Skip to content

Resources

Curated content for the compliance connoisseur: We cover the latest on regulation, frameworks, risks, and compliance trends.

Show filters
All
Answers
Comparison
Events
Glossary
Guides
Our expert panelists Katherine Mansted from CyberXC, Peter Deans from Notwithoutrisk, and Andrew Robinson from 6clicks present their insights on cybersecurity and the importance of enhancing the governance of your company's cyber risk profile.
On-demand Webinar

Our expert panelists Katherine Mansted from CyberX...

Our expert panelists Katherine Mansted from CyberXC, Peter Deans from Notwithoutrisk, and Andrew Robinson from 6clicks present their insights on cyber...

Latest Answers

ASD Essential 8

Who has to comply with ASD Essential 8?

The ASD Essential 8 refers to the Australian Signa...

NIST Cybersecurity Framework (CSF)

Is NIST a standard or framework?

NIST is both a standard and a framework. As a stan...

ASD Essential 8

What is the ASD Essential Eight model?

The ASD Essential Eight model is a set of baseline...

{tableName=glossary, name=SSAE 18, description= Statement on Standards for Attestation Engagements (SSAE) No. 18 is an attestation standard issued by the American Institute of Certified Public Accountants (AICPA). It defines the requirements for attestation engagements performed by a service auditor, and is applicable to service organizations that provide services to user entities. The standard provides guidance for service auditors on how to plan and perform an attestation engagement, and how to report on the results of the engagement. It is intended to replace the Statement on Auditing Standards (SAS) No. 70, which is the previous standard for service organization attestation engagements. SSAE 18 requires a service auditor to obtain an understanding of the service organization's system and its controls, assess the risks associated with the system, determine the nature, timing and extent of the tests to be performed, and evaluate the design and operating effectiveness of the controls. The service auditor must also issue an opinion on the fairness of the description of the service organization's system and the suitability of the design and operating effectiveness of the controls. The opinion must include a description of the tests performed and the results of the tests., topic=null, hs_path=ssae-18}--
{tableName=glossary, name=SOC 2 Audit, description= A SOC 2 Audit is an independent evaluation of a service provider’s information security controls and practices. It is based on the Trust Services Principles and Criteria (TSPC) developed by the American Institute of Certified Public Accountants (AICPA). The audit is performed by a third-party auditor and assesses the design and effectiveness of the service provider’s controls and processes related to security, availability, processing integrity, confidentiality and privacy. The audit also assesses the service provider’s ability to meet the TSPC criteria, which include requirements for the service provider’s technical infrastructure, data security, and customer data protection. The SOC 2 Report is a valuable tool for organizations that are looking to assess the security of their service providers and ensure that they are meeting their security and privacy requirements., topic=null, hs_path=soc-2-audit}--
{tableName=glossary, name=Cybersecurity Incident Report, description= A Cybersecurity Incident Report is an official document that is used to document the details of a cybersecurity incident. It typically includes an overview of the incident, the timeline of events, the affected systems, and the steps taken to mitigate the incident. This report is often used to provide a complete picture of the incident to management, IT personnel, and other stakeholders. It is also used to provide a detailed analysis of the incident and the actions taken to prevent similar incidents from occurring in the future. The report can also be used to provide evidence in the event of a legal action., topic=null, hs_path=cybersecurity-incident-report}--
{tableName=glossary, name=Attribute, description= Attribute: A characteristic or quality of a person, place, or thing that is used to describe or identify it. Attributes can be physical (such as height, weight, eye color, etc.), mental (such as intelligence, creativity, etc.), or emotional (such as kindness, empathy, etc.). Attributes can also refer to the qualities of an object or concept (such as size, shape, color, etc.). Attributes are used to describe or identify something, and can be used to make comparisons and judgments., topic=null, hs_path=attribute}--
{tableName=glossary, name=Cybersecurity Gamification, description= Cybersecurity Gamification is the process of using game-like elements and techniques to enhance the effectiveness of cybersecurity awareness and training. It can involve creating interactive, game-like experiences to simulate real-world scenarios, providing rewards and recognition for completing challenges, and providing incentives to motivate users to engage in cybersecurity activities. Cybersecurity gamification may also involve creating a competitive environment to encourage users to practice and improve their cybersecurity skills, as well as to promote collaboration between users in order to increase overall security. Cybersecurity gamification is becoming increasingly popular as a way to engage users in cybersecurity training and to increase their awareness of the importance of security., topic=null, hs_path=cybersecurity-gamification}--
{tableName=glossary, name=Discretionary Access Control (DAC) Attributes, description= Discretionary Access Control (DAC) attributes are security measures used to control and manage access to computer systems and data. DAC is a type of access control where the user has the authority to decide who can access certain resources or data. The user has the ability to grant or deny access to a resource or data based on their own discretion. This type of control is commonly used in organizations to help protect sensitive data and systems from unauthorized access. DAC attributes are typically associated with user accounts and can be used to set rules and restrictions on who can access certain resources or data. For example, a user account may be set up with a DAC attribute that only allows certain users to access certain data or resources. This type of control helps ensure that only authorized users have access to the resources and data that they need., topic=null, hs_path=discretionary-access-control-dac-attributes}--
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76
SSAE 18

Statement on Standards for Attestation Engagements (SSAE) No. 18 is an attestation standard issued b...

SOC 2 Audit

A SOC 2 Audit is an independent evaluation of a service provider’s information security controls and...

Cybersecurity Incident Report

A Cybersecurity Incident Report is an official document that is used to document the details of a cy...

Attribute

Attribute: A characteristic or quality of a person, place, or thing that is used to describe or iden...

Cybersecurity Gamification

Cybersecurity Gamification is the process of using game-like elements and techniques to enhance the ...

Discretionary Access Control (DAC) Attributes

Discretionary Access Control (DAC) attributes are security measures used to control and manage acces...