Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
Responding to Australia's new critical infrastructure laws
On-demand Webinar

Responding to Australia's new critical infrastruct...

Join industry experts Andrew Robinson, Matthew Chantrell and Ryan Turan to share their insights into how to automate and manage your compliance with A...

On-Demand Webinar

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Register Now
Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

Register Now
How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

Register Now
See all webinars

Latest Answers

ASD Essential 8

Who has to comply with ASD Essential 8?

What is ASD Essential 8? The Australian Signals Di...

NIST Cybersecurity Framework (CSF)

Is NIST a standard or framework?

What is NIST? NIST, which stands for the National ...

ASD Essential 8

What is the ASD Essential Eight model?

What is the ASD essential eight model? The ASD Ess...

{tableName=glossary, name=AFSL Authorised Representative, description= An AFSL Authorised Representative is an individual or organisation that has been authorised by an Australian Financial Services Licence (AFSL) holder to provide financial services on their behalf. They are responsible for ensuring that the services they provide comply with the relevant laws, regulations and standards set out by the AFSL holder. They must also be adequately trained and qualified to provide the services they are authorised to provide. AFSL Authorised Representatives are typically required to have an appropriate level of insurance coverage in place to protect their clients from any losses that may occur as a result of their services. They must also adhere to the terms of the AFSL holder's agreement and any other legal requirements., topic=null, hs_path=afsl-authorised-representative}--
{tableName=comparison, name=ISO 27001 vs SOC 2, description= ISO 27001 and SOC 2 are two global standards for information security management. Learn the key differences between them., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='null'}]}'}], hs_path=iso-27001-vs-soc-2}--
{tableName=glossary, name=Types Of Insider Threat Actors, description= Types of Insider Threat Actors are individuals or groups of people who have legitimate access to an organization’s resources, networks, and systems, but who use that access to cause harm to the organization or its stakeholders. These individuals are often motivated by financial gain, revenge, or political or ideological beliefs. They may also be motivated by a desire to steal sensitive information, disrupt operations, or damage the organization’s reputation. Types of Insider Threat Actors include malicious insiders, negligent insiders, and compromised insiders. Malicious insiders are those individuals who deliberately use their access to cause harm to the organization or its stakeholders. Negligent insiders are those individuals who unintentionally cause harm due to their lack of security awareness or understanding of the organization’s security policies. Compromised insiders are those individuals who are tricked or coerced into providing access to the organization’s resources, networks, and systems., topic=null, hs_path=types-of-insider-threat-actors}--
{tableName=glossary, name=BS 10012, description= BS 10012 is a British Standard that provides a framework for organizations to manage and protect personal data. It outlines the requirements for a personal information management system (PIMS) which is designed to ensure the security, integrity and confidentiality of personal data. The standard covers the areas of data governance, data protection, data quality and data security. It provides guidance on how to identify, collect, store, process, use, protect and dispose of personal data. It also outlines the roles and responsibilities of those involved in the management of personal data and provides recommendations for the implementation of a PIMS. BS 10012 is intended to help organizations comply with data protection legislation and to ensure that personal data is handled responsibly and securely., topic=null, hs_path=bs-10012}--
{tableName=glossary, name=Risk Mitigation, description= Risk mitigation is the process of identifying, assessing, and reducing the potential for negative impacts of risks to an organization's objectives. It involves developing strategies to manage the risks and implementing those strategies to reduce the likelihood of their occurrence and/or the severity of their impact. Risk mitigation strategies can include risk avoidance, risk transfer, risk sharing, risk reduction, risk acceptance, and risk control. Risk avoidance involves eliminating or avoiding activities or situations that could result in the risk. Risk transfer involves transferring the risk to another party, such as an insurance company, who will assume the risk in exchange for a fee. Risk sharing involves sharing the risk between parties, such as when two companies form a joint venture. Risk reduction involves reducing the likelihood of the risk occurring or the severity of its impact. Risk acceptance involves accepting the risk and taking no action to reduce it. Risk control involves implementing measures to reduce the risk, such as implementing safety protocols or installing security systems., topic=[{id=97620570509, createdAt=1673040885334, updatedAt=1683947919413, path='enterprise-risk-management', name=' Enterprise Risk Management Guide: A Comprehensive Guide', 1='{type=string, value=Enterprise Risk Management}', 2='{type=string, value= This guide provides an overview of Enterprise Risk Management and its processes, enabling you to develop a risk management strategy and plan for your organization. Learn how to identify, assess, and mitigate risks.}', 5='{type=string, value=This authoritative guide provides an overview of enterprise risk management (ERM) and its essential components. It is designed to help business leaders understand the fundamentals of ERM and develop the skills and knowledge needed to effectively manage risk in their organizations. The guide begins by defining ERM and outlining its main objectives. It then examines the key elements of ERM, including risk identification, assessment, and management. It also covers the importance of risk culture and the role of technology in ERM. Finally, the guide provides best practices for implementing and maintaining an effective ERM program. With this guide, business leaders will gain the knowledge and tools needed to effectively manage risk in their organizations.}'}], hs_path=risk-mitigation}--
{tableName=glossary, name=Australian Cyber Security Centre (ACSC), description= The Australian Cyber Security Centre (ACSC) is a government agency that works to protect Australia’s national security interests in cyberspace. It is a joint venture between the Australian Signals Directorate, the Australian Security Intelligence Organisation, the Australian Federal Police, and the Department of Home Affairs. The ACSC works to protect Australia’s national security interests in cyberspace by providing advice and assistance to government, industry and the public on cyber security. It is responsible for developing strategies to protect Australia’s critical infrastructure, managing cyber security incidents, and providing advice on how to respond to cyber threats and attacks. The ACSC also works with industry and the public to help them protect their digital assets and reduce their risk of cyber threats. It provides resources and guidance on cyber security best practices, as well as information on current cyber security threats. The ACSC works closely with other government agencies, industry and the public to ensure Australia’s cyber security is maintained and improved., topic=null, hs_path=australian-cyber-security-centre-acsc}--
AFSL Authorised Representative

An AFSL Authorised Representative is an individual or organisation that has been authorised by an Au...

ISO 27001
ISO 27001 vs SOC 2

ISO 27001 and SOC 2 are two global standards for information security management. Learn the key diff...

Types Of Insider Threat Actors

Types of Insider Threat Actors are individuals or groups of people who have legitimate access to an ...

BS 10012

BS 10012 is a British Standard that provides a framework for organizations to manage and protect per...

Enterprise Risk Management
Risk Mitigation

Risk mitigation is the process of identifying, assessing, and reducing the potential for negative im...

Australian Cyber Security Centre (ACSC)

The Australian Cyber Security Centre (ACSC) is a government agency that works to protect Australia’s...

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Download
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks