority or other regulatory body, depending on the jurisdiction in which it occurs. It can also be reported to the individuals whose data has been exposed, and to the public in some circumstances. Notifiable data breaches can occur due to a variety of reasons, including cyber-attacks, malicious insiders, human error, and system or process failures. The data involved can range from financial information and health records to intellectual property and other sensitive information. The consequences of a notifiable data breach can be significant, ranging from financial losses to reputational damage, and even regulatory fines in some cases. As such, organizations must have robust data security measures in place to protect against unauthorized access and disclosure of personal information, and they must be aware of the potential consequences of a data breach., topic=null, hs_path=notifiable-data-breach}--
{tableName=glossary, name=Risk Financing, description= Risk financing is a type of financial management strategy used to protect an organization from the financial impact of losses due to risks. It involves a combination of risk transfer, risk retention, and risk control measures to manage the costs associated with potential losses. Risk transfer is the process of transferring the financial responsibility of a risk to another party, such as an insurance company. Risk retention is the process of keeping the financial responsibility for a risk within the organization, such as through self-insurance or a risk pool. Risk control is the process of implementing measures to reduce the likelihood of a risk occurring. Risk financing also includes the use of financial instruments, such as hedging, to manage the financial impact of risks., topic=[{id=97620570509, createdAt=1673040885334, updatedAt=1715624292575, path='enterprise-risk-management', name=' Enterprise Risk Management Guide: A Comprehensive Guide', 1='{type=string, value=Enterprise Risk Management}', 2='{type=string, value= This guide provides an overview of Enterprise Risk Management and its processes, enabling you to develop a risk management strategy and plan for your organization. Learn how to identify, assess, and mitigate risks.}', 5='{type=string, value=This authoritative guide provides an overview of enterprise risk management (ERM) and its essential components. It is designed to help business leaders understand the fundamentals of ERM and develop the skills and knowledge needed to effectively manage risk in their organizations. The guide begins by defining ERM and outlining its main objectives. It then examines the key elements of ERM, including risk identification, assessment, and management. It also covers the importance of risk culture and the role of technology in ERM. Finally, the guide provides best practices for implementing and maintaining an effective ERM program. With this guide, business leaders will gain the knowledge and tools needed to effectively manage risk in their organizations.}', 15='{type=list, value=[{id=97620570509, name='Enterprise Risk Management'}]}'}], hs_path=risk-financing}--
{tableName=glossary, name=Internet Of Things (IOT), description= The Internet of Things (IOT) is a network of physical objects, or things, embedded with electronics, software, sensors, and network connectivity that enables these objects to collect and exchange data. This data is sent over a network, usually the Internet, and can be used to control, monitor, and track the objects. The IOT creates an environment of interconnectivity between physical objects, allowing them to communicate with each other and with a central server, creating a vast network of connected devices. This network of devices can be used to automate and improve everyday activities, such as home automation, security, health and fitness, and transportation. IOT can also be used to create new business models and applications, such as smart cities, connected cars, and smart homes. The IOT is transforming the way we interact with the world around us and is expected to revolutionize the way businesses operate in the future., topic=null, hs_path=internet-of-things-iot}--
{tableName=glossary, name=Wardriving, description= Wardriving is a type of hacking that involves using a vehicle to search for and map wireless networks. It involves driving around with a laptop or other device that is equipped with a wireless network card, and scanning for wireless networks. The hacker then records the network's name, signal strength, and encryption type and stores it in a database. This information can be used to gain access to the network, if it is not properly secured. Wardriving is often used to gain access to networks with weak security, or to gain access to networks that are not owned by the hacker. It can also be used to identify vulnerable networks that can be used for malicious purposes. Wardriving is illegal in some countries, and can result in criminal charges for the perpetrator., topic=[{id=97620570512, createdAt=1673040885353, updatedAt=1715624422147, path='vulnerability-management', name='Vulnerability Management Guide: Learn to Protect Your Business', 1='{type=string, value=Vulnerability Management}', 2='{type=string, value= Learn how to identify, assess, and manage security vulnerabilities in your organization with this comprehensive guide to Vulnerability Management. Get started now!}', 5='{type=string, value=This Vulnerability Management Guide provides an authoritative overview of the processes, strategies, and best practices for effectively managing vulnerabilities in an organization's IT systems. It explains the importance of vulnerability management and outlines the steps needed to build an effective vulnerability management program. It also covers the various tools and techniques used to identify, assess, and remediate vulnerabilities, as well as the importance of monitoring and reporting on the program's progress. Finally, the guide provides guidance on how to select the appropriate security solutions for an organization's needs. By following the advice in this guide, organizations can ensure that their systems are secure and their data is protected.}', 15='{type=list, value=[{id=97620570512, name='Vulnerability Management'}]}'}], hs_path=wardriving}--
UK Cyber Essentials

UK Cyber Essentials is a government-backed scheme designed to help organisations protect themselves ...

PCI-DSS
PCI DSS

PCI DSS (Payment Card Industry Data Security Standard) is an information security standard for organ...

Notifiable data breach

A notifiable data breach is an incident where there is unauthorized access to, or disclosure, of per...

Enterprise Risk Management
Risk Financing

Risk financing is a type of financial management strategy used to protect an organization from the f...

Internet Of Things (IOT)

The Internet of Things (IOT) is a network of physical objects, or things, embedded with electronics,...

Vulnerability Management
Wardriving

Wardriving is a type of hacking that involves using a vehicle to search for and map wireless network...

eBooks

Revolutionizing GRC with AI: Harnes...

eBook

Revolutionizing GRC with AI: Harnessing the power of LLM and RAG technologies

Download
GRC 5.0: Explaining the Paradigm Sh...

eBook

GRC 5.0: Explaining the Paradigm Shift in GRC

In this eBook, 6clicks CEO, Anthony Stevens, covers the major paradigm shift in GRC, integrating your risk approach, ma...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks