Skip to content
🚨 6clicks receives ISO 42001 certification for its AI Management System 🚨

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risk, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
6clicks product roadshow: Discover the latest updates
On-demand Webinar

6clicks product roadshow: Discover the latest upda...

Join the 6clicks Product Roadshow to discover the latest updates! Explore new Continuous Control Monitoring integrations with Wiz and Microsoft Defend...

Webinars

6clicks product roadshow: Discover ...

On-demand Webinar

6clicks product roadshow: Discover the latest updates

Gain exclusive insights into the latest advancements on the 6clicks platform, starting with our integration with Wiz and...
date-icon

Oct 31, 2024

location

Virtual

Register Now
Reducing cost and complexity of GRC...

On-demand Webinar

Reducing cost and complexity of GRC with CyberCX

Join Andrew Robinson, CISO & Co-Founder of 6clicks, and Belinda Edwards, Manager - Governance, Risk, and Compliance of C...
date-icon

Sep 19, 2024

location

Virtual

Register Now
6clicks Hub & Spoke: Smart GRC solu...

On-demand Webinar

6clicks Hub & Spoke: Smart GRC solution for enterprise needs

Explore how 6clicks' unique Hub & Spoke deployment architecture streamlines cyber GRC management for federated enterpris...
date-icon

Sep 2, 2024

location

Virtual

Register Now
See all webinars

Latest Answers

Information Security Registered Assessors Program (IRAP)

What is the information security registe...

What is IRAP? The Information Security Registered ...

Defence Industry Security Program (DISP)

What are the 5 levels of security cleara...

What is security clearance? Security clearance is ...

How does 6clicks support effective softw...

6clicks supports effective software vulnerability ...

{tableName=glossary, name=Risk Reduction, description= Risk Reduction is a process that seeks to reduce the probability and/or impact of an adverse event or outcome. It involves identifying risks and then taking steps to reduce or eliminate them. Risk reduction can be achieved through a variety of strategies, including avoidance, control, transfer, and/or acceptance. Avoidance means eliminating or avoiding the risk altogether. Control involves taking steps to reduce the likelihood of the risk occurring or the severity of its consequences. Transferring the risk involves transferring the responsibility for dealing with the risk to another party. Finally, risk acceptance means accepting the risk and its consequences and taking steps to minimize their impact. Risk reduction is an important component of any successful risk management program., topic=[{id=97620570509, createdAt=1673040885334, updatedAt=1715624292575, path='enterprise-risk-management', name=' Enterprise Risk Management Guide: A Comprehensive Guide', 1='{type=string, value=Enterprise Risk Management}', 2='{type=string, value= This guide provides an overview of Enterprise Risk Management and its processes, enabling you to develop a risk management strategy and plan for your organization. Learn how to identify, assess, and mitigate risks.}', 5='{type=string, value=This authoritative guide provides an overview of enterprise risk management (ERM) and its essential components. It is designed to help business leaders understand the fundamentals of ERM and develop the skills and knowledge needed to effectively manage risk in their organizations. The guide begins by defining ERM and outlining its main objectives. It then examines the key elements of ERM, including risk identification, assessment, and management. It also covers the importance of risk culture and the role of technology in ERM. Finally, the guide provides best practices for implementing and maintaining an effective ERM program. With this guide, business leaders will gain the knowledge and tools needed to effectively manage risk in their organizations.}', 15='{type=list, value=[{id=97620570509, name='Enterprise Risk Management'}]}'}], hs_path=risk-reduction}--
{tableName=glossary, name=Supplier Risk Management, description= Supplier Risk Management is the process of identifying, assessing, and mitigating the risks associated with working with suppliers and other third parties. It involves evaluating the potential risks associated with a supplier’s operations, such as financial stability, quality of goods or services, delivery times, and compliance with regulations, and taking steps to reduce or eliminate those risks. This process also involves maintaining regular communication with suppliers to ensure they are meeting their contractual obligations and to address any issues that arise. Additionally, supplier risk management includes developing policies and procedures to ensure the security of the supplier’s data, as well as monitoring the supplier’s performance on an ongoing basis. By implementing a comprehensive supplier risk management program, organizations can ensure that their suppliers are reliable, trustworthy, and compliant with applicable laws and regulations., topic=null, hs_path=supplier-risk-management}--
{tableName=glossary, name=National Institute of Standards and Technology (NIST), description= The National Institute of Standards and Technology (NIST) is a non-regulatory federal agency within the U.S. Department of Commerce. Established in 1901, NIST is responsible for advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. NIST works closely with industry, universities, and other government agencies to develop measurement methods and standards that are used in a wide variety of areas including advanced manufacturing, information technology, life sciences, and nanotechnology. NIST also provides technical assistance and research to industry and state and local governments. NIST is a leader in the development and use of standards and technology to improve the quality, safety, and reliability of products and services used by Americans. NIST also plays a key role in the development of national and international standards and in the promotion of the use of these standards., topic=null, hs_path=national-institute-of-standards-and-technology-nist}--
{tableName=glossary, name=Passive Attack, description= A passive attack is a type of cyber attack that does not involve the direct manipulation of an information system or its data, but instead uses existing vulnerabilities to gain access to resources, such as user accounts, confidential information, or networks. Passive attacks are typically used to gain access to a system or network, or to gain intelligence about the system or network, such as what kind of data is stored, who has access to it, and what services are running. Examples of passive attacks include eavesdropping on unencrypted communications, exploiting weak passwords, and analyzing network traffic for sensitive information. In contrast to active attacks, passive attacks are difficult to detect because the attacker does not leave any evidence of their activity., topic=[{id=97620570512, createdAt=1673040885353, updatedAt=1715624422147, path='vulnerability-management', name='Vulnerability Management Guide: Learn to Protect Your Business', 1='{type=string, value=Vulnerability Management}', 2='{type=string, value= Learn how to identify, assess, and manage security vulnerabilities in your organization with this comprehensive guide to Vulnerability Management. Get started now!}', 5='{type=string, value=This Vulnerability Management Guide provides an authoritative overview of the processes, strategies, and best practices for effectively managing vulnerabilities in an organization's IT systems. It explains the importance of vulnerability management and outlines the steps needed to build an effective vulnerability management program. It also covers the various tools and techniques used to identify, assess, and remediate vulnerabilities, as well as the importance of monitoring and reporting on the program's progress. Finally, the guide provides guidance on how to select the appropriate security solutions for an organization's needs. By following the advice in this guide, organizations can ensure that their systems are secure and their data is protected.}', 15='{type=list, value=[{id=97620570512, name='Vulnerability Management'}]}'}], hs_path=passive-attack}--
{tableName=comparison, name=ISO 27001 vs SOC 2, description= ISO 27001 and SOC 2 are two global standards for information security management. Learn the key differences between them., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-27001-vs-soc-2}--
{tableName=glossary, name=ISO/IEC /IEC 27005, description= ISO/IEC 27005 is an international standard for information security risk management. It provides a framework for organizations to assess, monitor, and manage information security risks. The standard is based on the ISO/IEC 27001 standard, which provides a comprehensive set of controls and processes for managing information security risks. ISO/IEC 27005 is designed to help organizations understand the risk management process and use it to make informed decisions about information security. It provides guidance on the risk assessment process, risk management strategies, risk mitigation, and risk communication. It also provides guidance on how to implement and monitor risk management activities. ISO/IEC 27005 is an important tool for organizations looking to improve their information security posture and protect their data., topic=null, hs_path=iso-iec-iec-27005}--
Enterprise Risk Management
Risk Reduction

Risk Reduction is a process that seeks to reduce the probability and/or impact of an adverse event o...

Supplier Risk Management

Supplier Risk Management is the process of identifying, assessing, and mitigating the risks associat...

National Institute of Standards and Technology (NI...

The National Institute of Standards and Technology (NIST) is a non-regulatory federal agency within ...

Vulnerability Management
Passive Attack

A passive attack is a type of cyber attack that does not involve the direct manipulation of an infor...

ISO 27001
ISO 27001 vs SOC 2

ISO 27001 and SOC 2 are two global standards for information security management. Learn the key diff...

ISO/IEC /IEC 27005

ISO/IEC 27005 is an international standard for information security risk management. It provides a f...