Skip to content

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Webinars

Building intelligent vendor risk pr...

On-demand Webinar

Building intelligent vendor risk programs

Discover how to revolutionize your vendor risk management (VRM) processes with 6clicks' comprehensive solution in our on...
date-icon

May 29, 2024

location

Virtual

Q2 product showcase: Discover the n...

On-demand Webinar

Q2 product showcase: Discover the next wave of innovation

Join us for an exclusive webinar where our product managers unveil the latest advancements in our platform and provide i...
date-icon

Apr 17, 2024

location

Virtual

Introducing Hailey Assist: Your con...

On-demand Webinar

Introducing Hailey Assist: Your conversational AI assistant for GRC

Discover the power of Hailey Assist in our on-demand webinar. Learn how this conversational AI assistant revolutionizes ...
date-icon

Mar 28, 2024

location

Virtual

See all webinars
{tableName=comparison, name=ISO 27001 vs SOC 2, description= ISO 27001 and SOC 2 are two global standards for information security management. Learn the key differences between them., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-27001-vs-soc-2}--
{tableName=glossary, name=ISO/IEC 27001 Or ISO/IEC 27018, description= ISO/IEC 27001 is an international standard developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) for information security management systems (ISMS). It provides a framework of specifications and best practices for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an ISMS. It is designed to help organizations ensure the confidentiality, integrity and availability of their information assets. The standard is divided into 14 clauses and is based on a process approach, with the main focus being on risk management. It requires organizations to identify and manage risks to their information assets, and to establish controls to mitigate those risks. ISO/IEC 27001 also requires organizations to define security policies and procedures, and to ensure that those policies and procedures are followed. ISO/IEC 27018 is a code of practice for the protection of personal data in the cloud. It provides a set of security controls and procedures that cloud service providers must implement when processing personal data. The code is based on the ISO/IEC 27001 ISMS and is designed to ensure that personal data is adequately protected and managed. It covers areas such as data security, data privacy, data security breach notification, data transfer, and data retention., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-or-iso-iec-27018}--
{tableName=comparison, name=NIST CSF vs ISO 27001, description= Understand the differences between the NIST Cybersecurity Framework (CSF) and ISO 27001, two of the most widely used security frameworks. , topic=[{id=97620570503, createdAt=1673040885296, updatedAt=1715624266851, path='nist-cybersecurity-framework-csf', name=' NIST Cybersecurity Framework: A Comprehensive Guide', 1='{type=string, value=NIST Cybersecurity Framework (CSF)}', 2='{type=string, value= A comprehensive guide to the NIST Cybersecurity Framework (CSF) and how to use it to protect your organization's IT infrastructure and data. Learn best practices and tips to help you improve}', 5='{type=string, value=This authoritative guide provides an overview of the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). The guide will provide an in-depth look at the five core functions of the CSF, which are Identify, Protect, Detect, Respond, and Recover. It will also explain the importance of the CSF and how it can help organizations of all sizes to protect their networks and data from cyber threats. The guide will also provide an overview of the various tools and resources available to help organizations implement the CSF, as well as best practices for using the framework to ensure the security of their systems. Finally, the guide will provide a comprehensive look at the various roles and responsibilities associated with the CSF, including the roles of the organization, its employees, and external partners. This guide is an essential resource for any organization looking to protect its networks and data from the ever-evolving cyber threats.}', 15='{type=list, value=[{id=97620570503, name='NIST Cybersecurity Framework (CSF)'}]}'}], hs_path=nist-cybersecurity-framework-csf-vs-iso-27001}--
{tableName=glossary, name=Risk Management Framework, description= Risk Management Framework is a set of processes, policies, and tools used to identify, assess, monitor, and control risks associated with an organization’s activities. It is designed to help organizations manage the risks associated with their operations in order to minimize their potential impact on the organization's objectives. The framework typically includes the following components: risk identification, risk assessment, risk control, risk monitoring, and risk communication. Risk identification involves identifying potential risks and assigning them to specific categories. Risk assessment involves evaluating the probability and potential impact of the identified risks. Risk control involves implementing strategies to mitigate the identified risks. Risk monitoring involves tracking the progress of risk management activities. Risk communication involves informing stakeholders of the status of risk management activities. The Risk Management Framework is an integral part of an organization's overall risk management strategy and is necessary to ensure the organization is prepared to handle the risks associated with its operations., topic=[{id=97620570509, createdAt=1673040885334, updatedAt=1715624292575, path='enterprise-risk-management', name=' Enterprise Risk Management Guide: A Comprehensive Guide', 1='{type=string, value=Enterprise Risk Management}', 2='{type=string, value= This guide provides an overview of Enterprise Risk Management and its processes, enabling you to develop a risk management strategy and plan for your organization. Learn how to identify, assess, and mitigate risks.}', 5='{type=string, value=This authoritative guide provides an overview of enterprise risk management (ERM) and its essential components. It is designed to help business leaders understand the fundamentals of ERM and develop the skills and knowledge needed to effectively manage risk in their organizations. The guide begins by defining ERM and outlining its main objectives. It then examines the key elements of ERM, including risk identification, assessment, and management. It also covers the importance of risk culture and the role of technology in ERM. Finally, the guide provides best practices for implementing and maintaining an effective ERM program. With this guide, business leaders will gain the knowledge and tools needed to effectively manage risk in their organizations.}', 15='{type=list, value=[{id=97620570509, name='Enterprise Risk Management'}]}'}], hs_path=risk-management-framework}--
{tableName=glossary, name=ISO/IEC /IEC 27001:2017, description= ISO/IEC 27001:2017 is an international standard that provides specifications and guidance for organizations to establish, maintain, and continually improve an information security management system (ISMS). It is designed to help organizations protect their information assets and prevent unauthorized access, disclosure, destruction, or loss of data. The standard is based on a risk management approach and provides a framework for organizations to identify, assess, and manage their information security risks. It also provides guidance on how to select and implement appropriate security controls to protect and secure information assets. Organizations that meet the requirements of ISO/IEC 27001:2017 can demonstrate to customers, suppliers, and other stakeholders that they have taken appropriate measures to protect their information assets., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-iec-270012017}--
{tableName=guides, name=Regulatory Compliance, description=This guide provides an overview of the regulations and compliance requirements for businesses in the US, UK, AU and EU. Learn how to stay compliant and protect your business from potential legal issues., topic=null, hs_path=regulatory-compliance}--

eBooks

GRC 5.0: Explaining the Paradigm Sh...

eBook

GRC 5.0: Explaining the Paradigm Shift in GRC

In this eBook, 6clicks CEO, Anthony Stevens, covers the major paradigm shift in GRC, integrating your risk approach, ma...
GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...