Skip to content
🚨 6clicks receives ISO 42001 certification for its AI Management System 🚨

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risk, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
6clicks product roadshow: Discover the latest updates
On-demand Webinar

6clicks product roadshow: Discover the latest upda...

Join the 6clicks Product Roadshow to discover the latest updates! Explore new Continuous Control Monitoring integrations with Wiz and Microsoft Defend...

Webinars

6clicks product roadshow: Discover ...

On-demand Webinar

6clicks product roadshow: Discover the latest updates

Gain exclusive insights into the latest advancements on the 6clicks platform, starting with our integration with Wiz and...
date-icon

Oct 31, 2024

location

Virtual

Register Now
Reducing cost and complexity of GRC...

On-demand Webinar

Reducing cost and complexity of GRC with CyberCX

Join Andrew Robinson, CISO & Co-Founder of 6clicks, and Belinda Edwards, Manager - Governance, Risk, and Compliance of C...
date-icon

Sep 19, 2024

location

Virtual

Register Now
6clicks Hub & Spoke: Smart GRC solu...

On-demand Webinar

6clicks Hub & Spoke: Smart GRC solution for enterprise needs

Explore how 6clicks' unique Hub & Spoke deployment architecture streamlines cyber GRC management for federated enterpris...
date-icon

Sep 2, 2024

location

Virtual

Register Now
See all webinars

Latest Answers

Information Security Registered Assessors Program (IRAP)

What is the information security registe...

What is IRAP? The Information Security Registered ...

Defence Industry Security Program (DISP)

What are the 5 levels of security cleara...

What is security clearance? Security clearance is ...

How does 6clicks support effective softw...

6clicks supports effective software vulnerability ...

{tableName=glossary, name=Essential 8 Maturity Model, description= The Essential 8 Maturity Model is a framework for organizations to use to assess and measure their cybersecurity maturity. It is based on eight key areas of security that organizations should focus on in order to reduce the risk of a successful cyber attack. The eight areas are: Patch Management, Application Whitelisting, Controlled Use of Administrative Privileges, Secure Configuration, Account Monitoring and Control, Data Protection, Malware Defense, and Application Control. Each of these areas is broken down into specific security controls that organizations should implement in order to improve their cybersecurity posture. The model also provides guidance on how to measure the maturity of each of the areas, allowing organizations to track their progress over time. The Essential 8 Maturity Model enables organizations to develop an effective, comprehensive cybersecurity strategy and to prioritize their security investments., topic=[{id=97620570506, createdAt=1673040885315, updatedAt=1715624279165, path='asd-essential-8', name=' ASD Essential 8 Guide: A Comprehensive Overview', 1='{type=string, value=ASD Essential 8}', 2='{type=string, value= This guide provides an overview of the ASD Essential 8 - 8 evidence-based strategies to help improve the outcomes of children with Autism Spectrum Disorder. Learn how to identify and implement these strategies to help}', 5='{type=string, value=This authoritative guide provides an in-depth look at the ASD Essential 8 (E8), a set of eight measures developed by the Australian Signals Directorate (ASD) to protect organizations from cyber threats. It explores whether the ASD Essential 8 are mandatory or not for your organisations and covers the fundamentals of each of the eight measures, including the maturity levels, how to perform an assessment and implementation guidenace.}', 15='{type=list, value=[{id=97620570506, name='ASD Essential 8'}]}'}], hs_path=essential-8-maturity-model}--
{tableName=glossary, name=Risk Identification, description= Risk identification is the process of recognizing and assessing the potential risks associated with a particular situation, event, or activity. It involves analyzing the environment, identifying potential risks, and assessing the likelihood of their occurrence. Risk identification is a critical component of any risk management program, as it helps to identify the potential risks that could have an impact on a project, organization, or individual. It is important to recognize that risk identification is not a one-time process and should be regularly reviewed and updated as new information becomes available. Risk identification can be done through a variety of methods, such as brainstorming, interviews, surveys, and reviews of historical data. The goal of risk identification is to create a comprehensive list of potential risks that can be used to develop strategies to mitigate or avoid them., topic=[{id=97620570509, createdAt=1673040885334, updatedAt=1715624292575, path='enterprise-risk-management', name=' Enterprise Risk Management Guide: A Comprehensive Guide', 1='{type=string, value=Enterprise Risk Management}', 2='{type=string, value= This guide provides an overview of Enterprise Risk Management and its processes, enabling you to develop a risk management strategy and plan for your organization. Learn how to identify, assess, and mitigate risks.}', 5='{type=string, value=This authoritative guide provides an overview of enterprise risk management (ERM) and its essential components. It is designed to help business leaders understand the fundamentals of ERM and develop the skills and knowledge needed to effectively manage risk in their organizations. The guide begins by defining ERM and outlining its main objectives. It then examines the key elements of ERM, including risk identification, assessment, and management. It also covers the importance of risk culture and the role of technology in ERM. Finally, the guide provides best practices for implementing and maintaining an effective ERM program. With this guide, business leaders will gain the knowledge and tools needed to effectively manage risk in their organizations.}', 15='{type=list, value=[{id=97620570509, name='Enterprise Risk Management'}]}'}], hs_path=risk-identification}--
{tableName=glossary, name=ISO/IEC Directives Part 1, description= ISO/IEC Directives Part 1 is an international standard that provides guidelines for the development, approval, publication, and maintenance of International Standards, Technical Specifications, Technical Reports, and Publicly Available Specifications. It is the main document of the ISO/IEC process for the development and publication of international standards. It outlines the roles and responsibilities of the various entities involved in the process, such as the ISO/IEC members, the ISO/IEC Technical Management Board, the ISO/IEC Central Secretariat, and the ISO/IEC Technical Committees. It also outlines the process for the development of new standards, the review process, and the publication and maintenance process. Furthermore, it provides guidance on the use of the ISO/IEC logo and the ISO/IEC copyright statement. Finally, it outlines the process for the withdrawal, revision, and amendment of existing standards., topic=null, hs_path=iso-iec-directives-part-1}--
{tableName=glossary, name=Role-Based Access Control (RBAC), description= Role-Based Access Control (RBAC) is an access control system that is used to regulate user access to computer systems, networks, and other resources. It is based on the principle that users are assigned to roles, and each role is granted specific permissions or access to resources. RBAC is an effective way to manage access to resources, as it allows administrators to easily assign and manage permissions for multiple users. RBAC also provides a more granular level of control than other access control models, such as discretionary access control (DAC) or mandatory access control (MAC). By assigning roles to users, RBAC allows administrators to control user access to resources based on their roles, rather than individual user accounts. This makes RBAC a more efficient and secure way to manage access to resources, as it reduces the risk of unauthorized access., topic=null, hs_path=role-based-access-control-rbac}--
{tableName=glossary, name=Information Classification Policy, description= An Information Classification Policy is a set of guidelines and procedures that are designed to ensure that an organization’s data and information is classified in an appropriate manner. It outlines the categories of information, the types of data and information that should be included in each category, and the security measures that should be taken to protect the information. The policy also outlines the roles and responsibilities of the various personnel involved in the classification process, such as the data custodians and the data owners. The policy should also include a process for handling any changes or updates to the classification scheme. Finally, the policy should outline the consequences for failing to adhere to the classification policy, such as disciplinary action or termination of employment., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}, {id=97620570502, createdAt=1673040885290, updatedAt=1715624259698, path='pci-dss', name=' PCI-DSS: A Guide to Meeting Security Requirements', 1='{type=string, value=PCI-DSS}', 2='{type=string, value=This guide provides an overview of the Payment Card Industry Data Security Standard (PCI-DSS) and the steps to take to ensure compliance with}', 5='{type=string, value=

This comprehensive guide provides a comprehensive overview of the Payment Card Industry Data Security Standard (PCI-DSS), a set of security standards designed to protect cardholder data and reduce the risk of data breaches. It covers the key components of the PCI-DSS, including the 12 requirements, the 6 goals, and the 6 core principles. It also provides a detailed description of the processes, technologies, and tools required to comply with the standard. Furthermore, the guide includes best practices for implementing the standard and provides resources to help organizations stay on top of the latest developments in the industry.

This guide provides a roadmap for achieving PCI-DSS compliance and maintaining a secure environment.

}', 15='{type=list, value=[{id=97620570502, name='PCI-DSS'}]}'}, {id=97620570504, createdAt=1673040885302, updatedAt=1715750255339, path='information-security-management-system', name=' ISMS Guide: Info Security Mgmt System Overview', 1='{type=string, value=Information Security Management System (ISMS)}', 2='{type=string, value= This authoritative guide provides a comprehensive overview of Information Security Management Systems (ISMS). It covers the fundamentals of ISMS, as well as best practices for implementing an effective ISMS. It also}', 5='{type=string, value=This guide provides a comprehensive overview of Information Security Management Systems (ISMS), which are designed to protect organizations from the risks for which information security, cybersecurity and privacy protection are required. It covers the fundamentals of ISMS, including the components of an ISMS, the process of implementing an ISMS, and the various requirements and standards associated with ISMS. It also covers the different types of security threats, the best practices for mitigating them, and the importance of having a robust ISMS in place. Finally, this guide provides practical advice on how to design and implement an effective ISMS, as well as how to maintain it over time. With this guide, readers will gain a deeper understanding of how to protect their organizations from cyber threats and ensure their data is secure.}', 15='{type=list, value=[{id=97620570504, name='Information Security Management System (ISMS)'}]}'}], hs_path=information-classification-policy}--
{tableName=comparison, name=NIST SP 800-53 vs NIST CSF, description=NIST SP 800-53 and NIST Cybersecurity Framework (CSF) are two frameworks for managing cybersecurity risk. Learn the differences between the two., topic=[{id=97620570515, createdAt=1673040885373, updatedAt=1715624498921, path='nist-sp-800-53', name=' NIST SP 800-53 Security Guide: Protect Your Data', 1='{type=string, value=NIST SP 800-53}', 2='{type=string, value= This guide provides a comprehensive overview of NIST SP 800-53, a security and privacy control framework for federal information systems and organizations. Learn how to protect your data and comply with NIST}', 5='{type=string, value=This authoritative guide is based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, which provides guidance for federal agencies on selecting, implementing, and managing information security controls. The guide covers a wide range of topics, including risk assessment, security control selection, security control implementation, and security control monitoring. It also provides detailed information on the security controls that should be implemented in the organization, as well as guidance on how to assess and monitor the effectiveness of those controls. Additionally, the guide provides detailed information on the Federal Information Security Management Act (FISMA) and its requirements for information security. The guide is intended to help organizations ensure that their information systems are secure and compliant with applicable laws and regulations.}', 15='{type=list, value=[{id=97620570515, name='NIST SP 800-53'}]}'}], hs_path=nist-sp-800-53-vs-nist-cybersecurity-framework-csf}--
ASD Essential 8
Essential 8 Maturity Model

The Essential 8 Maturity Model is a framework for organizations to use to assess and measure their c...

Enterprise Risk Management
Risk Identification

Risk identification is the process of recognizing and assessing the potential risks associated with ...

ISO/IEC Directives Part 1

ISO/IEC Directives Part 1 is an international standard that provides guidelines for the development,...

Role-Based Access Control (RBAC)

Role-Based Access Control (RBAC) is an access control system that is used to regulate user access to...

ISO 27001, PCI-DSS, Information Security Management System (ISMS)
Information Classification Policy

An Information Classification Policy is a set of guidelines and procedures that are designed to ensu...

NIST SP 800-53
NIST SP 800-53 vs NIST CSF

NIST SP 800-53 and NIST Cybersecurity Framework (CSF) are two frameworks for managing cybersecurity ...