Skip to content
Master Security Compliance: Join our upcoming webinar!

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
Mastering Security Compliance
Live Webinar

Mastering Security Compliance

Unlock the essentials of Security Compliance with industry experts in our live webinar. Gain valuable insights and strategies for mastering compliance...

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Register Now
Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

Register Now
How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

Register Now
See all webinars

Latest Answers

ASD Essential 8

Who has to comply with ASD Essential 8?

What is ASD Essential 8? The Australian Signals Di...

NIST Cybersecurity Framework (CSF)

Is NIST a standard or framework?

What is NIST? NIST, which stands for the National ...

ASD Essential 8

What is the ASD Essential Eight model?

What is the ASD essential eight model? The ASD Ess...

{tableName=glossary, name=Data Protection Impact Assessment (DPIA), description= Data Protection Impact Assessment (DPIA) is a process used to identify, assess, and manage data protection risks within an organization. It is an important tool for organizations to ensure that personal data is processed in accordance with the applicable data protection laws and regulations. A DPIA is a risk-based assessment that helps organizations to identify and mitigate any potential risks associated with the processing of personal data. It is used to evaluate the necessity and proportionality of the processing activities, to identify and assess the potential risks to the rights and freedoms of individuals, and to identify any measures necessary to address those risks. The DPIA should be conducted before the processing of personal data begins and should be updated periodically to ensure that the risks are managed and minimized. The DPIA should include the identification of the data controller and processor, the purpose of the data processing, the categories of personal data to be processed, the recipients of the data, the duration of the data processing, the security measures in place, and the measures taken to protect the rights of the data subjects., topic=null, hs_path=data-protection-impact-assessment-dpia}--
{tableName=glossary, name=Business Continuity Management (BCM), description= Business Continuity Management (BCM) is a holistic management process that identifies potential threats to an organization and the impacts to business operations that those threats may have, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand, and value-creating activities. It includes the development of policies and procedures for preventing, responding to, and recovering from disruptive events. BCM also includes the identification of an organization’s critical business functions, the development of recovery strategies, the implementation of plans and procedures, the testing of plans and procedures, and the maintenance of plans and procedures. BCM helps organizations to protect their operations, financials, customers, and stakeholders in the event of a disruption. It also helps organizations to maintain their competitive edge by ensuring the continuity of their operations, products and services in the face of any disruption., topic=[{id=97620570528, createdAt=1673040885452, updatedAt=1683947994134, path='cybersecurity-risk-management', name=' Cybersecurity Risk Management: A Guide for Businesses', 1='{type=string, value=Cybersecurity Risk Management}', 2='{type=string, value= This guide provides essential information on cyber security risk management, including how to identify, assess, and mitigate risks to your organization's data and systems. Learn how to create a cyber security strategy that}', 5='{type=string, value=This Cybersecurity Risk Management Guide is designed to provide an authoritative overview of the key concepts and processes associated with effective cybersecurity risk management. It provides an introduction to the principles of risk management and the key steps involved in developing a successful risk management plan. It outlines the importance of understanding the threats and vulnerabilities that exist in the digital environment, as well as the steps that can be taken to mitigate these risks. It also discusses the need to develop a culture of security within an organization and the role of leadership in setting the tone for a secure environment. Finally, the guide provides guidance on the selection and implementation of security technologies, as well as the monitoring and review of risk management processes. This guide is an essential resource for anyone looking to understand and manage risks associated with cyber threats.}'}], hs_path=business-continuity-management-bcm}--
{tableName=glossary, name=Passive Scanning, description= Passive scanning is a type of network security scanning technique used to detect potential security threats on a computer network without sending any packets or initiating any direct communication with the target systems. Passive scanning is a non-intrusive way to assess a network's security posture by gathering information passively from the network traffic. This technique allows the scanning system to observe the traffic on the network without being detected or interfering with the normal flow of traffic. Passive scanning is useful for identifying weak points in a network's security as well as detecting malicious activity, such as malware, unauthorized access, or malicious code execution. Passive scanning can also help identify potential vulnerabilities in the network infrastructure, such as unpatched systems or unencrypted communication., topic=[{id=97620570512, createdAt=1673040885353, updatedAt=1683947931775, path='vulnerability-management', name=' Vuln Mgmt Guide: Learn to Protect Your Business', 1='{type=string, value=Vulnerability Management}', 2='{type=string, value= Learn how to identify, assess, and manage security vulnerabilities in your organization with this comprehensive guide to Vulnerability Management. Get started now!}', 5='{type=string, value=This Vulnerability Management Guide provides an authoritative overview of the processes, strategies, and best practices for effectively managing vulnerabilities in an organization's IT systems. It explains the importance of vulnerability management and outlines the steps needed to build an effective vulnerability management program. It also covers the various tools and techniques used to identify, assess, and remediate vulnerabilities, as well as the importance of monitoring and reporting on the program's progress. Finally, the guide provides guidance on how to select the appropriate security solutions for an organization's needs. By following the advice in this guide, organizations can ensure that their systems are secure and their data is protected.}'}], hs_path=passive-scanning}--
{tableName=glossary, name=Personally Identifiable Information (PII), description= Personally Identifiable Information (PII) is any data that can be used to identify an individual, either directly or indirectly. This includes, but is not limited to, a person’s name, address, phone number, email address, Social Security number, driver’s license number, passport number, financial account information, biometric data, and any other unique identifier. PII is often collected and stored by organizations, such as employers, banks, and government agencies, for the purpose of providing services, conducting transactions, and maintaining records. It is important to note that PII can also be used for malicious purposes, such as identity theft and fraud. As such, organizations must take steps to ensure that PII is collected, stored, and used responsibly. This includes implementing strong security measures, such as encryption and access control, as well as providing individuals with clear information about how their data is being used., topic=null, hs_path=personally-identifiable-information-pii}--
{tableName=glossary, name=ISO/IEC 27008, description= ISO/IEC 27008 is an international standard for information security management systems (ISMS) that provides guidelines for the implementation and management of security controls. It is part of the ISO/IEC 27000 family of standards and is based on the ISO/IEC 27002 code of practice for information security management. The standard provides guidance on the implementation and management of an ISMS, including the establishment of policies, objectives, and processes to ensure the security of information assets. It also outlines the roles and responsibilities of those involved in managing the ISMS, as well as the requirements for monitoring, reviewing, and improving the system. ISO/IEC 27008 is intended to help organizations protect their information assets and ensure compliance with applicable laws, regulations, and standards., topic=null, hs_path=iso-iec-27008}--
{tableName=glossary, name=Security And Integrity, description= Security and Integrity are two important concepts in the field of information technology. Security refers to the measures taken to protect data and systems from unauthorized access, modification, or destruction. This includes the use of encryption, authentication, and access control. Integrity is the assurance that data and systems remain accurate, consistent, and reliable. This includes the use of checksums, hashing, and audit trails. Security and integrity are essential for protecting data and systems from malicious attacks, and ensuring that data remains accurate and reliable., topic=[{id=97620570528, createdAt=1673040885452, updatedAt=1683947994134, path='cybersecurity-risk-management', name=' Cybersecurity Risk Management: A Guide for Businesses', 1='{type=string, value=Cybersecurity Risk Management}', 2='{type=string, value= This guide provides essential information on cyber security risk management, including how to identify, assess, and mitigate risks to your organization's data and systems. Learn how to create a cyber security strategy that}', 5='{type=string, value=This Cybersecurity Risk Management Guide is designed to provide an authoritative overview of the key concepts and processes associated with effective cybersecurity risk management. It provides an introduction to the principles of risk management and the key steps involved in developing a successful risk management plan. It outlines the importance of understanding the threats and vulnerabilities that exist in the digital environment, as well as the steps that can be taken to mitigate these risks. It also discusses the need to develop a culture of security within an organization and the role of leadership in setting the tone for a secure environment. Finally, the guide provides guidance on the selection and implementation of security technologies, as well as the monitoring and review of risk management processes. This guide is an essential resource for anyone looking to understand and manage risks associated with cyber threats.}'}], hs_path=security-and-integrity}--
Data Protection Impact Assessment (DPIA)

Data Protection Impact Assessment (DPIA) is a process used to identify, assess, and manage data prot...

Cybersecurity Risk Management
Business Continuity Management (BCM)

Business Continuity Management (BCM) is a holistic management process that identifies potential thre...

Vulnerability Management
Passive Scanning

Passive scanning is a type of network security scanning technique used to detect potential security ...

Personally Identifiable Information (PII)

Personally Identifiable Information (PII) is any data that can be used to identify an individual, ei...

ISO/IEC 27008

ISO/IEC 27008 is an international standard for information security management systems (ISMS) that p...

Cybersecurity Risk Management
Security And Integrity

Security and Integrity are two important concepts in the field of information technology. Security r...

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Download
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks