Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
Ready or not, here comes CMMC 2.0
On-demand Webinar

Ready or not, here comes CMMC 2.0

Join our esteemed panel of presenters for an informative session on the new Cybersecurity Maturity Model Certification (CMMC) 2.0 standards. Dr. Heath...

On-Demand Webinar

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Register Now
Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

Register Now
How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

Register Now
See all webinars

Latest Answers

ASD Essential 8

Who has to comply with ASD Essential 8?

What is ASD Essential 8? The Australian Signals Di...

NIST Cybersecurity Framework (CSF)

Is NIST a standard or framework?

What is NIST? NIST, which stands for the National ...

ASD Essential 8

What is the ASD Essential Eight model?

What is the ASD essential eight model? The ASD Ess...

{tableName=glossary, name=ISO/IEC 27001 Audit, description= An ISO/IEC 27001 Audit is a type of audit that evaluates an organization’s Information Security Management System (ISMS) to determine if it meets the requirements of the ISO/IEC 27001:2013 standard. This standard is an international standard that outlines the requirements for establishing, implementing, maintaining, and continually improving an ISMS. An ISO/IEC 27001 Audit is conducted by a third-party assessor who evaluates the organization’s ISMS against the requirements of the standard. The audit includes a review of the organization’s policies, procedures, and processes related to information security and a review of the organization’s implementation of the ISMS. The auditor also evaluates the effectiveness of the organization’s security controls and the extent to which the ISMS meets the requirements of the standard. The audit results in a report that outlines the findings and provides recommendations for improvement. The report can be used by the organization to make improvements to their ISMS and to demonstrate to stakeholders that the organization is compliant with the ISO/IEC 27001 standard., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='null'}]}'}], hs_path=iso-iec-27001-audit}--
{tableName=comparison, name=APRA CPS 234 vs ISO 27001, description= APRA CPS 234 & ISO 27001: Compare & contrast Australia's Prudential Standard 234 & International Standard 27001 to understand the differences & similarities., topic=[{id=97620570527, createdAt=1673040885446, updatedAt=1683947990333, path='apra-cps-234', name=' APRA CPS 234 Guide: Cyber Security Requirements', 1='{type=string, value=APRA CPS 234}', 2='{type=string, value= This guide provides a comprehensive overview of APRA CPS 234, the Australian Prudential Regulation Authority's (APRA) requirements for information security management. Learn how to protect your organisation's data}', 5='{type=string, value=The APRA CPS 234 Guide provides authoritative guidance to help organizations implement effective cybersecurity strategies. Written by the Australian Prudential Regulation Authority (APRA), this guide outlines the essential elements of a cyber security framework and outlines best practices for protecting data and systems from cyber threats. It provides detailed guidance on how to assess risk, implement safeguards, and respond to cyber incidents. The guide also includes information on how to develop policies and procedures, educate staff, and monitor cyber security performance. With this guide, organizations can ensure that their systems are secure and their data is protected.}'}], hs_path=apra-cps-234-vs-iso-27001}--
{tableName=glossary, name=Association of International Certified Professional Accountants (AICPA), description= The Association of International Certified Professional Accountants (AICPA) is an organization that represents the global accounting profession. It is the world’s largest accounting body, with more than 650,000 members in over 130 countries. Its members include CPAs, Chartered Professional Accountants (CPAs) and Certified Management Accountants (CMAs). The AICPA sets the ethical and technical standards for the accounting profession, and provides guidance and resources to help its members stay current on changes in the profession. It also offers educational and certification programs, such as the CPA Exam and the CMA Exam, as well as continuing professional education. The AICPA also advocates for the profession and works to promote the public interest by advocating for sound financial reporting and disclosure, and by advocating for the protection of the public’s financial interests. It also works to ensure that the public has access to accurate and reliable financial information., topic=null, hs_path=association-of-international-certified-professional-accountants-aicpa}--
{tableName=glossary, name=Cyber Resiliency, description= Cyber Resiliency is the ability of an organization or individual to maintain or quickly recover from a cyber attack or other cyber incident. It is the process of planning, preparing, and responding to cyber security threats or incidents in order to reduce the impact of the attack and ensure the continuity of operations and services. Cyber Resiliency involves proactive risk management, incident response, and post-incident recovery activities. This includes the development of policies and procedures, the implementation of technical solutions, and the training of personnel in order to mitigate the risk of a cyber attack. Cyber Resiliency also includes the ability to detect, respond to, and recover from an attack in a timely manner, as well as the ability to restore normal operations and services as quickly and efficiently as possible., topic=null, hs_path=cyber-resiliency}--
{tableName=glossary, name=IT Security, description= IT Security is a broad term that encompasses the processes, technologies, and practices designed to protect networks, devices, programs, and data from unauthorized access, malicious attack, and other security risks. It includes measures such as firewalls, antivirus software, encryption, and access control to prevent unauthorized users from accessing or manipulating sensitive information or systems. IT Security also includes policies and procedures to ensure that all users, systems, and data are secure and compliant with applicable laws and regulations. It also includes processes to detect, respond to, and mitigate security incidents such as data breaches, malware, and phishing attacks. Ultimately, IT Security is designed to protect organizations from malicious actors and threats to their networks, systems, data, and users., topic=[{id=97620570528, createdAt=1673040885452, updatedAt=1683947994134, path='cybersecurity-risk-management', name=' Cybersecurity Risk Management: A Guide for Businesses', 1='{type=string, value=Cybersecurity Risk Management}', 2='{type=string, value= This guide provides essential information on cyber security risk management, including how to identify, assess, and mitigate risks to your organization's data and systems. Learn how to create a cyber security strategy that}', 5='{type=string, value=This Cybersecurity Risk Management Guide is designed to provide an authoritative overview of the key concepts and processes associated with effective cybersecurity risk management. It provides an introduction to the principles of risk management and the key steps involved in developing a successful risk management plan. It outlines the importance of understanding the threats and vulnerabilities that exist in the digital environment, as well as the steps that can be taken to mitigate these risks. It also discusses the need to develop a culture of security within an organization and the role of leadership in setting the tone for a secure environment. Finally, the guide provides guidance on the selection and implementation of security technologies, as well as the monitoring and review of risk management processes. This guide is an essential resource for anyone looking to understand and manage risks associated with cyber threats.}'}], hs_path=it-security}--
{tableName=guides, name=Enterprise Risk Management, description= This guide provides an overview of Enterprise Risk Management and its processes, enabling you to develop a risk management strategy and plan for your organization. Learn how to identify, assess, and mitigate risks., topic=null, hs_path=enterprise-risk-management}--
ISO 27001
ISO/IEC 27001 Audit

An ISO/IEC 27001 Audit is a type of audit that evaluates an organization’s Information Security Mana...

APRA CPS 234
APRA CPS 234 vs ISO 27001

APRA CPS 234 & ISO 27001: Compare & contrast Australia's Prudential Standard 234 & Inter...

Association of International Certified Professiona...

The Association of International Certified Professional Accountants (AICPA) is an organization that ...

Cyber Resiliency

Cyber Resiliency is the ability of an organization or individual to maintain or quickly recover from...

Cybersecurity Risk Management
IT Security

IT Security is a broad term that encompasses the processes, technologies, and practices designed to ...

Enterprise Risk Management

This guide provides an overview of Enterprise Risk Management and its processes, enabling you to dev...

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Download
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks