Skip to content

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risk, and compliance trends.

Webinars

6clicks product roadshow: Discover ...

On-demand Webinar

6clicks product roadshow: Discover the latest updates

Gain exclusive insights into the latest advancements on the 6clicks platform, starting with our integration with Wiz and...
date-icon

Oct 31, 2024

location

Virtual

Reducing cost and complexity of GRC...

On-demand Webinar

Reducing cost and complexity of GRC with CyberCX

Join Andrew Robinson, CISO & Co-Founder of 6clicks, and Belinda Edwards, Manager - Governance, Risk, and Compliance of C...
date-icon

Sep 19, 2024

location

Virtual

6clicks Hub & Spoke: Smart GRC solu...

On-demand Webinar

6clicks Hub & Spoke: Smart GRC solution for enterprise needs

Explore how 6clicks' unique Hub & Spoke deployment architecture streamlines cyber GRC management for federated enterpris...
date-icon

Sep 2, 2024

location

Virtual

See all webinars
{tableName=glossary, name=Information Security Risk Management, description= Information Security Risk Management is the process of identifying, assessing, and controlling risks associated with the use of information systems. It involves analyzing the potential risks associated with the use of information systems, developing strategies to manage those risks, and implementing measures to protect the security of the information systems. Risk management includes assessing the likelihood of a security breach, evaluating the potential consequences of such a breach, and formulating a plan of action to reduce the risks. It also involves developing policies and procedures to ensure the security of information systems, establishing controls to prevent unauthorized access to information systems, monitoring security events, and responding to security incidents. Risk management is an ongoing process that must be regularly monitored and updated to ensure the security of information systems., topic=null, hs_path=information-security-risk-management}--
{tableName=glossary, name=SOC 2 Trust Principles, description= SOC 2 Trust Principles are a set of criteria used to evaluate and assess the security, availability, processing integrity, confidentiality, and privacy of a service organization’s systems and services. The Trust Principles are based on the American Institute of Certified Public Accountants’ (AICPA) Trust Services Principles and Criteria, which are designed to provide assurance about the security, availability, and privacy of a service organization’s systems and services. The SOC 2 Trust Principles are focused on the security, availability, processing integrity, confidentiality, and privacy of a service organization’s systems, services, and data. The Trust Principles are used to assess the design, implementation, and operating effectiveness of a service organization’s controls, procedures, and systems. The Trust Principles are designed to help service organizations develop, maintain, and demonstrate effective security, availability, processing integrity, confidentiality, and privacy of their systems and services., topic=null, hs_path=soc-2-trust-principles}--
{tableName=glossary, name=Communication and consultation, description= Communication and consultation is the process of exchanging information and ideas between two or more people or groups. It involves actively listening to the other person or group, understanding their point of view, and then providing feedback and input to reach a mutual agreement or understanding. Communication and consultation can take place in person, through written documents, or via electronic means. Communication and consultation is essential to any successful relationship, and is especially important in a business setting, where mutual understanding and agreement are essential for the successful completion of tasks and projects., topic=null, hs_path=communication-and-consultation}--
{tableName=glossary, name=ISO/IEC 27003, description= ISO/IEC 27003, also known as the Information Security Management System (ISMS) Standard, is an international standard that provides guidance and best practices for the implementation of an information security management system (ISMS) within an organization. It is based on the widely accepted ISO/IEC 27001 standard and provides additional guidance on the implementation of the ISMS. This standard provides a framework of requirements and guidance on how to develop, implement, maintain, and improve an ISMS. It also provides guidance on how to assess and manage information security risks and how to establish, document, implement, operate, monitor, review, maintain, and improve the ISMS. Additionally, it provides guidance on how to manage the ISMS in accordance with the organizations’ information security objectives. ISO/IEC 27003 is applicable to all organizations regardless of size, type, and nature, and is intended to be used in conjunction with other management system standards, such as ISO/IEC 27001., topic=null, hs_path=iso-iec-27003}--
{tableName=glossary, name=ISO/IEC 27001 Scope, description= ISO/IEC 27001 Scope is a set of requirements for the implementation of an Information Security Management System (ISMS) that defines the boundaries of the system and its objectives. It is a framework that sets out the scope of the ISMS, the processes and procedures that will be used to manage the security of the organization’s information assets, and the resources that will be used to implement and maintain the system. The scope of the ISMS will be determined by the organization’s risk management process and should include, but not be limited to: the organization’s information assets, the security controls that will be implemented, the roles and responsibilities of personnel, the organizational structure, the procedures to be followed, the documentation and records to be maintained, and the implementation and monitoring of the system. The scope should also include the identification and assessment of risks, the implementation of measures to reduce those risks, the monitoring of the system and its effectiveness, and the continual improvement of the system., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-scope}--
{tableName=glossary, name=Operational Security, description= Operational Security (OPSEC) is a process that helps protect sensitive information from being compromised by unauthorized individuals. It is a systematic process of identifying, controlling, and protecting information that, if revealed, could be used by adversaries to harm an organization or individual. It is a continuous process of assessing threats and establishing countermeasures to protect information and operations. OPSEC includes physical security, personnel security, communications security, information security, and computer security. Physical security includes measures such as locks, fences, guards, and surveillance systems. Personnel security involves background checks, clearances, and security awareness training. Communications security involves encryption, authentication, and secure transmission protocols. Information security involves protecting data from unauthorized access, modification, or destruction. Computer security involves measures such as firewalls, antivirus software, and intrusion detection systems. OPSEC also involves developing and implementing policies and procedures to ensure the security of information, operations, and personnel., topic=[{id=97620570528, createdAt=1673040885452, updatedAt=1715624222504, path='cybersecurity-risk-management', name=' Cybersecurity Risk Management: A Guide for Businesses', 1='{type=string, value=Cybersecurity Risk Management}', 2='{type=string, value= This guide provides essential information on cyber security risk management, including how to identify, assess, and mitigate risks to your organization's data and systems. Learn how to create a cyber security strategy that}', 5='{type=string, value=This Cybersecurity Risk Management Guide is designed to provide an authoritative overview of the key concepts and processes associated with effective cybersecurity risk management. It provides an introduction to the principles of risk management and the key steps involved in developing a successful risk management plan. It outlines the importance of understanding the threats and vulnerabilities that exist in the digital environment, as well as the steps that can be taken to mitigate these risks. It also discusses the need to develop a culture of security within an organization and the role of leadership in setting the tone for a secure environment. Finally, the guide provides guidance on the selection and implementation of security technologies, as well as the monitoring and review of risk management processes. This guide is an essential resource for anyone looking to understand and manage risks associated with cyber threats.}', 15='{type=list, value=[{id=97620570528, name='Cybersecurity Risk Management'}]}'}], hs_path=operational-security}--