Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

On-Demand Webinar

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

See all webinars
{tableName=glossary, name=APRA CPS 234, description= APRA CPS 234 is an information security standard developed by the Australian Prudential Regulation Authority (APRA) to provide guidance on the security controls organizations should implement to protect their information and systems. The standard is based on the ISO/IEC 27002:2013 and provides a set of security requirements which organizations must comply with in order to protect their information assets. It covers topics such as access control, physical and environmental security, asset management, cryptography, system development and maintenance, incident management, and business continuity. APRA CPS 234 requires organizations to identify, assess and manage risk, and to develop and implement an information security program that meets the requirements of the standard. The standard also requires organizations to monitor, test and review their security controls on an ongoing basis., topic=[{id=97620570527, createdAt=1673040885446, updatedAt=1683947990333, path='apra-cps-234', name=' APRA CPS 234 Guide: Cyber Security Requirements', 1='{type=string, value=APRA CPS 234}', 2='{type=string, value= This guide provides a comprehensive overview of APRA CPS 234, the Australian Prudential Regulation Authority's (APRA) requirements for information security management. Learn how to protect your organisation's data}', 5='{type=string, value=The APRA CPS 234 Guide provides authoritative guidance to help organizations implement effective cybersecurity strategies. Written by the Australian Prudential Regulation Authority (APRA), this guide outlines the essential elements of a cyber security framework and outlines best practices for protecting data and systems from cyber threats. It provides detailed guidance on how to assess risk, implement safeguards, and respond to cyber incidents. The guide also includes information on how to develop policies and procedures, educate staff, and monitor cyber security performance. With this guide, organizations can ensure that their systems are secure and their data is protected.}'}], hs_path=apra-cps-234}--
{tableName=glossary, name=ISO/IEC 27001 Data Retention Policy, description= ISO/IEC 27001 Data Retention Policy is a set of guidelines that outlines the procedures and standards for how data should be stored, managed, and retained to ensure the security and integrity of the data. This policy is designed to ensure that the data is properly secured, managed, and retained in a manner that is compliant with applicable laws and regulations. It outlines the requirements for the collection, storage, and retention of data, as well as the procedures for accessing, updating, and deleting data. The policy also establishes the procedures for monitoring and auditing the data to ensure that the data is secure and accessible. The policy should be reviewed and updated periodically to ensure that it remains current and up-to-date with the latest regulations and best practices., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-data-retention-policy}--
{tableName=glossary, name=Cybersecurity Maturity Model Certification (CMMC), description= Cybersecurity Maturity Model Certification (CMMC) is a certification program created by the United States Department of Defense (DoD) to ensure that all organizations that handle Controlled Unclassified Information (CUI) comply with the DoD’s cybersecurity standards. The CMMC is a five-level certification system that assesses the maturity of an organization’s cybersecurity practices, processes, and procedures. The five levels are Basic Cyber Hygiene, Cyber Hygiene, Intermediate, Advanced, and Progressive. Each level builds upon the previous one and provides a comprehensive set of security requirements that must be met in order to achieve the next level. The CMMC certification is designed to be an ongoing process that organizations must go through in order to maintain their certification. The certification is valid for three years, after which organizations must renew their certification in order to remain compliant with the DoD’s security requirements. The CMMC is intended to help ensure that all organizations handling CUI are properly secured and that the data remains secure., topic=null, hs_path=cybersecurity-maturity-model-certification-cmmc}--
{tableName=glossary, name=ISO/IEC Data Center, description= ISO/IEC Data Center is a facility that houses computer systems and associated components, such as telecommunications and storage systems. It generally includes redundant or backup power supplies, redundant data communications connections, environmental controls (e.g. air conditioning, fire suppression) and various security devices. The main purpose of a data center is to process, store, and distribute large amounts of data. Data centers are typically used by large organizations and businesses to store and process their data, including financial records, customer data, and other confidential information. ISO/IEC Data Centers are designed to adhere to the ISO/IEC standards for data center design, operation, and management. These standards provide guidelines for data center design, operation, and management that ensure the highest levels of reliability, availability, security, and performance. These standards also provide guidance on how to minimize the risk of data loss or corruption, and how to efficiently and securely manage and store data., topic=null, hs_path=iso-iec-data-center}--
{tableName=comparison, name=SOC 2 vs PCI-DSS, description= SOC 2 and PCI-DSS are two important security standards for organizations. Learn the differences between them and how they can help you protect your data., topic=[{id=97620570514, createdAt=1673040885366, updatedAt=1683947939686, path='soc-2', name=' SOC 2 Compliance: A Comprehensive Guide', 1='{type=string, value=SOC 2}', 2='{type=string, value= Compliance SOC 2 Compliance Guide: Learn the basics of SOC 2 compliance and how to ensure your organization meets the necessary standards. Get expert advice and resources to help you understand and implement the necessary}', 5='{type=string, value=This comprehensive guide provides an in-depth look at SOC 2, a set of standards used to assess the security, availability, processing integrity, confidentiality, and privacy of a service organization. It is designed to help service organizations understand the requirements of the SOC 2 framework, as well as how to implement and maintain the necessary controls to achieve compliance. This guide provides a detailed overview of the SOC 2 framework, including the five trust principles, the criteria used to evaluate those principles, and the process organizations must go through to become compliant. Additionally, this guide provides best practices for organizations to ensure they remain compliant, as well as advice on how to handle any non-compliance issues that may arise. With this guide, service organizations can gain a better understanding of the SOC 2 framework and how to use it to maintain the security and privacy of their customers' data.}'}], hs_path=soc-2-vs-pci-dss}--
{tableName=glossary, name=ISO/IEC 27001 And ISO/IEC 27002, description= ISO/IEC 27001 and ISO/IEC 27002 are international standards developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO/IEC 27001 is an Information Security Management System (ISMS) standard that provides organizations with a framework for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an information security management system. It helps organizations manage the security of assets such as financial information, intellectual property, employee details, or information entrusted to them by third parties. ISO/IEC 27002 is a code of practice for information security management that provides guidelines for the selection, implementation, and management of security controls to protect information assets. It is based on the Plan-Do-Check-Act (PDCA) cycle and provides advice on the best practices for managing information security. It is designed to be used in conjunction with ISO/IEC 27001, but can also be used as a standalone guide., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-and-iso-iec-27002}--

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...