Skip to content
🚨 Upcoming webinar: AI and the Future of GRC featuring Ant Stevens and Michael Rasmussen 🚨

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risk, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
Responding to Australia's new critical infrastructure laws
On-demand Webinar

Responding to Australia's new critical infrastruct...

Join industry experts Andrew Robinson, Matthew Chantrell and Ryan Turan to share their insights into how to automate and manage your compliance with A...

Webinars

Unlocking smart value for MSPs: Fro...

On-demand Webinar

Unlocking smart value for MSPs: From assessment to full vCISO services

Join us for a webinar designed for Managed Service Providers (MSPs) to explore how 6clicks can transform your services. ...
date-icon

Jul 17, 2024

location

Virtual

Register Now
A look behind the scenes at the GRC...

On-demand Webinar

A look behind the scenes at the GRC practices of an AI-powered GRC company

Discover the inner workings of 6clicks' Governance, Risk, and Compliance (GRC) practices with our exclusive on-demand we...
date-icon

Jul 12, 2024

location

Virtual

Register Now
IT risk management essentials: Miti...

On-demand Webinar

IT risk management essentials: Mitigate risk & stay secure

With cyber threats constantly evolving, understanding the essentials of IT risk management is crucial for businesses of ...
date-icon

Jun 12, 2024

location

Virtual

Register Now
See all webinars

Latest Answers

How does 6clicks support effective softw...

6clicks supports effective software vulnerability ...

What are the key steps involved in the i...

The internal audit process using 6clicks involves ...

What should be included in an ISO audit ...

An ISO audit checklist for cybersecurity complianc...

{tableName=glossary, name=ISO/IEC /IEC 27003:2017 Requirements, description= for an Information Security Management System ISO/IEC 27003:2017 is an international standard that provides guidance on the establishment, implementation, monitoring, maintenance, and improvement of an Information Security Management System (ISMS). It outlines the requirements for an organization to define, implement, and maintain an effective ISMS that meets the organization’s security objectives. The standard is based on the ISO/IEC 27002:2013 code of practice for information security management and the ISO/IEC 27001:2013 information security management system requirements. ISO/IEC 27003:2017 provides guidance on the planning, design, implementation, assessment, and improvement of an ISMS. It also provides guidance on how to develop and maintain an ISMS that meets the organization’s security objectives, including the implementation of information security controls and the management of information security risks. Additionally, the standard provides guidance on the management of information security incidents and the development of information security policies and procedures., topic=null, hs_path=iso-iec-iec-270032017-requirements}--
{tableName=glossary, name=Access Control Policies, description= Access Control Policies are a set of rules and regulations that are designed to govern who has access to an organization's physical or digital resources. The purpose of access control policies is to protect the confidentiality, integrity, and availability of the organization's resources by preventing unauthorized access. Access control policies typically include authentication, authorization, and audit procedures that must be followed in order to access a resource. Authentication requires users to prove their identity, while authorization requires users to have permission to access the resource. Audit procedures involve monitoring and logging user activity to ensure that the access control policies are being followed. Access control policies typically include measures such as passwords, biometrics, two-factor authentication, encryption, and firewalls., topic=null, hs_path=access-control-policies}--
{tableName=comparison, name=NIST CSF vs ASD Essential 8, description= The NIST Cybersecurity Framework (CSF) and ASD Essential 8 are two of the most popular frameworks used for cybersecurity. Learn the differences between them., topic=[{id=97620570503, createdAt=1673040885296, updatedAt=1715624266851, path='nist-cybersecurity-framework-csf', name=' NIST Cybersecurity Framework: A Comprehensive Guide', 1='{type=string, value=NIST Cybersecurity Framework (CSF)}', 2='{type=string, value= A comprehensive guide to the NIST Cybersecurity Framework (CSF) and how to use it to protect your organization's IT infrastructure and data. Learn best practices and tips to help you improve}', 5='{type=string, value=This authoritative guide provides an overview of the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). The guide will provide an in-depth look at the five core functions of the CSF, which are Identify, Protect, Detect, Respond, and Recover. It will also explain the importance of the CSF and how it can help organizations of all sizes to protect their networks and data from cyber threats. The guide will also provide an overview of the various tools and resources available to help organizations implement the CSF, as well as best practices for using the framework to ensure the security of their systems. Finally, the guide will provide a comprehensive look at the various roles and responsibilities associated with the CSF, including the roles of the organization, its employees, and external partners. This guide is an essential resource for any organization looking to protect its networks and data from the ever-evolving cyber threats.}', 15='{type=list, value=[{id=97620570503, name='NIST Cybersecurity Framework (CSF)'}]}'}], hs_path=nist-cybersecurity-framework-csf-vs-asd-essential-8}--
{tableName=glossary, name=Cybersecurity Gamification, description= Cybersecurity Gamification is the process of using game-like elements and techniques to enhance the effectiveness of cybersecurity awareness and training. It can involve creating interactive, game-like experiences to simulate real-world scenarios, providing rewards and recognition for completing challenges, and providing incentives to motivate users to engage in cybersecurity activities. Cybersecurity gamification may also involve creating a competitive environment to encourage users to practice and improve their cybersecurity skills, as well as to promote collaboration between users in order to increase overall security. Cybersecurity gamification is becoming increasingly popular as a way to engage users in cybersecurity training and to increase their awareness of the importance of security., topic=null, hs_path=cybersecurity-gamification}--
{tableName=glossary, name=ISO/IEC 27003, description= ISO/IEC 27003, also known as the Information Security Management System (ISMS) Standard, is an international standard that provides guidance and best practices for the implementation of an information security management system (ISMS) within an organization. It is based on the widely accepted ISO/IEC 27001 standard and provides additional guidance on the implementation of the ISMS. This standard provides a framework of requirements and guidance on how to develop, implement, maintain, and improve an ISMS. It also provides guidance on how to assess and manage information security risks and how to establish, document, implement, operate, monitor, review, maintain, and improve the ISMS. Additionally, it provides guidance on how to manage the ISMS in accordance with the organizations’ information security objectives. ISO/IEC 27003 is applicable to all organizations regardless of size, type, and nature, and is intended to be used in conjunction with other management system standards, such as ISO/IEC 27001., topic=null, hs_path=iso-iec-27003}--
{tableName=glossary, name=ISO/IEC 27008, description= ISO/IEC 27008 is an international standard for information security management systems (ISMS) that provides guidelines for the implementation and management of security controls. It is part of the ISO/IEC 27000 family of standards and is based on the ISO/IEC 27002 code of practice for information security management. The standard provides guidance on the implementation and management of an ISMS, including the establishment of policies, objectives, and processes to ensure the security of information assets. It also outlines the roles and responsibilities of those involved in managing the ISMS, as well as the requirements for monitoring, reviewing, and improving the system. ISO/IEC 27008 is intended to help organizations protect their information assets and ensure compliance with applicable laws, regulations, and standards., topic=null, hs_path=iso-iec-27008}--
ISO/IEC /IEC 27003:2017 Requirements

for an Information Security Management System ISO/IEC 27003:2017 is an international standard that p...

Access Control Policies

Access Control Policies are a set of rules and regulations that are designed to govern who has acces...

NIST Cybersecurity Framework (CSF)
NIST CSF vs ASD Essential 8

The NIST Cybersecurity Framework (CSF) and ASD Essential 8 are two of the most popular frameworks us...

Cybersecurity Gamification

Cybersecurity Gamification is the process of using game-like elements and techniques to enhance the ...

ISO/IEC 27003

ISO/IEC 27003, also known as the Information Security Management System (ISMS) Standard, is an inter...

ISO/IEC 27008

ISO/IEC 27008 is an international standard for information security management systems (ISMS) that p...

eBooks

Revolutionizing GRC with AI: Harnes...

eBook

Revolutionizing GRC with AI: Harnessing the power of LLM and RAG technologies

Download
GRC 5.0: Explaining the Paradigm Sh...

eBook

GRC 5.0: Explaining the Paradigm Shift in GRC

In this eBook, 6clicks CEO, Anthony Stevens, covers the major paradigm shift in GRC, integrating your risk approach, ma...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks