Skip to content
Master Security Compliance: Join our upcoming webinar!

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
Ready or not, here comes CMMC 2.0
On-demand Webinar

Ready or not, here comes CMMC 2.0

Join our esteemed panel of presenters for an informative session on the new Cybersecurity Maturity Model Certification (CMMC) 2.0 standards. Dr. Heath...

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Register Now
Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

Register Now
How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

Register Now
See all webinars

Latest Answers

ASD Essential 8

Who has to comply with ASD Essential 8?

What is ASD Essential 8? The Australian Signals Di...

NIST Cybersecurity Framework (CSF)

Is NIST a standard or framework?

What is NIST? NIST, which stands for the National ...

ASD Essential 8

What is the ASD Essential Eight model?

What is the ASD essential eight model? The ASD Ess...

{tableName=glossary, name=Information Management System, description= An Information Management System is a system of organized procedures and processes used to collect, store, organize, analyze, retrieve, and distribute data and information. It is designed to help users efficiently manage and access data, information, and knowledge. It typically includes a combination of hardware, software, and other technologies, such as databases, networks, and cloud computing, to provide users with secure access to the data they need. An Information Management System is used to improve the efficiency of business operations, streamline processes, reduce costs, and improve customer service. It can also be used to improve decision-making, communication, collaboration, and productivity., topic=null, hs_path=information-management-system}--
{tableName=glossary, name=Data Exfiltration, description= Data exfiltration is the unauthorized transfer of data from a secure system or network to an external location or device. It is a malicious activity typically performed by cybercriminals to steal sensitive information, such as financial data, intellectual property, or personally identifiable information (PII). Data exfiltration can occur through a variety of methods, including malware, phishing, and malicious insiders. Malware is malicious software designed to infiltrate a system and steal data, while phishing involves sending fraudulent emails in an attempt to gain access to the target system or network. Malicious insiders are individuals with authorized access to the system or network who use their access to steal data. Data exfiltration can also be caused by misconfigured systems or networks, which allow malicious actors to gain access to the data without authorization. Regardless of the method used, data exfiltration can have serious consequences for organizations, including financial losses, reputational damage, and compliance violations., topic=null, hs_path=data-exfiltration}--
{tableName=glossary, name=Operational Risk Management (ORM), description= Operational Risk Management (ORM) is the process of identifying, assessing, and mitigating risks that can arise from the operations of an organization. It is an important part of an organization’s overall risk management strategy, and involves the identification, evaluation, and control of risks that can arise from the organization’s operations. ORM is a proactive approach to managing risks and encompasses a wide range of activities, including risk identification and assessment, risk control and monitoring, and risk response and recovery. ORM also involves the development and implementation of policies, procedures, and systems to effectively manage operational risks. The goal of ORM is to ensure that the organization’s operations remain safe, secure, and efficient, while minimizing losses and maximizing returns. ORM is a continuous process that requires ongoing monitoring and review to ensure that risks are identified and addressed in a timely and effective manner., topic=null, hs_path=operational-risk-management-orm}--
{tableName=glossary, name=Active Attack, description= An active attack is a type of cyber attack that attempts to alter, delete, or disrupt the availability of a computer system or its data. This type of attack is malicious in nature and is carried out by a hacker or group of hackers, who are often referred to as black hat hackers. Active attacks are different from passive attacks in that they involve direct manipulation of the system, such as exploiting vulnerabilities, rather than passively gathering information. These attacks can include denial of service attacks, malicious code injection, unauthorized access, and data manipulation. Active attacks are more difficult to detect and prevent than passive attacks, as they require more sophisticated techniques to be successful., topic=[{id=97620570512, createdAt=1673040885353, updatedAt=1683947931775, path='vulnerability-management', name=' Vuln Mgmt Guide: Learn to Protect Your Business', 1='{type=string, value=Vulnerability Management}', 2='{type=string, value= Learn how to identify, assess, and manage security vulnerabilities in your organization with this comprehensive guide to Vulnerability Management. Get started now!}', 5='{type=string, value=This Vulnerability Management Guide provides an authoritative overview of the processes, strategies, and best practices for effectively managing vulnerabilities in an organization's IT systems. It explains the importance of vulnerability management and outlines the steps needed to build an effective vulnerability management program. It also covers the various tools and techniques used to identify, assess, and remediate vulnerabilities, as well as the importance of monitoring and reporting on the program's progress. Finally, the guide provides guidance on how to select the appropriate security solutions for an organization's needs. By following the advice in this guide, organizations can ensure that their systems are secure and their data is protected.}'}], hs_path=active-attack}--
{tableName=glossary, name=Cyber Risk Management Frameworks, description= Cyber Risk Management Frameworks are comprehensive sets of policies, processes, and procedures that organizations use to identify, assess, monitor, and mitigate risks associated with their digital assets and operations. These frameworks provide a structured approach to managing cyber risks, including understanding the potential threats, vulnerabilities, and impacts of a cyber incident, and developing strategies to prevent, detect, respond to, and recover from such incidents. Cyber Risk Management Frameworks typically include risk identification and assessment, risk mitigation, security controls and monitoring, incident response, and incident recovery. They also often include guidance on data privacy, legal and regulatory compliance, and other risk-related topics., topic=[{id=97620570528, createdAt=1673040885452, updatedAt=1683947994134, path='cybersecurity-risk-management', name=' Cybersecurity Risk Management: A Guide for Businesses', 1='{type=string, value=Cybersecurity Risk Management}', 2='{type=string, value= This guide provides essential information on cyber security risk management, including how to identify, assess, and mitigate risks to your organization's data and systems. Learn how to create a cyber security strategy that}', 5='{type=string, value=This Cybersecurity Risk Management Guide is designed to provide an authoritative overview of the key concepts and processes associated with effective cybersecurity risk management. It provides an introduction to the principles of risk management and the key steps involved in developing a successful risk management plan. It outlines the importance of understanding the threats and vulnerabilities that exist in the digital environment, as well as the steps that can be taken to mitigate these risks. It also discusses the need to develop a culture of security within an organization and the role of leadership in setting the tone for a secure environment. Finally, the guide provides guidance on the selection and implementation of security technologies, as well as the monitoring and review of risk management processes. This guide is an essential resource for anyone looking to understand and manage risks associated with cyber threats.}'}], hs_path=cyber-risk-management-frameworks}--
{tableName=glossary, name=ISO/IEC Audit, description= ISO/IEC Audit is an independent assessment of an organization’s compliance with the ISO/IEC standards, which are a set of international standards that provide guidance on how organizations should operate in order to ensure quality, safety and security. The audit is conducted by an independent auditor who evaluates an organization’s policies, procedures, processes, and systems to determine if they are in compliance with the standards. The audit typically includes interviews and reviews of documents, records, and other evidence to ensure that the organization is meeting the requirements set forth in the standard. The auditor then provides a report to the organization and may recommend corrective actions to be taken in order to ensure compliance. The audit is an important part of the ISO/IEC certification process, as it helps to ensure that organizations are meeting the standards and providing quality products and services to their customers., topic=null, hs_path=iso-iec-audit}--
Information Management System

An Information Management System is a system of organized procedures and processes used to collect, ...

Data Exfiltration

Data exfiltration is the unauthorized transfer of data from a secure system or network to an externa...

Operational Risk Management (ORM)

Operational Risk Management (ORM) is the process of identifying, assessing, and mitigating risks tha...

Vulnerability Management
Active Attack

An active attack is a type of cyber attack that attempts to alter, delete, or disrupt the availabili...

Cybersecurity Risk Management
Cyber Risk Management Frameworks

Cyber Risk Management Frameworks are comprehensive sets of policies, processes, and procedures that ...

ISO/IEC Audit

ISO/IEC Audit is an independent assessment of an organization’s compliance with the ISO/IEC standard...

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Download
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks