Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Show filters
All
Answers
Framework comparisons
Webinars
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
Responding to Australia's new critical infrastructure laws
On-demand Webinar

Responding to Australia's new critical infrastruct...

Join industry experts Andrew Robinson, Matthew Chantrell and Ryan Turan to share their insights into how to automate and manage your compliance with A...

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Register Now
Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

Register Now
How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

Register Now
See all webinars

Latest Answers

ASD Essential 8

Who has to comply with ASD Essential 8?

What is ASD Essential 8? The Australian Signals Di...

NIST Cybersecurity Framework (CSF)

Is NIST a standard or framework?

What is NIST? NIST, which stands for the National ...

ASD Essential 8

What is the ASD Essential Eight model?

What is the ASD essential eight model? The ASD Ess...

{tableName=glossary, name=Role-Based Access Control (RBAC), description= Role-Based Access Control (RBAC) is an access control system that is used to regulate user access to computer systems, networks, and other resources. It is based on the principle that users are assigned to roles, and each role is granted specific permissions or access to resources. RBAC is an effective way to manage access to resources, as it allows administrators to easily assign and manage permissions for multiple users. RBAC also provides a more granular level of control than other access control models, such as discretionary access control (DAC) or mandatory access control (MAC). By assigning roles to users, RBAC allows administrators to control user access to resources based on their roles, rather than individual user accounts. This makes RBAC a more efficient and secure way to manage access to resources, as it reduces the risk of unauthorized access., topic=null, hs_path=role-based-access-control-rbac}--
{tableName=glossary, name=Discretionary Access Control (DAC), description= Discretionary Access Control (DAC) is a type of access control in which a user's access to a system or resource is based upon the user's individual identity. This type of access control allows the user to make decisions about who can access the system or resource, and what type of access they can have. DAC is based on the principle of least privilege, which means that a user is only allowed access to the minimum amount of resources necessary to perform their job. The user is also responsible for managing the access rights of other users. DAC is commonly used in operating systems, databases, networks, and other computer systems. It is also used in physical security systems, such as door locks, to control access to restricted areas., topic=null, hs_path=discretionary-access-control-dac}--
{tableName=glossary, name=Asset Inventory, description= An asset inventory is a comprehensive list of all the physical and intangible assets owned by a business or individual. It includes all tangible assets such as cash, buildings, machinery, equipment, inventory, furniture, motor vehicles, and land. It also includes intangible assets such as intellectual property, copyrights, patents, trademarks, and other non-physical assets. An asset inventory also includes information on the location, condition, and estimated value of each asset. The purpose of an asset inventory is to provide a detailed record of the assets owned by a business or individual, as well as to provide a clear picture of the business’s financial status. This information can be used to make strategic decisions, plan for the future, and provide evidence of ownership in the event of a dispute or lawsuit., topic=null, hs_path=asset-inventory}--
{tableName=glossary, name=Cybersecurity Credentials, description= Cybersecurity credentials are a set of qualifications and certifications that a person or organization holds to demonstrate their knowledge and proficiency in the field of cybersecurity. These credentials may include certifications from industry-recognized organizations such as the International Information Systems Security Certification Consortium (ISC2), the Computing Technology Industry Association (CompTIA), the Certified Information Systems Security Professional (CISSP), and the Information Systems Audit and Control Association (ISACA). Cybersecurity credentials also may include certifications from universities and other educational institutions, as well as certifications from government agencies like the National Security Agency (NSA). Cybersecurity credentials are important for both individuals and organizations, as they demonstrate the expertise and knowledge of the holder in the field of cybersecurity and provide assurance that the holder is up-to-date on the latest security practices and technologies., topic=null, hs_path=cybersecurity-credentials}--
{tableName=comparison, name=SOC 2 vs NIST CSF, description=A comparison of SOC 2 and NIST Cybersecurity Framework (CSF). Learn the differences between the two frameworks, their security objectives., topic=[{id=97620570514, createdAt=1673040885366, updatedAt=1683947939686, path='soc-2', name=' SOC 2 Compliance: A Comprehensive Guide', 1='{type=string, value=SOC 2}', 2='{type=string, value= Compliance SOC 2 Compliance Guide: Learn the basics of SOC 2 compliance and how to ensure your organization meets the necessary standards. Get expert advice and resources to help you understand and implement the necessary}', 5='{type=string, value=This comprehensive guide provides an in-depth look at SOC 2, a set of standards used to assess the security, availability, processing integrity, confidentiality, and privacy of a service organization. It is designed to help service organizations understand the requirements of the SOC 2 framework, as well as how to implement and maintain the necessary controls to achieve compliance. This guide provides a detailed overview of the SOC 2 framework, including the five trust principles, the criteria used to evaluate those principles, and the process organizations must go through to become compliant. Additionally, this guide provides best practices for organizations to ensure they remain compliant, as well as advice on how to handle any non-compliance issues that may arise. With this guide, service organizations can gain a better understanding of the SOC 2 framework and how to use it to maintain the security and privacy of their customers' data.}'}], hs_path=soc-2-vs-nist-cybersecurity-framework-csf}--
{tableName=glossary, name=GDPR Compliance, description= GDPR Compliance is the process of adhering to the European Union’s General Data Protection Regulation (GDPR) which was passed on May 25, 2018. This regulation is designed to protect the privacy of EU citizens, by requiring organizations to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. GDPR Compliance requires organizations to be transparent in how they collect, use, store, and transfer personal data, as well as how they respond to data breaches. Organizations must also provide individuals with the right to access, rectify, and delete their personal data. Additionally, organizations must obtain explicit consent from individuals before processing their personal data, and must notify individuals of any data breaches within 72 hours. GDPR Compliance also requires organizations to implement appropriate technical and organizational measures to protect personal data, such as encryption and pseudonymization. By adhering to GDPR regulations, organizations can ensure that they are protecting the privacy of EU citizens and complying with the law., topic=null, hs_path=gdpr-compliance}--
Role-Based Access Control (RBAC)

Role-Based Access Control (RBAC) is an access control system that is used to regulate user access to...

Discretionary Access Control (DAC)

Discretionary Access Control (DAC) is a type of access control in which a user's access to a system ...

Asset Inventory

An asset inventory is a comprehensive list of all the physical and intangible assets owned by a busi...

Cybersecurity Credentials

Cybersecurity credentials are a set of qualifications and certifications that a person or organizati...

SOC 2
SOC 2 vs NIST CSF

A comparison of SOC 2 and NIST Cybersecurity Framework (CSF). Learn the differences between the two ...

GDPR Compliance

GDPR Compliance is the process of adhering to the European Union’s General Data Protection Regulatio...

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Download
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks