Skip to content

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Webinars

Building intelligent vendor risk pr...

On-demand Webinar

Building intelligent vendor risk programs

Discover how to revolutionize your vendor risk management (VRM) processes with 6clicks' comprehensive solution in our on...
date-icon

May 29, 2024

location

Virtual

Q2 product showcase: Discover the n...

On-demand Webinar

Q2 product showcase: Discover the next wave of innovation

Join us for an exclusive webinar where our product managers unveil the latest advancements in our platform and provide i...
date-icon

Apr 17, 2024

location

Virtual

Introducing Hailey Assist: Your con...

On-demand Webinar

Introducing Hailey Assist: Your conversational AI assistant for GRC

Discover the power of Hailey Assist in our on-demand webinar. Learn how this conversational AI assistant revolutionizes ...
date-icon

Mar 28, 2024

location

Virtual

See all webinars
{tableName=glossary, name=ISO/IEC 27001 Security Policy, description= ISO/IEC 27001 Security Policy is a set of rules, processes, and procedures that define how an organization will manage its information security. It is a comprehensive framework for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an information security management system (ISMS). It is based on a risk management approach and includes the identification of security risks, the implementation of measures to address those risks, and the monitoring of the effectiveness of those measures. The policy should outline the organization's commitment to information security, its objectives, the roles and responsibilities of personnel, the measures and controls to be implemented, and the procedures for monitoring and reviewing the security of the organization's information systems. The policy should also provide guidelines for responding to security incidents and for reporting security breaches., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-security-policy}--
{tableName=glossary, name=Vendor Management Policy, description= A Vendor Management Policy is a set of guidelines and procedures designed to ensure that vendors providing goods and services to an organization are properly managed. The policy outlines the expectations for vendors and the organization’s responsibilities for vendor management. It also provides guidance on how to select, assess, and monitor vendors to ensure successful outcomes. The policy outlines how to manage vendor relationships, how to address performance issues, and how to ensure that vendors meet contractual requirements and organizational standards. The policy should also include guidance on how to manage vendor contracts, how to handle confidential information, and how to ensure compliance with applicable laws and regulations., topic=[{id=97620570526, createdAt=1673040885440, updatedAt=1715624231354, path='vendor-risk-management', name=' Vendor Risk Management: A Guide to Best Practices', 1='{type=string, value=Vendor Risk Management}', 2='{type=string, value= Vendor Risk Management Guide: Learn the fundamentals of vendor risk management and how to identify, assess, and mitigate risks associated with third-party vendors.}', 5='{type=string, value=This Vendor Risk Management Guide provides a comprehensive overview of the key components of vendor risk management. It covers the fundamentals of vendor risk management, including risk identification, assessment, and mitigation strategies. It also provides guidance on the development of a vendor risk management program, including the process for selecting, onboarding, and monitoring vendors. Additionally, this guide provides guidance on the use of technology to automate and streamline the vendor risk management process. Finally, this guide provides a number of best practices for managing vendor risk and ensuring compliance with applicable regulations. With this guide, organizations can create a comprehensive and effective vendor risk management program that ensures the safety of their data and systems.}', 15='{type=list, value=[{id=97620570526, name='Vendor Risk Management'}]}'}], hs_path=vendor-management-policy}--
{tableName=glossary, name=ISO/IEC /IEC 27000, description= ISO/IEC 27000 is a family of international standards developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) that provide best practice guidelines for information security management. It is designed to help organizations ensure the confidentiality, integrity, and availability of their information assets. The standards cover a wide range of topics, including risk management, access control, physical and environmental security, asset classification, personnel security, and incident management. They provide guidance on how to design, implement, and maintain an effective information security management system (ISMS). The standards also provide a framework for organizations to assess their security posture and identify potential areas for improvement. The ISO/IEC 27000 family of standards is widely recognized and adopted by organizations around the world., topic=[{id=97620570516, createdAt=1673040885379, updatedAt=1715624504033, path='iso-27000', name=' ISO 27000 Guide: Security Management System Overview', 1='{type=string, value=ISO 27000}', 2='{type=string, value= This guide is designed to help you understand the fundamentals of ISO 27000, the international standard for Information Security Management Systems. Learn how to create a secure framework to protect your data and assets.}', 5='{type=string, value=This authoritative guide provides an in-depth overview of the International Organization for Standardization (ISO) 27000 Series, which is a set of standards focused on information security management. The guide covers the essential elements of the ISO 27000 Series, including the different standards and their objectives, the implementation process, and best practices for security management. It also provides practical advice and guidance for organizations looking to adopt the ISO 27000 Series and ensure their information security management is up to the highest standards. With this guide, readers will gain a better understanding of the ISO 27000 Series and how to effectively implement and manage security within their organization.}', 15='{type=list, value=[{id=97620570516, name='ISO 27000'}]}'}], hs_path=iso-iec-iec-27000}--
{tableName=glossary, name=Non-Repudiation, description= Non-repudiation is a concept in computer science and cryptography that ensures that a party to a transaction or communication cannot deny having performed a certain action. It is a form of evidence that provides proof of the origin and delivery of data, as well as proof of the integrity of the data in question. Non-repudiation is used to prevent the sender of a message from later denying having sent the message, and to prevent the recipient from denying having received it. Non-repudiation is typically achieved through the use of digital signatures, timestamping, and other cryptographic techniques. Digital signatures are used to authenticate the identity of the sender and verify that the message has not been tampered with. Timestamping is used to prove that the message was sent at a certain time. Other cryptographic techniques, such as message authentication codes and hash functions, are used to verify the integrity of the data. Non-repudiation is an important element of secure communication, as it provides a means of ensuring that the sender and receiver of a message can be held accountable for their actions., topic=null, hs_path=non-repudiation}--
{tableName=comparison, name=APRA CPS 234 vs ASD Essential 8, description=Understand the differences between the two cybersecurity frameworks, APRA CPS 234 and ASD Essential 8. Learn how to implement these frameworks., topic=[{id=97620570527, createdAt=1673040885446, updatedAt=1715624228283, path='apra-cps-234', name=' APRA CPS 234 Guide: Cyber Security Requirements', 1='{type=string, value=APRA CPS 234}', 2='{type=string, value= This guide provides a comprehensive overview of APRA CPS 234, the Australian Prudential Regulation Authority's (APRA) requirements for information security management. Learn how to protect your organisation's data}', 5='{type=string, value=The APRA CPS 234 Guide provides authoritative guidance to help organizations implement effective cybersecurity strategies. Written by the Australian Prudential Regulation Authority (APRA), this guide outlines the essential elements of a cyber security framework and outlines best practices for protecting data and systems from cyber threats. It provides detailed guidance on how to assess risk, implement safeguards, and respond to cyber incidents. The guide also includes information on how to develop policies and procedures, educate staff, and monitor cyber security performance. With this guide, organizations can ensure that their systems are secure and their data is protected.}', 15='{type=list, value=[{id=97620570527, name='APRA CPS 234'}]}'}], hs_path=apra-cps-234-vs-asd-essential-8}--
{tableName=guides, name=Australian Financial Services Compliance, description= This guide provides an overview of Australian Financial Services Compliance, including the regulatory framework and key compliance requirements. Get informed and stay up-to-date with the latest in financial services compliance., topic=[{id=97620570511, createdAt=1673040885347, updatedAt=1715624395980, path='australian-financial-services-compliance', name=' Australian Financial Services: Compliance Guide', 1='{type=string, value=Australian Financial Services Compliance}', 2='{type=string, value= This guide provides an overview of Australian Financial Services Compliance, including the regulatory framework and key compliance requirements. Get informed and stay up-to-date with the latest in financial services compliance.}', 5='{type=string, value=This guide provides an authoritative overview of the compliance requirements for financial services companies in Australia. It covers the regulations and guidelines under the Australian Securities and Investments Commission (ASIC), the Australian Prudential Regulation Authority (APRA) and other relevant legislation. It explains the obligations of financial services companies, their directors and officers, and their customers. It also provides guidance on how to meet compliance requirements, including the use of internal controls, risk management and other measures. This guide is an essential resource for anyone involved in the Australian financial services industry.}', 15='{type=list, value=[{id=97620570511, name='Australian Financial Services Compliance'}]}'}], hs_path=australian-financial-services-compliance}--

eBooks

GRC 5.0: Explaining the Paradigm Sh...

eBook

GRC 5.0: Explaining the Paradigm Shift in GRC

In this eBook, 6clicks CEO, Anthony Stevens, covers the major paradigm shift in GRC, integrating your risk approach, ma...
GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...