Skip to content

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

See all webinars
{tableName=glossary, name=Insider Threat Actors, description= The Insider Threat Actors are individuals within an organization that have access to sensitive information or systems that could be used to cause harm to the organization. These individuals may be malicious or accidental in their actions, but their actions can lead to data breaches, theft of intellectual property, or other security incidents. Insider threat actors can be current or former employees, contractors, vendors, or other third parties with access to the organization's networks or data. They can be malicious actors who deliberately use their access to gain unauthorized access to sensitive information or systems, or they can be accidental actors who unintentionally expose the organization to risk by not following security policies or procedures. Insider threat actors can also be malicious actors who use their access to steal intellectual property or other valuable assets. The goal of the Insider Threat Actors is to gain unauthorized access to sensitive information or systems, or to steal valuable assets from the organization., topic=null, hs_path=insider-threat-actors}--
{tableName=glossary, name=APRA CPS 234, description= APRA CPS 234 is an information security standard developed by the Australian Prudential Regulation Authority (APRA) to provide guidance on the security controls organizations should implement to protect their information and systems. The standard is based on the ISO/IEC 27002:2013 and provides a set of security requirements which organizations must comply with in order to protect their information assets. It covers topics such as access control, physical and environmental security, asset management, cryptography, system development and maintenance, incident management, and business continuity. APRA CPS 234 requires organizations to identify, assess and manage risk, and to develop and implement an information security program that meets the requirements of the standard. The standard also requires organizations to monitor, test and review their security controls on an ongoing basis., topic=[{id=97620570527, createdAt=1673040885446, updatedAt=1715624228283, path='apra-cps-234', name=' APRA CPS 234 Guide: Cyber Security Requirements', 1='{type=string, value=APRA CPS 234}', 2='{type=string, value= This guide provides a comprehensive overview of APRA CPS 234, the Australian Prudential Regulation Authority's (APRA) requirements for information security management. Learn how to protect your organisation's data}', 5='{type=string, value=The APRA CPS 234 Guide provides authoritative guidance to help organizations implement effective cybersecurity strategies. Written by the Australian Prudential Regulation Authority (APRA), this guide outlines the essential elements of a cyber security framework and outlines best practices for protecting data and systems from cyber threats. It provides detailed guidance on how to assess risk, implement safeguards, and respond to cyber incidents. The guide also includes information on how to develop policies and procedures, educate staff, and monitor cyber security performance. With this guide, organizations can ensure that their systems are secure and their data is protected.}', 15='{type=list, value=[{id=97620570527, name='APRA CPS 234'}]}'}], hs_path=apra-cps-234}--
{tableName=comparison, name=NIST SP 800-53 vs APRA CPS 234, description=NIST SP 800-53 and APRA CPS 234 are two important standards for information security. Learn the differences between them and how they can help., topic=[{id=97620570515, createdAt=1673040885373, updatedAt=1715624498921, path='nist-sp-800-53', name=' NIST SP 800-53 Security Guide: Protect Your Data', 1='{type=string, value=NIST SP 800-53}', 2='{type=string, value= This guide provides a comprehensive overview of NIST SP 800-53, a security and privacy control framework for federal information systems and organizations. Learn how to protect your data and comply with NIST}', 5='{type=string, value=This authoritative guide is based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, which provides guidance for federal agencies on selecting, implementing, and managing information security controls. The guide covers a wide range of topics, including risk assessment, security control selection, security control implementation, and security control monitoring. It also provides detailed information on the security controls that should be implemented in the organization, as well as guidance on how to assess and monitor the effectiveness of those controls. Additionally, the guide provides detailed information on the Federal Information Security Management Act (FISMA) and its requirements for information security. The guide is intended to help organizations ensure that their information systems are secure and compliant with applicable laws and regulations.}', 15='{type=list, value=[{id=97620570515, name='NIST SP 800-53'}]}'}], hs_path=nist-sp-800-53-vs-apra-cps-234}--
{tableName=glossary, name=ISO/IEC Framework, description= The ISO/IEC Framework is a set of standards and guidelines developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) to provide a consistent and reliable approach to the development, implementation, and management of information systems. It is designed to ensure that the systems developed are secure, reliable, and capable of meeting the needs of the organization. The framework is composed of a set of principles and processes that guide the development, implementation, and management of information systems. These principles and processes include security, quality assurance, system design, system development, system maintenance, system evaluation, system optimization, system integration, and system management. The framework also provides guidance on the selection and use of appropriate technologies, and the development and implementation of appropriate policies and procedures. The ISO/IEC framework is an important tool for organizations to ensure that their information systems are reliable, secure, and capable of meeting their business needs., topic=null, hs_path=iso-iec-framework}--
{tableName=glossary, name=UK Cyber Essentials, description= UK Cyber Essentials is a government-backed scheme designed to help organisations protect themselves against common cyber threats. It provides a set of simple, but effective, safeguards to help organisations protect their data, systems and networks from the most common cyber threats. It is the minimum standard for cyber security in the UK and is a mandatory requirement for organisations that handle sensitive information or provide certain types of services. The scheme consists of five key controls, which are: boundary firewalls and internet gateways; secure configuration; access control; malware protection; and patch management. These five controls are designed to protect organisations from the most common cyber threats, such as phishing attacks, malware infections, and unauthorised access to systems and networks. The scheme also provides guidance on how organisations can protect themselves from more sophisticated cyber threats. It is designed to be simple to implement and maintain, and is suitable for organisations of all sizes., topic=null, hs_path=uk-cyber-essentials}--
{tableName=glossary, name=ISO/IEC Standard, description= ISO/IEC Standard is an international standard created by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). These standards provide a set of specifications, guidelines, and best practices for a wide range of products, services, and processes. ISO/IEC standards are designed to ensure that products and services are safe, reliable, and of high quality, and that they are compatible with each other. They also help to ensure that products and services are consistent and of a high quality, regardless of where they are produced or used. ISO/IEC standards are also used to ensure that organizations comply with national and international laws, regulations, and guidelines., topic=null, hs_path=iso-iec-standard}--

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...