Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

On-Demand Webinar

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

See all webinars
{tableName=glossary, name=Data Protection Impact Assessment (DPIA), description= Data Protection Impact Assessment (DPIA) is a process used to identify, assess, and manage data protection risks within an organization. It is an important tool for organizations to ensure that personal data is processed in accordance with the applicable data protection laws and regulations. A DPIA is a risk-based assessment that helps organizations to identify and mitigate any potential risks associated with the processing of personal data. It is used to evaluate the necessity and proportionality of the processing activities, to identify and assess the potential risks to the rights and freedoms of individuals, and to identify any measures necessary to address those risks. The DPIA should be conducted before the processing of personal data begins and should be updated periodically to ensure that the risks are managed and minimized. The DPIA should include the identification of the data controller and processor, the purpose of the data processing, the categories of personal data to be processed, the recipients of the data, the duration of the data processing, the security measures in place, and the measures taken to protect the rights of the data subjects., topic=null, hs_path=data-protection-impact-assessment-dpia}--
{tableName=glossary, name=UK Cyber Essentials, description= UK Cyber Essentials is a government-backed scheme designed to help organisations protect themselves against common cyber threats. It provides a set of simple, but effective, safeguards to help organisations protect their data, systems and networks from the most common cyber threats. It is the minimum standard for cyber security in the UK and is a mandatory requirement for organisations that handle sensitive information or provide certain types of services. The scheme consists of five key controls, which are: boundary firewalls and internet gateways; secure configuration; access control; malware protection; and patch management. These five controls are designed to protect organisations from the most common cyber threats, such as phishing attacks, malware infections, and unauthorised access to systems and networks. The scheme also provides guidance on how organisations can protect themselves from more sophisticated cyber threats. It is designed to be simple to implement and maintain, and is suitable for organisations of all sizes., topic=null, hs_path=uk-cyber-essentials}--
{tableName=glossary, name=ISO/IEC 27003, description= ISO/IEC 27003, also known as the Information Security Management System (ISMS) Standard, is an international standard that provides guidance and best practices for the implementation of an information security management system (ISMS) within an organization. It is based on the widely accepted ISO/IEC 27001 standard and provides additional guidance on the implementation of the ISMS. This standard provides a framework of requirements and guidance on how to develop, implement, maintain, and improve an ISMS. It also provides guidance on how to assess and manage information security risks and how to establish, document, implement, operate, monitor, review, maintain, and improve the ISMS. Additionally, it provides guidance on how to manage the ISMS in accordance with the organizations’ information security objectives. ISO/IEC 27003 is applicable to all organizations regardless of size, type, and nature, and is intended to be used in conjunction with other management system standards, such as ISO/IEC 27001., topic=null, hs_path=iso-iec-27003}--
{tableName=glossary, name=Active Attack, description= An active attack is a type of cyber attack that attempts to alter, delete, or disrupt the availability of a computer system or its data. This type of attack is malicious in nature and is carried out by a hacker or group of hackers, who are often referred to as black hat hackers. Active attacks are different from passive attacks in that they involve direct manipulation of the system, such as exploiting vulnerabilities, rather than passively gathering information. These attacks can include denial of service attacks, malicious code injection, unauthorized access, and data manipulation. Active attacks are more difficult to detect and prevent than passive attacks, as they require more sophisticated techniques to be successful., topic=[{id=97620570512, createdAt=1673040885353, updatedAt=1683947931775, path='vulnerability-management', name=' Vuln Mgmt Guide: Learn to Protect Your Business', 1='{type=string, value=Vulnerability Management}', 2='{type=string, value= Learn how to identify, assess, and manage security vulnerabilities in your organization with this comprehensive guide to Vulnerability Management. Get started now!}', 5='{type=string, value=This Vulnerability Management Guide provides an authoritative overview of the processes, strategies, and best practices for effectively managing vulnerabilities in an organization's IT systems. It explains the importance of vulnerability management and outlines the steps needed to build an effective vulnerability management program. It also covers the various tools and techniques used to identify, assess, and remediate vulnerabilities, as well as the importance of monitoring and reporting on the program's progress. Finally, the guide provides guidance on how to select the appropriate security solutions for an organization's needs. By following the advice in this guide, organizations can ensure that their systems are secure and their data is protected.}'}], hs_path=active-attack}--
{tableName=comparison, name=ASD Essential 8 vs PCI-DSS, description=ASD Essential 8 is a cybersecurity framework developed by the Australian government to help protect organizations from cyber threats. , topic=[{id=97620570506, createdAt=1673040885315, updatedAt=1685498674506, path='asd-essential-8', name=' ASD Essential 8 Guide: A Comprehensive Overview', 1='{type=string, value=ASD Essential 8}', 2='{type=string, value= This guide provides an overview of the ASD Essential 8 - 8 evidence-based strategies to help improve the outcomes of children with Autism Spectrum Disorder. Learn how to identify and implement these strategies to help}', 5='{type=string, value=This authoritative guide provides an in-depth look at the ASD Essential 8 (E8), a set of eight measures developed by the Australian Signals Directorate (ASD) to protect organizations from cyber threats. It explores whether the ASD Essential 8 are mandatory or not for your organisations and covers the fundamentals of each of the eight measures, including the maturity levels, how to perform an assessment and implementation guidenace.}'}], hs_path=asd-essential-8-vs-pci-dss}--
{tableName=guides, name=Compliance Management, description=This guide provides an overview of the regulations and compliance requirements for businesses in the US, UK, AU and EU. Learn how to stay compliant and protect your business from potential legal issues., topic=null, hs_path=regulatory-compliance}--

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...