Skip to content
🚨 Upcoming webinar: AI and the Future of GRC featuring Ant Stevens and Michael Rasmussen 🚨

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risk, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
Responding to Australia's new critical infrastructure laws
On-demand Webinar

Responding to Australia's new critical infrastruct...

Join industry experts Andrew Robinson, Matthew Chantrell and Ryan Turan to share their insights into how to automate and manage your compliance with A...

Webinars

Unlocking smart value for MSPs: Fro...

On-demand Webinar

Unlocking smart value for MSPs: From assessment to full vCISO services

Join us for a webinar designed for Managed Service Providers (MSPs) to explore how 6clicks can transform your services. ...
date-icon

Jul 17, 2024

location

Virtual

Register Now
A look behind the scenes at the GRC...

On-demand Webinar

A look behind the scenes at the GRC practices of an AI-powered GRC company

Discover the inner workings of 6clicks' Governance, Risk, and Compliance (GRC) practices with our exclusive on-demand we...
date-icon

Jul 12, 2024

location

Virtual

Register Now
IT risk management essentials: Miti...

On-demand Webinar

IT risk management essentials: Mitigate risk & stay secure

With cyber threats constantly evolving, understanding the essentials of IT risk management is crucial for businesses of ...
date-icon

Jun 12, 2024

location

Virtual

Register Now
See all webinars

Latest Answers

How does 6clicks support effective softw...

6clicks supports effective software vulnerability ...

What are the key steps involved in the i...

The internal audit process using 6clicks involves ...

What should be included in an ISO audit ...

An ISO audit checklist for cybersecurity complianc...

{tableName=glossary, name=Common Vulnerabilities And Exposures (CVE), description= Common Vulnerabilities and Exposures (CVE) is a list of publicly known cyber security vulnerabilities and exposures. It is maintained by the non-profit organization, the MITRE Corporation, and is sponsored by the U.S. Department of Homeland Security. CVE is a dictionary of standardized names for vulnerabilities and exposures that are used to reference publicly known security issues. It provides a reference to security vulnerabilities and exposures, which allows developers and security professionals to identify and share information about these issues. The list of vulnerabilities and exposures is constantly updated and includes detailed information about the severity of the issue, the affected software and hardware, and the type of attack. CVE also provides a reference to the associated Common Vulnerability Scoring System (CVSS) score, which is used to rank the severity of the vulnerability or exposure. This score is used to help prioritize security patches and other security measures. CVE is an important resource for security professionals and developers, as it helps them quickly identify and address security issues., topic=[{id=97620570512, createdAt=1673040885353, updatedAt=1715624422147, path='vulnerability-management', name='Vulnerability Management Guide: Learn to Protect Your Business', 1='{type=string, value=Vulnerability Management}', 2='{type=string, value= Learn how to identify, assess, and manage security vulnerabilities in your organization with this comprehensive guide to Vulnerability Management. Get started now!}', 5='{type=string, value=This Vulnerability Management Guide provides an authoritative overview of the processes, strategies, and best practices for effectively managing vulnerabilities in an organization's IT systems. It explains the importance of vulnerability management and outlines the steps needed to build an effective vulnerability management program. It also covers the various tools and techniques used to identify, assess, and remediate vulnerabilities, as well as the importance of monitoring and reporting on the program's progress. Finally, the guide provides guidance on how to select the appropriate security solutions for an organization's needs. By following the advice in this guide, organizations can ensure that their systems are secure and their data is protected.}', 15='{type=list, value=[{id=97620570512, name='Vulnerability Management'}]}'}], hs_path=common-vulnerabilities-and-exposures-cve}--
{tableName=glossary, name=ISO/IEC 27001 Annex A Controls, description= ISO/IEC 27001 Annex A Controls are a set of 114 security controls and associated guidance that can be used to help organizations protect their information assets. These controls are divided into 14 categories, including Access Control, Cryptography, Personnel Security, Physical and Environmental Security, System and Communications Protection, System and Information Integrity, and Organization of Information Security. Each control is accompanied by a detailed description and implementation guidance. The controls are designed to provide organizations with a comprehensive set of security measures that can be tailored to their specific needs and risk profile. The controls provide a framework for organizations to evaluate their current security posture, identify gaps, and develop an action plan to address those gaps. By following the guidance provided in the Annex A Controls, organizations can create a secure and reliable information system that meets their security objectives., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-annex-a-controls}--
{tableName=glossary, name=ISO/IEC 27001 Risk Register, description= ISO/IEC 27001 Risk Register is a document that identifies and records potential risks to an organization’s information security system. It is a comprehensive list of all the risks that have been identified and assessed, along with the associated mitigation strategies. The Risk Register should be maintained and updated regularly to ensure that all risks are properly identified, assessed, and addressed. It should also be used to track progress on the implementation of risk management strategies, as well as to identify any new risks that may arise. The Risk Register should be reviewed periodically to ensure that all risks are being managed in an effective and efficient manner. Additionally, the Risk Register should be reviewed by senior management to ensure that the organization is taking appropriate steps to protect its information assets., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-risk-register}--
{tableName=glossary, name=ISO/IEC /IEC 27004:2016 Clauses, description= ISO/IEC 27004:2016 Clauses is an international standard that provides guidance and best practices for measuring and managing the performance of Information Security Management Systems (ISMS). It is based on the ISO/IEC 27001:2013 standard and provides a framework for organizations to assess and improve their security posture. The standard is divided into six main sections, each of which contains a number of clauses. The sections cover topics such as security management, security controls, risk assessment and management, security incident management, security monitoring, and security assurance. Each clause provides guidance on the requirements for the specific topic and includes examples of how to implement the requirements. The standard also includes a number of annexes which provide additional guidance on security management, security controls, and security assurance. ISO/IEC 27004:2016 Clauses is designed to help organizations develop and maintain an effective ISMS, and to ensure that their security posture is up to date and in line with industry best practices., topic=null, hs_path=iso-iec-iec-270042016-clauses}--
{tableName=comparison, name=ASD Essential 8 vs SOC 2, description=ASD Essential 8 vs SOC 2: Learn the differences between the Australian Signals Directorate's Essential 8 security strategies and the AICPA's SOC 2 framework, topic=[{id=97620570506, createdAt=1673040885315, updatedAt=1715624279165, path='asd-essential-8', name=' ASD Essential 8 Guide: A Comprehensive Overview', 1='{type=string, value=ASD Essential 8}', 2='{type=string, value= This guide provides an overview of the ASD Essential 8 - 8 evidence-based strategies to help improve the outcomes of children with Autism Spectrum Disorder. Learn how to identify and implement these strategies to help}', 5='{type=string, value=This authoritative guide provides an in-depth look at the ASD Essential 8 (E8), a set of eight measures developed by the Australian Signals Directorate (ASD) to protect organizations from cyber threats. It explores whether the ASD Essential 8 are mandatory or not for your organisations and covers the fundamentals of each of the eight measures, including the maturity levels, how to perform an assessment and implementation guidenace.}', 15='{type=list, value=[{id=97620570506, name='ASD Essential 8'}]}'}], hs_path=asd-essential-8-vs-soc-2}--
{tableName=glossary, name=ISO/IEC Accreditation, description= ISO/IEC accreditation is an internationally recognized standard for the evaluation of organizations that provide certification services. It is a process of assessing the competence of an organization to provide certification services, including the processes and procedures used to ensure that certification is conducted in accordance with the relevant international standards. In order to be accredited, an organization must demonstrate that it has the necessary technical and organizational infrastructure, personnel, and resources to perform certification activities in accordance with the requirements of the relevant international standards. ISO/IEC accreditation is issued by a recognized accreditation body, such as the International Accreditation Forum (IAF). Accreditation is an important part of the certification process, as it ensures that certified products and services meet the required standards and are of the highest quality., topic=null, hs_path=iso-iec-accreditation}--
Vulnerability Management
Common Vulnerabilities And Exposures (CVE)

Common Vulnerabilities and Exposures (CVE) is a list of publicly known cyber security vulnerabilitie...

ISO 27001
ISO/IEC 27001 Annex A Controls

ISO/IEC 27001 Annex A Controls are a set of 114 security controls and associated guidance that can b...

ISO 27001
ISO/IEC 27001 Risk Register

ISO/IEC 27001 Risk Register is a document that identifies and records potential risks to an organiza...

ISO/IEC /IEC 27004:2016 Clauses

ISO/IEC 27004:2016 Clauses is an international standard that provides guidance and best practices fo...

ASD Essential 8
ASD Essential 8 vs SOC 2

ASD Essential 8 vs SOC 2: Learn the differences between the Australian Signals Directorate's Essenti...

ISO/IEC Accreditation

ISO/IEC accreditation is an internationally recognized standard for the evaluation of organizations ...

eBooks

Revolutionizing GRC with AI: Harnes...

eBook

Revolutionizing GRC with AI: Harnessing the power of LLM and RAG technologies

Download
GRC 5.0: Explaining the Paradigm Sh...

eBook

GRC 5.0: Explaining the Paradigm Shift in GRC

In this eBook, 6clicks CEO, Anthony Stevens, covers the major paradigm shift in GRC, integrating your risk approach, ma...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks