Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
Responding to Australia's new critical infrastructure laws
On-demand Webinar

Responding to Australia's new critical infrastruct...

Join industry experts Andrew Robinson, Matthew Chantrell and Ryan Turan to share their insights into how to automate and manage your compliance with A...

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Register Now
Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

Register Now
How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

Register Now
See all webinars

Latest Answers

ASD Essential 8

Who has to comply with ASD Essential 8?

What is ASD Essential 8? The Australian Signals Di...

NIST Cybersecurity Framework (CSF)

Is NIST a standard or framework?

What is NIST? NIST, which stands for the National ...

ASD Essential 8

What is the ASD Essential Eight model?

What is the ASD essential eight model? The ASD Ess...

{tableName=comparison, name=NIST SP 800-53 vs PCI-DSS, description=NIST SP 800-53 and PCI-DSS are two of the most widely used security standards for organizations. Learn about the differences between the two., topic=[{id=97620570515, createdAt=1673040885373, updatedAt=1683947942816, path='nist-sp-800-53', name=' NIST SP 800-53 Security Guide: Protect Your Data', 1='{type=string, value=NIST SP 800-53}', 2='{type=string, value= This guide provides a comprehensive overview of NIST SP 800-53, a security and privacy control framework for federal information systems and organizations. Learn how to protect your data and comply with NIST}', 5='{type=string, value=This authoritative guide is based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, which provides guidance for federal agencies on selecting, implementing, and managing information security controls. The guide covers a wide range of topics, including risk assessment, security control selection, security control implementation, and security control monitoring. It also provides detailed information on the security controls that should be implemented in the organization, as well as guidance on how to assess and monitor the effectiveness of those controls. Additionally, the guide provides detailed information on the Federal Information Security Management Act (FISMA) and its requirements for information security. The guide is intended to help organizations ensure that their information systems are secure and compliant with applicable laws and regulations.}'}], hs_path=nist-sp-800-53-vs-pci-dss}--
{tableName=glossary, name=Intrusion Detection and Prevention System (IDPS), description= An Intrusion Detection and Prevention System (IDPS) is a security system used to detect and prevent unauthorized access to a computer network or system. It works by monitoring the network for suspicious activity and then taking action to block or alert the user when a malicious event occurs. The system consists of components such as network sensors, which detect malicious activity, and response mechanisms, which can be configured to block or alert the user when an attack is detected. IDPS can be used to protect networks from a variety of different threats including malware, phishing, and malicious code. It can also be used to detect and prevent insider threats, such as employees accessing confidential data or systems without authorization. IDPS can be deployed in either a software or hardware form, and can be used in conjunction with other security measures such as firewalls and antivirus software to provide a comprehensive security solution., topic=null, hs_path=intrusion-detection-and-prevention-system-idps}--
{tableName=glossary, name=SSAE 18, description= Statement on Standards for Attestation Engagements (SSAE) No. 18 is an attestation standard issued by the American Institute of Certified Public Accountants (AICPA). It defines the requirements for attestation engagements performed by a service auditor, and is applicable to service organizations that provide services to user entities. The standard provides guidance for service auditors on how to plan and perform an attestation engagement, and how to report on the results of the engagement. It is intended to replace the Statement on Auditing Standards (SAS) No. 70, which is the previous standard for service organization attestation engagements. SSAE 18 requires a service auditor to obtain an understanding of the service organization's system and its controls, assess the risks associated with the system, determine the nature, timing and extent of the tests to be performed, and evaluate the design and operating effectiveness of the controls. The service auditor must also issue an opinion on the fairness of the description of the service organization's system and the suitability of the design and operating effectiveness of the controls. The opinion must include a description of the tests performed and the results of the tests., topic=null, hs_path=ssae-18}--
{tableName=glossary, name=Ransomware, description= Ransomware is a type of malicious software (malware) designed to block access to a computer system or data until a ransom is paid. It typically spreads through phishing emails, malicious downloads, or drive-by downloads. Once installed, ransomware can encrypt files, lock the computer, or both. The attacker then demands payment, usually in the form of cryptocurrency or prepaid cards, in exchange for a decryption key to unlock the system or data. Ransomware is a particularly devastating form of malware because it can cause irreparable damage to computer systems, data, and networks, and can be difficult to detect and remove., topic=null, hs_path=ransomware}--
{tableName=glossary, name=ISO/IEC 27001 Certification Requirements, description= ISO/IEC 27001 Certification Requirements are a set of international standards developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) to help organizations protect their information assets. The standards provide a framework to ensure that organizations have appropriate controls, processes, and procedures in place to protect their information assets. The standards are divided into two parts: the ISO/IEC 27001 standard, which outlines the requirements for an information security management system (ISMS), and the ISO/IEC 27002 standard, which provides detailed guidance on how to implement the requirements. The ISO/IEC 27001 standard requires organizations to have a documented ISMS that covers all aspects of their information security, including risk assessments, policies and procedures, and organizational structures. The standard also requires organizations to have a documented process for regularly monitoring and assessing the effectiveness of their ISMS. Organizations must also have procedures in place to respond to security incidents, as well as to ensure that their ISMS is continuously improved. Finally, organizations must demonstrate that their ISMS meets the requirements of the ISO/IEC 27001 standard through independent third-party certification., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-certification-requirements}--
{tableName=glossary, name=Wardriving, description= Wardriving is a type of hacking that involves using a vehicle to search for and map wireless networks. It involves driving around with a laptop or other device that is equipped with a wireless network card, and scanning for wireless networks. The hacker then records the network's name, signal strength, and encryption type and stores it in a database. This information can be used to gain access to the network, if it is not properly secured. Wardriving is often used to gain access to networks with weak security, or to gain access to networks that are not owned by the hacker. It can also be used to identify vulnerable networks that can be used for malicious purposes. Wardriving is illegal in some countries, and can result in criminal charges for the perpetrator., topic=[{id=97620570512, createdAt=1673040885353, updatedAt=1683947931775, path='vulnerability-management', name=' Vuln Mgmt Guide: Learn to Protect Your Business', 1='{type=string, value=Vulnerability Management}', 2='{type=string, value= Learn how to identify, assess, and manage security vulnerabilities in your organization with this comprehensive guide to Vulnerability Management. Get started now!}', 5='{type=string, value=This Vulnerability Management Guide provides an authoritative overview of the processes, strategies, and best practices for effectively managing vulnerabilities in an organization's IT systems. It explains the importance of vulnerability management and outlines the steps needed to build an effective vulnerability management program. It also covers the various tools and techniques used to identify, assess, and remediate vulnerabilities, as well as the importance of monitoring and reporting on the program's progress. Finally, the guide provides guidance on how to select the appropriate security solutions for an organization's needs. By following the advice in this guide, organizations can ensure that their systems are secure and their data is protected.}'}], hs_path=wardriving}--
NIST SP 800-53
NIST SP 800-53 vs PCI-DSS

NIST SP 800-53 and PCI-DSS are two of the most widely used security standards for organizations. Lea...

Intrusion Detection and Prevention System (IDPS)

An Intrusion Detection and Prevention System (IDPS) is a security system used to detect and prevent ...

SSAE 18

Statement on Standards for Attestation Engagements (SSAE) No. 18 is an attestation standard issued b...

Ransomware

Ransomware is a type of malicious software (malware) designed to block access to a computer system o...

ISO 27001
ISO/IEC 27001 Certification Requirements

ISO/IEC 27001 Certification Requirements are a set of international standards developed by the Inter...

Vulnerability Management
Wardriving

Wardriving is a type of hacking that involves using a vehicle to search for and map wireless network...

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Download
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks