Skip to content
🚨 6clicks receives ISO 42001 certification for its AI Management System 🚨

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risk, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
6clicks product roadshow: Discover the latest updates
On-demand Webinar

6clicks product roadshow: Discover the latest upda...

Join the 6clicks Product Roadshow to discover the latest updates! Explore new Continuous Control Monitoring integrations with Wiz and Microsoft Defend...

Webinars

6clicks product roadshow: Discover ...

On-demand Webinar

6clicks product roadshow: Discover the latest updates

Gain exclusive insights into the latest advancements on the 6clicks platform, starting with our integration with Wiz and...
date-icon

Oct 31, 2024

location

Virtual

Register Now
Reducing cost and complexity of GRC...

On-demand Webinar

Reducing cost and complexity of GRC with CyberCX

Join Andrew Robinson, CISO & Co-Founder of 6clicks, and Belinda Edwards, Manager - Governance, Risk, and Compliance of C...
date-icon

Sep 19, 2024

location

Virtual

Register Now
6clicks Hub & Spoke: Smart GRC solu...

On-demand Webinar

6clicks Hub & Spoke: Smart GRC solution for enterprise needs

Explore how 6clicks' unique Hub & Spoke deployment architecture streamlines cyber GRC management for federated enterpris...
date-icon

Sep 2, 2024

location

Virtual

Register Now
See all webinars

Latest Answers

Information Security Registered Assessors Program (IRAP)

What is the information security registe...

What is IRAP? The Information Security Registered ...

Defence Industry Security Program (DISP)

What are the 5 levels of security cleara...

What is security clearance? Security clearance is ...

How does 6clicks support effective softw...

6clicks supports effective software vulnerability ...

{tableName=comparison, name=APRA CPS 234 vs GDPR, description= APRA CPS 234 and GDPR are two critical frameworks for data security and privacy. Learn how they differ and how they can be used together to protect your data., topic=[{id=97620570527, createdAt=1673040885446, updatedAt=1715624228283, path='apra-cps-234', name=' APRA CPS 234 Guide: Cyber Security Requirements', 1='{type=string, value=APRA CPS 234}', 2='{type=string, value= This guide provides a comprehensive overview of APRA CPS 234, the Australian Prudential Regulation Authority's (APRA) requirements for information security management. Learn how to protect your organisation's data}', 5='{type=string, value=The APRA CPS 234 Guide provides authoritative guidance to help organizations implement effective cybersecurity strategies. Written by the Australian Prudential Regulation Authority (APRA), this guide outlines the essential elements of a cyber security framework and outlines best practices for protecting data and systems from cyber threats. It provides detailed guidance on how to assess risk, implement safeguards, and respond to cyber incidents. The guide also includes information on how to develop policies and procedures, educate staff, and monitor cyber security performance. With this guide, organizations can ensure that their systems are secure and their data is protected.}', 15='{type=list, value=[{id=97620570527, name='APRA CPS 234'}]}'}], hs_path=apra-cps-234-vs-gdpr}--
{tableName=glossary, name=Privilege Escalation, description= Privilege escalation is the act of exploiting a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an ordinary user. It is a type of attack where an attacker with limited access privileges is able to, without authorization, elevate their privileges or access level. Privilege escalation can be used to gain access to files, settings, and other resources that are normally protected from an ordinary user. It can also be used to gain access to more powerful accounts, such as those with administrative or root privileges, which can then be used to launch further attacks on the system. Privilege escalation attacks are usually carried out through exploiting security vulnerabilities in the operating system or application, or by using malicious software, such as malware, to gain access to higher-level accounts., topic=null, hs_path=privilege-escalation}--
{tableName=glossary, name=ISO/IEC 27001 Vulnerability Management, description= ISO/IEC 27001 Vulnerability Management is a set of processes and procedures used to identify, classify, prioritize, and address potential vulnerabilities in information systems. It is designed to help organizations protect their information assets and ensure compliance with applicable laws and regulations. The standard focuses on the management of vulnerabilities, including the identification of vulnerabilities, the assessment of their risk, and the implementation of appropriate measures to reduce or eliminate the risk. The standard outlines the necessary steps for a comprehensive vulnerability management program, including the development of a vulnerability management policy, the implementation of a vulnerability management process, and the monitoring of the process. It also provides guidance on the selection of appropriate tools and technologies to support the process. Additionally, the standard outlines the roles and responsibilities of personnel involved in the process and provides guidance on the reporting of vulnerabilities., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-vulnerability-management}--
{tableName=glossary, name=ISO/IEC 27004, description= ISO/IEC 27004 is an international standard that provides guidance for the effective and efficient implementation of a measurement program for the management of information and communication technology (ICT) services. It outlines the principles, processes, and techniques for measuring and managing the quality of ICT services. This standard is applicable to all organizations, regardless of size, industry, or geographic location. It is intended to be used in conjunction with other standards, such as ISO/IEC 20000 and ISO/IEC 27001. The standard provides guidance on the selection, implementation, and maintenance of a measurement program, as well as the measurement of ICT service quality. It also outlines the criteria and methods for assessing the effectiveness of the measurement program. ISO/IEC 27004 provides guidance on the use of metrics and indicators to measure the quality of ICT services, as well as the interpretation and use of the results. In addition, it outlines the requirements for reporting and documenting the results of the measurement program., topic=null, hs_path=iso-iec-27004}--
{tableName=glossary, name=Logic Bomb, description= A logic bomb is a malicious piece of code that is designed to cause damage to a computer system or disrupt its normal operations. It is usually triggered by a specific event or set of conditions, such as a specific date, a particular user action, or the passing of a certain amount of time. Once triggered, the logic bomb can delete data, corrupt files, or cause the system to crash. In some cases, logic bombs can even be used to spread malicious software to other systems. Logic bombs are usually created by skilled hackers or malicious software developers, and are usually difficult to detect and defend against., topic=null, hs_path=logic-bomb}--
{tableName=glossary, name=Reputational Risk, description= Reputational risk is the risk of damage to a company's reputation, resulting from adverse events or negative publicity. It is a type of non-financial risk and can be difficult to quantify, but can have a significant impact on a company's ability to attract customers, raise capital, and maintain relationships with employees, suppliers, and other stakeholders. Reputational risk is often caused by a company's failure to meet customer expectations, unethical behavior, or a lack of transparency. It can also be caused by events outside of the company's control, such as a natural disaster or a scandal involving another company in the same industry. Companies can manage reputational risk by monitoring their public image, engaging in corporate social responsibility initiatives, and having strong internal controls in place., topic=null, hs_path=reputational-risk}--
APRA CPS 234
APRA CPS 234 vs GDPR

APRA CPS 234 and GDPR are two critical frameworks for data security and privacy. Learn how they diff...

Privilege Escalation

Privilege escalation is the act of exploiting a bug, design flaw, or configuration oversight in an o...

ISO 27001
ISO/IEC 27001 Vulnerability Management

ISO/IEC 27001 Vulnerability Management is a set of processes and procedures used to identify, classi...

ISO/IEC 27004

ISO/IEC 27004 is an international standard that provides guidance for the effective and efficient im...

Logic Bomb

A logic bomb is a malicious piece of code that is designed to cause damage to a computer system or d...

Reputational Risk

Reputational risk is the risk of damage to a company's reputation, resulting from adverse events or ...