Skip to content
🚨 Master Security Compliance: Join our upcoming webinar! 🚨

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
Q2 product showcase: Discover the next wave of innovation
On-demand Webinar

Q2 product showcase: Discover the next wave of inn...

Join us for an exclusive webinar where our product managers unveil the latest advancements in our platform and provide insights into what's next on ou...

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Register Now
Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

Register Now
How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

Register Now
See all webinars

Latest Answers

ASD Essential 8

Who has to comply with ASD Essential 8?

What is ASD Essential 8? The Australian Signals Di...

NIST Cybersecurity Framework (CSF)

Is NIST a standard or framework?

What is NIST? NIST, which stands for the National ...

ASD Essential 8

What is the ASD Essential Eight model?

What is the ASD essential eight model? The ASD Ess...

{tableName=glossary, name=NIST SP 800-53 Enhanced Controls, description= NIST SP 800-53 Enhanced Controls are additional security controls that are designed to supplement the baseline security controls outlined in the NIST SP 800-53 security control framework. These enhanced controls are designed to provide additional security measures that organizations can use to protect their systems and data from cyber threats. The enhanced controls are divided into three categories: Supplemental, Derived, and Additional. Supplemental controls are designed to supplement existing baseline security controls in order to provide additional protection. Derived controls are derived from existing baseline security controls and provide additional security measures that are tailored to the specific needs of the organization. Additional controls are additional security measures that are not covered by baseline security controls and are designed to provide additional protection. The enhanced controls are designed to provide organizations with the flexibility to tailor their security posture to their specific needs, while still adhering to the security requirements outlined in the NIST SP 800-53 security control framework., topic=[{id=97620570515, createdAt=1673040885373, updatedAt=1715624498921, path='nist-sp-800-53', name=' NIST SP 800-53 Security Guide: Protect Your Data', 1='{type=string, value=NIST SP 800-53}', 2='{type=string, value= This guide provides a comprehensive overview of NIST SP 800-53, a security and privacy control framework for federal information systems and organizations. Learn how to protect your data and comply with NIST}', 5='{type=string, value=This authoritative guide is based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, which provides guidance for federal agencies on selecting, implementing, and managing information security controls. The guide covers a wide range of topics, including risk assessment, security control selection, security control implementation, and security control monitoring. It also provides detailed information on the security controls that should be implemented in the organization, as well as guidance on how to assess and monitor the effectiveness of those controls. Additionally, the guide provides detailed information on the Federal Information Security Management Act (FISMA) and its requirements for information security. The guide is intended to help organizations ensure that their information systems are secure and compliant with applicable laws and regulations.}', 15='{type=list, value=[{id=97620570515, name='NIST SP 800-53'}]}'}], hs_path=nist-sp-800-53-enhanced-controls}--
{tableName=comparison, name=APRA CPS 234 vs ISO 27001, description= APRA CPS 234 & ISO 27001: Compare & contrast Australia's Prudential Standard 234 & International Standard 27001 to understand the differences & similarities., topic=[{id=97620570527, createdAt=1673040885446, updatedAt=1715624228283, path='apra-cps-234', name=' APRA CPS 234 Guide: Cyber Security Requirements', 1='{type=string, value=APRA CPS 234}', 2='{type=string, value= This guide provides a comprehensive overview of APRA CPS 234, the Australian Prudential Regulation Authority's (APRA) requirements for information security management. Learn how to protect your organisation's data}', 5='{type=string, value=The APRA CPS 234 Guide provides authoritative guidance to help organizations implement effective cybersecurity strategies. Written by the Australian Prudential Regulation Authority (APRA), this guide outlines the essential elements of a cyber security framework and outlines best practices for protecting data and systems from cyber threats. It provides detailed guidance on how to assess risk, implement safeguards, and respond to cyber incidents. The guide also includes information on how to develop policies and procedures, educate staff, and monitor cyber security performance. With this guide, organizations can ensure that their systems are secure and their data is protected.}', 15='{type=list, value=[{id=97620570527, name='APRA CPS 234'}]}'}], hs_path=apra-cps-234-vs-iso-27001}--
{tableName=glossary, name=GRC Software Features, description= GRC Software Features are a set of tools and capabilities that enable organizations to better manage their governance, risk, and compliance (GRC) activities. These features allow organizations to identify, assess, monitor, and report on their GRC activities in order to ensure that they are meeting their legal, regulatory, and internal requirements. GRC Software Features can include automated reporting, audit management, risk assessment, policy management, incident management, and compliance monitoring. These features can help organizations to ensure that their GRC activities are properly managed, monitored, and reported upon, so that they can remain compliant with applicable laws and regulations. Additionally, GRC Software Features can provide organizations with the ability to identify, assess, and mitigate risks associated with their operations, as well as to identify and address any gaps in their GRC activities., topic=null, hs_path=grc-software-features}--
{tableName=glossary, name=Non-Repudiation, description= Non-repudiation is a concept in computer science and cryptography that ensures that a party to a transaction or communication cannot deny having performed a certain action. It is a form of evidence that provides proof of the origin and delivery of data, as well as proof of the integrity of the data in question. Non-repudiation is used to prevent the sender of a message from later denying having sent the message, and to prevent the recipient from denying having received it. Non-repudiation is typically achieved through the use of digital signatures, timestamping, and other cryptographic techniques. Digital signatures are used to authenticate the identity of the sender and verify that the message has not been tampered with. Timestamping is used to prove that the message was sent at a certain time. Other cryptographic techniques, such as message authentication codes and hash functions, are used to verify the integrity of the data. Non-repudiation is an important element of secure communication, as it provides a means of ensuring that the sender and receiver of a message can be held accountable for their actions., topic=null, hs_path=non-repudiation}--
{tableName=glossary, name=PCI DSS, description= PCI DSS (Payment Card Industry Data Security Standard) is an information security standard for organizations that handle credit card and debit card information. It was created by major credit card companies such as Visa, MasterCard, American Express, and Discover, to ensure that all merchants and service providers who accept, process, store, or transmit credit card information do so securely and protect customers’ data from theft and fraud. PCI DSS outlines twelve requirements for organizations to follow in order to protect cardholder data, including maintaining a secure network, protecting cardholder data, regularly monitoring and testing networks, and maintaining an information security policy. It also requires organizations to assign a unique ID to each person with computer access, restrict physical access to cardholder data, and regularly monitor and test networks. PCI DSS applies to all organizations that accept, process, store, or transmit credit card information, regardless of size or number of transactions. Compliance with PCI DSS is mandatory for any organization that handles credit card information, and failure to comply may result in fines, penalties, and loss of the ability to accept credit cards., topic=[{id=97620570502, createdAt=1673040885290, updatedAt=1715624259698, path='pci-dss', name=' PCI-DSS: A Guide to Meeting Security Requirements', 1='{type=string, value=PCI-DSS}', 2='{type=string, value=This guide provides an overview of the Payment Card Industry Data Security Standard (PCI-DSS) and the steps to take to ensure compliance with}', 5='{type=string, value=

This comprehensive guide provides a comprehensive overview of the Payment Card Industry Data Security Standard (PCI-DSS), a set of security standards designed to protect cardholder data and reduce the risk of data breaches. It covers the key components of the PCI-DSS, including the 12 requirements, the 6 goals, and the 6 core principles. It also provides a detailed description of the processes, technologies, and tools required to comply with the standard. Furthermore, the guide includes best practices for implementing the standard and provides resources to help organizations stay on top of the latest developments in the industry.

This guide provides a roadmap for achieving PCI-DSS compliance and maintaining a secure environment.

}', 15='{type=list, value=[{id=97620570502, name='PCI-DSS'}]}'}], hs_path=pci-dss}--
{tableName=glossary, name=COBIT Framework Goals, description= The COBIT Framework Goals are a set of high-level objectives that provide guidance on the desired outcomes of IT governance and management processes. They are used to define the scope of IT governance and management activities and to ensure that IT-related activities are aligned with the organization’s overall business objectives. The COBIT Framework Goals provide a comprehensive view of IT governance and management activities and are designed to enable organizations to optimize the use of IT resources to achieve their strategic objectives. The COBIT Framework Goals are divided into four domains: Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate. The Plan and Organize domain focuses on the strategic planning and organizational design of IT governance and management processes. The Acquire and Implement domain focuses on the procurement and implementation of IT systems. The Deliver and Support domain focuses on the delivery of IT services and the management of IT operations. The Monitor and Evaluate domain focuses on the monitoring and evaluation of IT performance. The COBIT Framework Goals are designed to provide organizations with a comprehensive view of IT governance and management activities and to ensure that IT-related activities are aligned with the organization’s overall business objectives., topic=null, hs_path=cobit-framework-goals}--
NIST SP 800-53
NIST SP 800-53 Enhanced Controls

NIST SP 800-53 Enhanced Controls are additional security controls that are designed to supplement th...

APRA CPS 234
APRA CPS 234 vs ISO 27001

APRA CPS 234 & ISO 27001: Compare & contrast Australia's Prudential Standard 234 & Inter...

GRC Software Features

GRC Software Features are a set of tools and capabilities that enable organizations to better manage...

Non-Repudiation

Non-repudiation is a concept in computer science and cryptography that ensures that a party to a tra...

PCI-DSS
PCI DSS

PCI DSS (Payment Card Industry Data Security Standard) is an information security standard for organ...

COBIT Framework Goals

The COBIT Framework Goals are a set of high-level objectives that provide guidance on the desired ou...

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Download
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks