Skip to content
🚨 6clicks receives ISO 42001 certification for its AI Management System 🚨

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risk, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
6clicks product roadshow: Discover the latest updates
On-demand Webinar

6clicks product roadshow: Discover the latest upda...

Join the 6clicks Product Roadshow to discover the latest updates! Explore new Continuous Control Monitoring integrations with Wiz and Microsoft Defend...

Webinars

6clicks product roadshow: Discover ...

On-demand Webinar

6clicks product roadshow: Discover the latest updates

Gain exclusive insights into the latest advancements on the 6clicks platform, starting with our integration with Wiz and...
date-icon

Oct 31, 2024

location

Virtual

Register Now
Reducing cost and complexity of GRC...

On-demand Webinar

Reducing cost and complexity of GRC with CyberCX

Join Andrew Robinson, CISO & Co-Founder of 6clicks, and Belinda Edwards, Manager - Governance, Risk, and Compliance of C...
date-icon

Sep 19, 2024

location

Virtual

Register Now
6clicks Hub & Spoke: Smart GRC solu...

On-demand Webinar

6clicks Hub & Spoke: Smart GRC solution for enterprise needs

Explore how 6clicks' unique Hub & Spoke deployment architecture streamlines cyber GRC management for federated enterpris...
date-icon

Sep 2, 2024

location

Virtual

Register Now
See all webinars

Latest Answers

Information Security Registered Assessors Program (IRAP)

What is the information security registe...

What is IRAP? The Information Security Registered ...

Defence Industry Security Program (DISP)

What are the 5 levels of security cleara...

What is security clearance? Security clearance is ...

How does 6clicks support effective softw...

6clicks supports effective software vulnerability ...

{tableName=glossary, name=Enterprise Risk Management (ERM) Software, description= Enterprise Risk Management (ERM) Software is a type of software designed to help organizations manage their risks by providing them with an integrated platform to identify, assess, monitor, and respond to risks. ERM software typically includes features such as risk assessment, risk analysis, risk mitigation, and reporting tools. It can help organizations identify, quantify, and prioritize risks, as well as provide a framework to develop and implement risk management strategies. ERM software can also help organizations develop and maintain risk management policies, procedures, and controls, as well as provide visibility into risk management performance. By providing a comprehensive view of an organization’s risk landscape, ERM software can help organizations make better decisions and improve overall risk management., topic=null, hs_path=enterprise-risk-management-erm-software}--
{tableName=glossary, name=Data Protection Impact Assessment (DPIA), description= Data Protection Impact Assessment (DPIA) is a process used to identify, assess, and manage data protection risks within an organization. It is an important tool for organizations to ensure that personal data is processed in accordance with the applicable data protection laws and regulations. A DPIA is a risk-based assessment that helps organizations to identify and mitigate any potential risks associated with the processing of personal data. It is used to evaluate the necessity and proportionality of the processing activities, to identify and assess the potential risks to the rights and freedoms of individuals, and to identify any measures necessary to address those risks. The DPIA should be conducted before the processing of personal data begins and should be updated periodically to ensure that the risks are managed and minimized. The DPIA should include the identification of the data controller and processor, the purpose of the data processing, the categories of personal data to be processed, the recipients of the data, the duration of the data processing, the security measures in place, and the measures taken to protect the rights of the data subjects., topic=null, hs_path=data-protection-impact-assessment-dpia}--
{tableName=glossary, name=ISO/IEC 27001 Audit, description= An ISO/IEC 27001 Audit is a type of audit that evaluates an organization’s Information Security Management System (ISMS) to determine if it meets the requirements of the ISO/IEC 27001:2013 standard. This standard is an international standard that outlines the requirements for establishing, implementing, maintaining, and continually improving an ISMS. An ISO/IEC 27001 Audit is conducted by a third-party assessor who evaluates the organization’s ISMS against the requirements of the standard. The audit includes a review of the organization’s policies, procedures, and processes related to information security and a review of the organization’s implementation of the ISMS. The auditor also evaluates the effectiveness of the organization’s security controls and the extent to which the ISMS meets the requirements of the standard. The audit results in a report that outlines the findings and provides recommendations for improvement. The report can be used by the organization to make improvements to their ISMS and to demonstrate to stakeholders that the organization is compliant with the ISO/IEC 27001 standard., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-audit}--
{tableName=glossary, name=Information Security Risk Monitoring And Review, description= Information Security Risk Monitoring and Review is the process of continually assessing and managing the risks associated with information systems. It involves identifying and evaluating potential risks, developing plans to mitigate them, and monitoring the effectiveness of those plans. This process also includes reviewing the current security posture of the organization and its systems and ensuring that appropriate measures are taken to protect the organization and its data from malicious actors. Information Security Risk Monitoring and Review is a critical component of an effective information security program, as it helps organizations identify and address potential risks before they can cause significant damage., topic=null, hs_path=information-security-risk-monitoring-and-review}--
{tableName=glossary, name=SOC 2 Controls, description= SOC 2 Controls are a set of security and privacy standards and procedures designed to protect the confidentiality, integrity, and availability of customer data. These controls are based on the AICPA's Trust Services Principles and Criteria, and are designed to help organizations protect their customer data and ensure that they are meeting their legal, regulatory, and contractual obligations. The controls cover five core areas: Security, Availability, Processing Integrity, Confidentiality, and Privacy. Organizations must demonstrate that they have implemented the necessary controls to protect customer data and meet the requirements of the Trust Services Principles and Criteria. The SOC 2 report is an independent assessment that is conducted by a third-party auditor and is used to validate an organization's compliance with the SOC 2 Controls., topic=null, hs_path=soc-2-controls}--
{tableName=glossary, name=Role-Based Access Control (RBAC), description= Role-Based Access Control (RBAC) is an access control system that is used to regulate user access to computer systems, networks, and other resources. It is based on the principle that users are assigned to roles, and each role is granted specific permissions or access to resources. RBAC is an effective way to manage access to resources, as it allows administrators to easily assign and manage permissions for multiple users. RBAC also provides a more granular level of control than other access control models, such as discretionary access control (DAC) or mandatory access control (MAC). By assigning roles to users, RBAC allows administrators to control user access to resources based on their roles, rather than individual user accounts. This makes RBAC a more efficient and secure way to manage access to resources, as it reduces the risk of unauthorized access., topic=null, hs_path=role-based-access-control-rbac}--
Enterprise Risk Management (ERM) Software

Enterprise Risk Management (ERM) Software is a type of software designed to help organizations manag...

Data Protection Impact Assessment (DPIA)

Data Protection Impact Assessment (DPIA) is a process used to identify, assess, and manage data prot...

ISO 27001
ISO/IEC 27001 Audit

An ISO/IEC 27001 Audit is a type of audit that evaluates an organization’s Information Security Mana...

Information Security Risk Monitoring And Review

Information Security Risk Monitoring and Review is the process of continually assessing and managing...

SOC 2 Controls

SOC 2 Controls are a set of security and privacy standards and procedures designed to protect the co...

Role-Based Access Control (RBAC)

Role-Based Access Control (RBAC) is an access control system that is used to regulate user access to...