Contents
One of the handiest modules (IMO) inside 6clicks has just had a bit of work done. And it looks a whole lot better than a celebrity after a dodgy Beverly Hills surgery.
6clicks Projects was awesome enough to allow anyone associated with risk and compliance activities to manage all of the team's tasks in the same place they run risk and compliance engagements.
I mean, it spelt the end for separate tools and log-ins, spreadsheets or sticky notes and gave us one place for all our tasks, files and communication.
But that wasn't enough for our product, security and content teams. The greed for fast intelligence... the terrifying lust for smart and agile GRC... will their gluttonous appetite to combine content, function, AI and reporting ever be satisfied!??
Probably not, because the module is now called 'Projects & Playbooks' - and it's an absolute banger.
Throw the playbook at it
Let's face it, stuff goes wrong. All the time. Just look at the finale of Dexter, or the 9th season of Scrubs for that matter.
From stolen credentials and malware infections to remote access and device theft dramas - the chances of things going awry is becoming higher every day in business.
To that end, the team has come up with these 'hacks' of sorts. Playbooks are like your quiet achievers in the background - methodologies that may well save your entire organisation.
Here's the mindset order:
Preparation: Get ready to handle the incident
Identification: Detect the incident
Containment: Limit the impact of the incident
Remediation: Address or remove the threat
Recovery: Get back to your normal stage of operation
Aftermath: Reflect on what's been learnt and improve future processes
What's inside
Brilliantly, the amount of playbooks in the Content Library is already packed (and growing, no doubt) which means you can shore up your offensive line really well, check out the selection here:
π¨ Files or devices locked up? = Ransomware Incident Response Playbook
βοΈ Getting some dodgy requests? = Cloud Email Compromise Incident Response Playbook
πͺ Secure your privileged accounts = Backdoor User Accounts Incident Response Playbook
π³π Attackers want your credentials, especially administrative credentials. = Password Spraying Incident Response Playbook & Unsecured Credentials Incident Response Playbook
π‘οΈ Cyber criminals love hiding in your systems and networks. Defend yourself! = Defense Evasion (Disabling Security Software) Incident Response Playbook
π£ Before someone accidentally (or not) infects your system with malware = Malware Incident Response Playbook
π₯ Stop criminals from making a machine or network inaccessible to its intended users = Denial of Service (DOS) Incident Response Playbook
π Someone lost their laptop, tablet or phone? Or was it...(gasp)...stolen!? = Device Theft/Loss Incident Response Playbook
β οΈ You never know what vulnerabilities cybercriminals are going to find just by visiting your website! = Drive By Compromise Incident Response Playbook
βοΈ This is a nasty one. Don't become a headline! = Cyber Blackmail Incident Response Playbook
βοΈ It's a traaap! Social Engineering is EVERYWHERE = Social Engineering Incident Response Playbook
π Not a very nice thing to talk about, but it happens = Insider abuse Incident Response Playbook
π If some dodgy crim modifies the settings of your domain with malicious intent, then your defences, services and security could be rendered useless and cause some serious damage = Group Policy Modification Incident Response Playbook
π° What if someone gained control of your admin accounts? = Resource Development (Compromise Accounts) Incident Response Playbook
π Someone on the shonk? = Scam Incident Response Playbook
π΄ Money mules help criminal syndicates to remain anonymous when moving funds around the world. If you fail to detect them, you are in major trouble = Money Mule Scams (CEO Fraud) Incident Response Playbook
Making projects more manageable
In addition to the module allowing you to manage your workflow, there are now pre-packed project task templates ready to go for you and your team to execute.
Here are a few you can kick off with:
- ISO 31000:2009 Risk Management
- ISO27005:2008 Information Security Risk Management
- MEHARI 2010 Processing guide for risk analysis and management
- NIST SP 800-30 r1 Guide for Conducting Risk Assessments
- NIST Special Publication 800-39 Managing Information Security Risk
- The DREAD Risk Assessment Model
- The STRIDE Threat Model
Take it for a spin
Jump into the 6clicks platform and give the new module a go! If you haven't signed up already, hit the Get Started button (top right) to sort you out ASAP.
Our Content Library is the Amazon of risk and compliance, with hundreds of pieces ranging from:
- Standards
- Laws
- Regulations
- Policies
- Control Sets
- Assessments
- Risk Libraries
- Projects & Playbooks
- Checklists
You can tighten your risk and compliance activities at the click of a button.
How about a whistle-stop tour with one of our 6clicks maestros? Easy, just click the button below and let the good times roll.
All we want to do, every day, is make the world of GRC easier to manage. We can't do that without you, so we hope to hear from you real soon!
Written by Andrew Robinson
Andrew started his career in the startup world and went on to perform in cyber and information security advisory roles for the Australian Federal Government and several Victorian Government entities. Andrew has a Masters in Policing, Intelligence and Counter-Terrorism (PICT) specialising in Cyber Security and holds IRAP, ISO 27001 LA, CISSP, CISM and SCF certifications.
