Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
Ready or not, here comes CMMC 2.0
On-demand Webinar

Ready or not, here comes CMMC 2.0

Join our esteemed panel of presenters for an informative session on the new Cybersecurity Maturity Model Certification (CMMC) 2.0 standards. Dr. Heath...

On-Demand Webinar

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Register Now
Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

Register Now
How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

Register Now
See all webinars

Latest Answers

ASD Essential 8

Who has to comply with ASD Essential 8?

What is ASD Essential 8? The Australian Signals Di...

NIST Cybersecurity Framework (CSF)

Is NIST a standard or framework?

What is NIST? NIST, which stands for the National ...

ASD Essential 8

What is the ASD Essential Eight model?

What is the ASD essential eight model? The ASD Ess...

{tableName=glossary, name=Data Controller, description= A data controller is a person or organization who is responsible for determining the purposes for which and the manner in which any personal data is processed. A data controller must comply with the data protection principles set out in the General Data Protection Regulation (GDPR) which includes ensuring that personal data is: processed lawfully, fairly and in a transparent manner; collected for specified, explicit and legitimate purposes; accurate and kept up to date; kept for no longer than is necessary; and kept securely. Data controllers must also ensure that individuals whose personal data is being processed are provided with information about how their data is being used, and must have appropriate measures in place to protect against unauthorized or unlawful processing, accidental loss or destruction of, or damage to, personal data., topic=null, hs_path=data-controller}--
{tableName=glossary, name=Information Security Risk Communication, description= Information Security Risk Communication is the process of exchanging information about cyber security threats and the potential risks associated with them. It involves the communication of risk information between organizations, stakeholders, and the public to ensure that everyone is aware of the risks associated with their data and systems. This communication can come in various forms, such as emails, newsletters, presentations, webinars, and more. It also includes the creation of policies and procedures to ensure that the risk information is shared in an effective and timely manner. Information Security Risk Communication is an essential part of any organization’s cyber security plan and should be regularly updated as new threats emerge., topic=null, hs_path=information-security-risk-communication}--
{tableName=glossary, name=Operational Risk, description= Operational risk is the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events. It is the risk of loss associated with inadequate or failed internal processes, people, and systems, or from external events. It encompasses a wide range of risks including strategic, compliance, reputational, financial, IT, and physical risks. Operational risk is a broad term that encompasses the risk of loss due to inadequate or failed internal processes, people, and systems, or from external events. It is the risk of losses resulting from inadequate or failed internal processes, people, and systems, or from external events. This includes risks associated with legal and regulatory compliance, financial losses, reputational damage, IT security breaches, and physical risks such as natural disasters. Operational risk management is the process of identifying, assessing, and mitigating operational risks in order to protect an organization’s assets and operations. This involves the development of policies and procedures, the implementation of risk management systems, and the monitoring of operational risks. Operational risk management is an essential component of any successful business, as it helps to ensure the safety and security of an organization’s resources and operations., topic=null, hs_path=operational-risk}--
{tableName=glossary, name=Instant Communications Security And Compliance, description= Instant Communications Security and Compliance is the practice of implementing measures to ensure the security and compliance of digital communications, such as emails, text messages, and other forms of electronic communication. It involves using technologies, processes, and policies to protect data and communications from unauthorized access or alteration. It also involves ensuring that all communications comply with applicable laws and regulations. This includes ensuring that all data is stored securely, that all communications are encrypted, and that all communications are monitored and audited. Additionally, it involves establishing processes to ensure that all communications are compliant with applicable laws and regulations, and that any changes to the system are documented and approved. Finally, it involves providing training to users on how to properly use and protect digital communications., topic=null, hs_path=instant-communications-security-and-compliance}--
{tableName=glossary, name=Common Vulnerabilities And Exposures (CVE), description= Common Vulnerabilities and Exposures (CVE) is a list of publicly known cyber security vulnerabilities and exposures. It is maintained by the non-profit organization, the MITRE Corporation, and is sponsored by the U.S. Department of Homeland Security. CVE is a dictionary of standardized names for vulnerabilities and exposures that are used to reference publicly known security issues. It provides a reference to security vulnerabilities and exposures, which allows developers and security professionals to identify and share information about these issues. The list of vulnerabilities and exposures is constantly updated and includes detailed information about the severity of the issue, the affected software and hardware, and the type of attack. CVE also provides a reference to the associated Common Vulnerability Scoring System (CVSS) score, which is used to rank the severity of the vulnerability or exposure. This score is used to help prioritize security patches and other security measures. CVE is an important resource for security professionals and developers, as it helps them quickly identify and address security issues., topic=[{id=97620570512, createdAt=1673040885353, updatedAt=1683947931775, path='vulnerability-management', name=' Vuln Mgmt Guide: Learn to Protect Your Business', 1='{type=string, value=Vulnerability Management}', 2='{type=string, value= Learn how to identify, assess, and manage security vulnerabilities in your organization with this comprehensive guide to Vulnerability Management. Get started now!}', 5='{type=string, value=This Vulnerability Management Guide provides an authoritative overview of the processes, strategies, and best practices for effectively managing vulnerabilities in an organization's IT systems. It explains the importance of vulnerability management and outlines the steps needed to build an effective vulnerability management program. It also covers the various tools and techniques used to identify, assess, and remediate vulnerabilities, as well as the importance of monitoring and reporting on the program's progress. Finally, the guide provides guidance on how to select the appropriate security solutions for an organization's needs. By following the advice in this guide, organizations can ensure that their systems are secure and their data is protected.}'}], hs_path=common-vulnerabilities-and-exposures-cve}--
{tableName=comparison, name=SOC 2 vs ISO 27001, description=Learn the differences between SOC 2 and ISO 27001 and how they are used to ensure the security of your organization's data. Get an overview of the key features., topic=[{id=97620570514, createdAt=1673040885366, updatedAt=1683947939686, path='soc-2', name=' SOC 2 Compliance: A Comprehensive Guide', 1='{type=string, value=SOC 2}', 2='{type=string, value= Compliance SOC 2 Compliance Guide: Learn the basics of SOC 2 compliance and how to ensure your organization meets the necessary standards. Get expert advice and resources to help you understand and implement the necessary}', 5='{type=string, value=This comprehensive guide provides an in-depth look at SOC 2, a set of standards used to assess the security, availability, processing integrity, confidentiality, and privacy of a service organization. It is designed to help service organizations understand the requirements of the SOC 2 framework, as well as how to implement and maintain the necessary controls to achieve compliance. This guide provides a detailed overview of the SOC 2 framework, including the five trust principles, the criteria used to evaluate those principles, and the process organizations must go through to become compliant. Additionally, this guide provides best practices for organizations to ensure they remain compliant, as well as advice on how to handle any non-compliance issues that may arise. With this guide, service organizations can gain a better understanding of the SOC 2 framework and how to use it to maintain the security and privacy of their customers' data.}'}], hs_path=soc-2-vs-iso-27001}--
Data Controller

A data controller is a person or organization who is responsible for determining the purposes for wh...

Information Security Risk Communication

Information Security Risk Communication is the process of exchanging information about cyber securit...

Operational Risk

Operational risk is the risk of loss resulting from inadequate or failed internal processes, people,...

Instant Communications Security And Compliance

Instant Communications Security and Compliance is the practice of implementing measures to ensure th...

Vulnerability Management
Common Vulnerabilities And Exposures (CVE)

Common Vulnerabilities and Exposures (CVE) is a list of publicly known cyber security vulnerabilitie...

SOC 2
SOC 2 vs ISO 27001

Learn the differences between SOC 2 and ISO 27001 and how they are used to ensure the security of yo...

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Download
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks