Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

On-Demand Webinar

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

See all webinars
{tableName=glossary, name=Risk Reduction, description= Risk Reduction is a process that seeks to reduce the probability and/or impact of an adverse event or outcome. It involves identifying risks and then taking steps to reduce or eliminate them. Risk reduction can be achieved through a variety of strategies, including avoidance, control, transfer, and/or acceptance. Avoidance means eliminating or avoiding the risk altogether. Control involves taking steps to reduce the likelihood of the risk occurring or the severity of its consequences. Transferring the risk involves transferring the responsibility for dealing with the risk to another party. Finally, risk acceptance means accepting the risk and its consequences and taking steps to minimize their impact. Risk reduction is an important component of any successful risk management program., topic=[{id=97620570509, createdAt=1673040885334, updatedAt=1683947919413, path='enterprise-risk-management', name=' Enterprise Risk Management Guide: A Comprehensive Guide', 1='{type=string, value=Enterprise Risk Management}', 2='{type=string, value= This guide provides an overview of Enterprise Risk Management and its processes, enabling you to develop a risk management strategy and plan for your organization. Learn how to identify, assess, and mitigate risks.}', 5='{type=string, value=This authoritative guide provides an overview of enterprise risk management (ERM) and its essential components. It is designed to help business leaders understand the fundamentals of ERM and develop the skills and knowledge needed to effectively manage risk in their organizations. The guide begins by defining ERM and outlining its main objectives. It then examines the key elements of ERM, including risk identification, assessment, and management. It also covers the importance of risk culture and the role of technology in ERM. Finally, the guide provides best practices for implementing and maintaining an effective ERM program. With this guide, business leaders will gain the knowledge and tools needed to effectively manage risk in their organizations.}'}], hs_path=risk-reduction}--
{tableName=glossary, name=ISO/IEC 27001 2005, description= ISO/IEC 27001:2005 is an international standard for information security management systems (ISMS). It provides a framework for organizations to identify, assess, and manage the security risks associated with their information systems, and to protect the confidentiality, integrity, and availability of their information assets. The standard is based on a risk management approach, and is designed to help organizations protect their information assets from unauthorized access, use, disclosure, modification, or destruction. It also provides guidance on how to implement, maintain, and assess the effectiveness of an ISMS. The standard is applicable to all types of organizations, regardless of size, type, or sector. It is intended to be used in conjunction with other information security standards and guidelines, such as ISO/IEC 27002 and ISO/IEC 27005., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='null'}]}'}], hs_path=iso-iec-27001-2005}--
{tableName=glossary, name=Information Security Risk Management, description= Information Security Risk Management is the process of identifying, assessing, and controlling risks associated with the use of information systems. It involves analyzing the potential risks associated with the use of information systems, developing strategies to manage those risks, and implementing measures to protect the security of the information systems. Risk management includes assessing the likelihood of a security breach, evaluating the potential consequences of such a breach, and formulating a plan of action to reduce the risks. It also involves developing policies and procedures to ensure the security of information systems, establishing controls to prevent unauthorized access to information systems, monitoring security events, and responding to security incidents. Risk management is an ongoing process that must be regularly monitored and updated to ensure the security of information systems., topic=null, hs_path=information-security-risk-management}--
{tableName=glossary, name=Regulatory Compliance, description= Regulatory Compliance is the process of ensuring that an organization adheres to all applicable laws, regulations, standards, and ethical practices set by governing bodies or other authorities. It involves creating and implementing policies, procedures, and processes that are designed to ensure that the organization is in compliance with all applicable laws, regulations, standards, and ethical practices. Regulatory compliance is a critical component of any organization’s risk management program, as non-compliance can lead to costly fines, sanctions, and other penalties. Regulatory compliance is also important for organizations to maintain their reputation and public trust., topic=null, hs_path=regulatory-compliance}--
{tableName=glossary, name=Strategic Risk, description= Strategic risk is the risk that an organization takes when it makes strategic decisions, such as entering a new market, introducing a new product, or changing its business model. This type of risk is associated with uncertainty and the potential for losses due to unexpected events or changes in the external environment. Strategic risk can include a wide range of risks, such as financial, operational, legal, reputational, and political risks. Strategic risk management involves identifying, assessing, and managing the risks associated with strategic decisions. Risk management strategies can include developing contingency plans, diversifying investments, and implementing risk mitigation measures. Strategic risk management is an important part of any organization’s overall risk management strategy., topic=null, hs_path=strategic-risk}--
{tableName=glossary, name=Network Segregation, description= Network Segregation is the process of separating different types of traffic on a network. It is used to ensure that sensitive information is kept secure by isolating it from other types of traffic. It can be accomplished in a variety of ways, including the use of virtual local area networks (VLANs), firewalls, and network access control lists (ACLs). Network segregation can also be used to limit the amount of traffic that is sent to or from certain areas of a network. This can help to reduce the risk of unauthorized access to sensitive information, as well as to improve network performance by reducing the amount of traffic that needs to be processed by the network., topic=null, hs_path=network-segregation}--

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...