Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Better manage your Defence Industry Security Program (DISP) with technology
On-demand Webinar

Better manage your Defence Industry Security Progr...

Join industry experts Andrew Robinson, Aaron Pollard and Shahyan Shabbir who will share their insights into how to better manage your Defence Industry...

On-Demand Webinar

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Register Now
Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

Register Now
How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

Register Now
See all webinars

Latest Answers

ASD Essential 8

Who has to comply with ASD Essential 8?

What is ASD Essential 8? The Australian Signals Di...

NIST Cybersecurity Framework (CSF)

Is NIST a standard or framework?

What is NIST? NIST, which stands for the National ...

ASD Essential 8

What is the ASD Essential Eight model?

What is the ASD essential eight model? The ASD Ess...

{tableName=glossary, name=ISO/IEC 27001 Secure Development Policy, description= ISO/IEC 27001 Secure Development Policy is a set of guidelines and standards that organizations must adhere to in order to ensure the security of their software development processes. It covers a wide range of topics, from the design and development of secure applications and systems, to the management of security risks and vulnerabilities throughout the software development lifecycle. The policy outlines the necessary steps that organizations must take to protect their applications and systems from potential cyber threats. It also provides guidance on how to respond to security incidents, and how to handle sensitive information. The policy is designed to ensure that organizations are able to develop and maintain secure applications and systems, and to protect their customers, employees, and other stakeholders from potential cyber attacks., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 3='{type=string, value=Write the overview for an authoritative guide based on: ISO 27001 Guide}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 7='{type=string, value=Write a web page title with no special characters and a maximum of 60 characters based on: ISO 27001 Guide}', 8='{type=string, value=Write the overview for an authoritative guide based on: ISO 27001 Guide}', 9='{type=string, value=20}', 10='{type=string, value=40}', 11='{type=string, value=200}', 12='{type=number, value=0}', 15='{type=list, value=[{id=97620570500, name='null'}]}'}], hs_path=iso-iec-27001-secure-development-policy}--
{tableName=glossary, name=Endpoint Cybersecurity, description= Endpoint cybersecurity is a type of security measure taken to protect endpoints, such as computers, servers, mobile devices, and other network-connected devices, from malicious cyber threats. Endpoint cybersecurity is a comprehensive approach to protecting endpoints from the threats posed by hackers, malware, and other malicious actors. Endpoint cybersecurity solutions typically involve a combination of hardware and software solutions, such as firewalls, antivirus software, intrusion detection systems, and endpoint protection platforms. These solutions are designed to detect, prevent, and respond to malicious activity and threats. Endpoint cybersecurity solutions can also include measures such as user authentication, access control, encryption, and network segmentation. The goal of endpoint cybersecurity is to protect endpoints from malicious attacks and ensure that data and systems remain secure., topic=null, hs_path=endpoint-cybersecurity}--
{tableName=glossary, name=Risk Identification (Ri), description= Risk Identification (Ri) is the process of identifying and understanding potential risks that may affect an organization, project, or process. This process typically involves the identification of both internal and external factors that may have an impact on the organization, project, or process. Risk identification involves analyzing the environment and the organization's activities to identify potential risks. It also involves the analysis of internal and external data to identify potential risks. The process includes the identification of the sources of risk, the assessment of the probability of occurrence, and the evaluation of the consequences of the risk. The purpose of risk identification is to identify and prioritize risks that need to be addressed, so that the organization can manage them effectively., topic=null, hs_path=risk-identification-ri}--
{tableName=glossary, name=Incident Response Plan, description= An Incident Response Plan is a set of written instructions that outlines the steps an organization should take when responding to a security incident. It is a comprehensive document that covers all aspects of incident response, from initial detection and analysis to containment, eradication, and recovery. The plan should also include post-incident activities such as reporting, analysis, and follow-up. The plan should be tailored to the organization’s specific needs, and should include policies and procedures for responding to incidents, such as a communications plan, a notification plan, and a process for gathering evidence. The plan should also include roles and responsibilities for staff and resources, both internal and external, that will be involved in the incident response process., topic=null, hs_path=incident-response-plan}--
{tableName=glossary, name=Thin Client, description= A thin client is a computer or device that relies on a server to perform its computing tasks. It is typically used in an environment where the user accesses applications and data stored on a remote server, rather than on the local machine. Thin clients are typically much less expensive than traditional PCs and are used in a variety of settings, such as government offices, educational institutions, and businesses. They are also used in home networks, where they provide access to shared files and applications. Thin clients are often used in cloud computing environments, where multiple users can access the same applications and data stored on a remote server. Thin clients are typically much more secure than traditional PCs, as they are not able to store data or applications locally., topic=null, hs_path=thin-client}--
{tableName=comparison, name=ASD Essential 8 vs APRA CPS 234, description=ASD Essential 8 and APRA CPS 234 are two frameworks to help organisations protect their information systems from cyber threats. , topic=[{id=97620570506, createdAt=1673040885315, updatedAt=1685498674506, path='asd-essential-8', name=' ASD Essential 8 Guide: A Comprehensive Overview', 1='{type=string, value=ASD Essential 8}', 2='{type=string, value= This guide provides an overview of the ASD Essential 8 - 8 evidence-based strategies to help improve the outcomes of children with Autism Spectrum Disorder. Learn how to identify and implement these strategies to help}', 3='{type=string, value=Write the overview for an authoritative guide based on: ASD Essential 8 Guide}', 5='{type=string, value=This authoritative guide provides an in-depth look at the ASD Essential 8 (E8), a set of eight measures developed by the Australian Signals Directorate (ASD) to protect organizations from cyber threats. It explores whether the ASD Essential 8 are mandatory or not for your organisations and covers the fundamentals of each of the eight measures, including the maturity levels, how to perform an assessment and implementation guidenace.}', 7='{type=string, value=Write a web page title with no special characters and a maximum of 60 characters based on: ASD Essential 8 Guide}', 8='{type=string, value=Write the overview for an authoritative guide based on: ASD Essential 8 Guide}', 9='{type=string, value=20}', 10='{type=string, value=40}', 11='{type=string, value=200}', 12='{type=number, value=0}'}], hs_path=asd-essential-8-vs-apra-cps-234}--
ISO 27001
ISO/IEC 27001 Secure Development Policy

ISO/IEC 27001 Secure Development Policy is a set of guidelines and standards that organizations must...

Endpoint Cybersecurity

Endpoint cybersecurity is a type of security measure taken to protect endpoints, such as computers, ...

Risk Identification (Ri)

Risk Identification (Ri) is the process of identifying and understanding potential risks that may af...

Incident Response Plan

An Incident Response Plan is a set of written instructions that outlines the steps an organization s...

Thin Client

A thin client is a computer or device that relies on a server to perform its computing tasks. It is ...

ASD Essential 8
ASD Essential 8 vs APRA CPS 234

ASD Essential 8 and APRA CPS 234 are two frameworks to help organisations protect their information ...

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Download
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks