Skip to content

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

See all webinars
{tableName=glossary, name=ISO/IEC Compliance, description= ISO/IEC compliance is the adherence to international standards and guidelines set forth by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). These standards are designed to ensure that products, services, and processes meet certain requirements and are consistent across different countries and organizations. ISO/IEC compliance is important for businesses, as it ensures that products and services are safe, reliable, and of high quality. It also helps to protect the environment and promote global trade. Compliance with ISO/IEC standards is usually achieved through certification and auditing processes, which involve testing and verification of products and services to ensure they meet the standards set forth. Compliance is also monitored through regular reviews and updates of the standards., topic=null, hs_path=iso-iec-compliance}--
{tableName=glossary, name=Third-party risk management, description= Third-party risk management is the process of identifying, assessing, and mitigating risks associated with relationships with external entities, such as vendors, suppliers, contractors, and other third-party service providers. It is a critical component of an organization's overall risk management strategy and involves assessing the potential risks associated with a given third-party relationship, developing and implementing processes and procedures to mitigate those risks, and monitoring and evaluating the effectiveness of those processes. The goal of third-party risk management is to ensure that any risks associated with a third-party relationship are managed in a way that is consistent with the organization's risk management policies and procedures. This includes evaluating the third-party's financial stability, security practices, and compliance with applicable laws and regulations. Additionally, organizations should monitor the performance of the third-party to ensure that the services provided are meeting the organization's expectations., topic=[{id=97620570526, createdAt=1673040885440, updatedAt=1715624231354, path='vendor-risk-management', name=' Vendor Risk Management: A Guide to Best Practices', 1='{type=string, value=Vendor Risk Management}', 2='{type=string, value= Vendor Risk Management Guide: Learn the fundamentals of vendor risk management and how to identify, assess, and mitigate risks associated with third-party vendors.}', 5='{type=string, value=This Vendor Risk Management Guide provides a comprehensive overview of the key components of vendor risk management. It covers the fundamentals of vendor risk management, including risk identification, assessment, and mitigation strategies. It also provides guidance on the development of a vendor risk management program, including the process for selecting, onboarding, and monitoring vendors. Additionally, this guide provides guidance on the use of technology to automate and streamline the vendor risk management process. Finally, this guide provides a number of best practices for managing vendor risk and ensuring compliance with applicable regulations. With this guide, organizations can create a comprehensive and effective vendor risk management program that ensures the safety of their data and systems.}', 15='{type=list, value=[{id=97620570526, name='Vendor Risk Management'}]}'}], hs_path=third-party-risk-management}--
{tableName=glossary, name=ISO/IEC 27002 Benefits, description= ISO/IEC 27002 Benefits is a set of information security management best practices that provide organizations with a framework for developing, implementing, managing and maintaining an effective security management system. This framework is based on the ISO/IEC 27002 standard, which is an internationally recognized standard for information security management. ISO/IEC 27002 Benefits provides organizations with a comprehensive set of security controls that are tailored to the specific needs and objectives of the organization. These controls are designed to protect the organization’s information assets, such as its networks, systems and data, from unauthorized access, use, modification, disclosure, or destruction. Additionally, ISO/IEC 27002 Benefits helps organizations create a culture of security awareness by providing guidance on how to develop, implement and maintain an effective security management system. This includes guidance on security policies and procedures, security risk management, security training and education, and incident response. Ultimately, ISO/IEC 27002 Benefits enables organizations to protect their information assets and maintain a secure environment for their staff, customers and partners., topic=null, hs_path=iso-iec-27002-benefits}--
{tableName=glossary, name=Dread Model, description= Dread Model: a risk assessment model developed by the security expert Bruce Schneier to help organizations identify and prioritize security threats. The model is based on the acronym DREAD, which stands for Damage, Reproducibility, Exploitability, Affected Users, and Discoverability. Damage refers to the potential harm that a threat can cause to an organization's data or systems, Reproducibility is the ability of an attacker to replicate the same attack, Exploitability is the ease with which an attack can be executed, Affected Users is the number of users that could be impacted by the attack, and Discoverability is the difficulty of detecting the attack. The model is used to help organizations evaluate the risk of a potential threat and prioritize their security efforts accordingly., topic=null, hs_path=dread-model}--
{tableName=glossary, name=Information Security Controls, description= Information security controls are measures used to protect data and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. These controls can be implemented in hardware, software, network, and procedural methods. Examples of hardware controls include firewalls, intrusion detection systems, and physical access control systems. Examples of software controls include antivirus and antimalware software, encryption, and access control lists. Network controls include virtual private networks (VPNs), network segmentation, and network monitoring. Procedural controls include policies and procedures for data access and usage, user authentication, and incident response. Information security controls are essential for ensuring the confidentiality, integrity, and availability of digital data and systems., topic=[{id=97620570528, createdAt=1673040885452, updatedAt=1715624222504, path='cybersecurity-risk-management', name=' Cybersecurity Risk Management: A Guide for Businesses', 1='{type=string, value=Cybersecurity Risk Management}', 2='{type=string, value= This guide provides essential information on cyber security risk management, including how to identify, assess, and mitigate risks to your organization's data and systems. Learn how to create a cyber security strategy that}', 5='{type=string, value=This Cybersecurity Risk Management Guide is designed to provide an authoritative overview of the key concepts and processes associated with effective cybersecurity risk management. It provides an introduction to the principles of risk management and the key steps involved in developing a successful risk management plan. It outlines the importance of understanding the threats and vulnerabilities that exist in the digital environment, as well as the steps that can be taken to mitigate these risks. It also discusses the need to develop a culture of security within an organization and the role of leadership in setting the tone for a secure environment. Finally, the guide provides guidance on the selection and implementation of security technologies, as well as the monitoring and review of risk management processes. This guide is an essential resource for anyone looking to understand and manage risks associated with cyber threats.}', 15='{type=list, value=[{id=97620570528, name='Cybersecurity Risk Management'}]}'}], hs_path=information-security-controls}--
{tableName=glossary, name=Enterprise Risk Management (ERM) Software, description= Enterprise Risk Management (ERM) Software is a type of software designed to help organizations manage their risks by providing them with an integrated platform to identify, assess, monitor, and respond to risks. ERM software typically includes features such as risk assessment, risk analysis, risk mitigation, and reporting tools. It can help organizations identify, quantify, and prioritize risks, as well as provide a framework to develop and implement risk management strategies. ERM software can also help organizations develop and maintain risk management policies, procedures, and controls, as well as provide visibility into risk management performance. By providing a comprehensive view of an organization’s risk landscape, ERM software can help organizations make better decisions and improve overall risk management., topic=null, hs_path=enterprise-risk-management-erm-software}--

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...