Skip to content
🚨 Upcoming webinar: AI and the Future of GRC featuring Ant Stevens and Michael Rasmussen 🚨

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risk, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
Responding to Australia's new critical infrastructure laws
On-demand Webinar

Responding to Australia's new critical infrastruct...

Join industry experts Andrew Robinson, Matthew Chantrell and Ryan Turan to share their insights into how to automate and manage your compliance with A...

Webinars

Unlocking smart value for MSPs: Fro...

On-demand Webinar

Unlocking smart value for MSPs: From assessment to full vCISO services

Join us for a webinar designed for Managed Service Providers (MSPs) to explore how 6clicks can transform your services. ...
date-icon

Jul 17, 2024

location

Virtual

Register Now
A look behind the scenes at the GRC...

On-demand Webinar

A look behind the scenes at the GRC practices of an AI-powered GRC company

Discover the inner workings of 6clicks' Governance, Risk, and Compliance (GRC) practices with our exclusive on-demand we...
date-icon

Jul 12, 2024

location

Virtual

Register Now
IT risk management essentials: Miti...

On-demand Webinar

IT risk management essentials: Mitigate risk & stay secure

With cyber threats constantly evolving, understanding the essentials of IT risk management is crucial for businesses of ...
date-icon

Jun 12, 2024

location

Virtual

Register Now
See all webinars

Latest Answers

How does 6clicks support effective softw...

6clicks supports effective software vulnerability ...

What are the key steps involved in the i...

The internal audit process using 6clicks involves ...

What should be included in an ISO audit ...

An ISO audit checklist for cybersecurity complianc...

{tableName=glossary, name=Strategic Risk, description= Strategic risk is the risk that an organization takes when it makes strategic decisions, such as entering a new market, introducing a new product, or changing its business model. This type of risk is associated with uncertainty and the potential for losses due to unexpected events or changes in the external environment. Strategic risk can include a wide range of risks, such as financial, operational, legal, reputational, and political risks. Strategic risk management involves identifying, assessing, and managing the risks associated with strategic decisions. Risk management strategies can include developing contingency plans, diversifying investments, and implementing risk mitigation measures. Strategic risk management is an important part of any organization’s overall risk management strategy., topic=null, hs_path=strategic-risk}--
{tableName=glossary, name=Vendor Management Policy (Vmp), description= A Vendor Management Policy (VMP) is a set of guidelines and procedures for managing relationships with vendors that provide goods and services to an organization. It defines the roles and responsibilities of both the organization and the vendors, and outlines the process for selecting, evaluating, and managing vendor relationships. It also outlines the expectations for communication, performance, and delivery of services, as well as the processes for resolving disputes and managing changes in the relationship. A VMP is designed to ensure that all vendor relationships are conducted in a fair and transparent manner, with the organization's best interests in mind. It also helps to ensure that the organization is able to make informed decisions about which vendors to use and how to manage them., topic=[{id=97620570526, createdAt=1673040885440, updatedAt=1715624231354, path='vendor-risk-management', name=' Vendor Risk Management: A Guide to Best Practices', 1='{type=string, value=Vendor Risk Management}', 2='{type=string, value= Vendor Risk Management Guide: Learn the fundamentals of vendor risk management and how to identify, assess, and mitigate risks associated with third-party vendors.}', 5='{type=string, value=This Vendor Risk Management Guide provides a comprehensive overview of the key components of vendor risk management. It covers the fundamentals of vendor risk management, including risk identification, assessment, and mitigation strategies. It also provides guidance on the development of a vendor risk management program, including the process for selecting, onboarding, and monitoring vendors. Additionally, this guide provides guidance on the use of technology to automate and streamline the vendor risk management process. Finally, this guide provides a number of best practices for managing vendor risk and ensuring compliance with applicable regulations. With this guide, organizations can create a comprehensive and effective vendor risk management program that ensures the safety of their data and systems.}', 15='{type=list, value=[{id=97620570526, name='Vendor Risk Management'}]}'}], hs_path=vendor-management-policy-vmp}--
{tableName=guides, name=SOC 2, description= Compliance SOC 2 Compliance Guide: Learn the basics of SOC 2 compliance and how to ensure your organization meets the necessary standards. Get expert advice and resources to help you understand and implement the necessary, topic=[{id=97620570514, createdAt=1673040885366, updatedAt=1715624490265, path='soc-2', name=' SOC 2 Compliance: A Comprehensive Guide', 1='{type=string, value=SOC 2}', 2='{type=string, value= Compliance SOC 2 Compliance Guide: Learn the basics of SOC 2 compliance and how to ensure your organization meets the necessary standards. Get expert advice and resources to help you understand and implement the necessary}', 5='{type=string, value=This comprehensive guide provides an in-depth look at SOC 2, a set of standards used to assess the security, availability, processing integrity, confidentiality, and privacy of a service organization. It is designed to help service organizations understand the requirements of the SOC 2 framework, as well as how to implement and maintain the necessary controls to achieve compliance. This guide provides a detailed overview of the SOC 2 framework, including the five trust principles, the criteria used to evaluate those principles, and the process organizations must go through to become compliant. Additionally, this guide provides best practices for organizations to ensure they remain compliant, as well as advice on how to handle any non-compliance issues that may arise. With this guide, service organizations can gain a better understanding of the SOC 2 framework and how to use it to maintain the security and privacy of their customers' data.}', 15='{type=list, value=[{id=97620570514, name='SOC 2'}]}'}], hs_path=soc-2}--
{tableName=glossary, name=NIST SP 800-53 Minimum/Base Controls, description= NIST SP 800-53 Minimum/Base Controls are a set of security controls established by the National Institute of Standards and Technology (NIST) to help organizations protect their information systems. These controls are designed to protect systems from unauthorized access, misuse, modification, and destruction of information. The controls are grouped into three categories: Basic, Derived, and Hybrid. Basic controls are the most basic and foundational controls that should be implemented in any system, while Derived and Hybrid controls are more advanced and tailored to the specific system. The controls cover areas such as access control, authentication, encryption, logging and monitoring, system and communications protection, and incident response. NIST SP 800-53 Minimum/Base Controls are essential for organizations to ensure the security and privacy of their information systems., topic=[{id=97620570515, createdAt=1673040885373, updatedAt=1715624498921, path='nist-sp-800-53', name=' NIST SP 800-53 Security Guide: Protect Your Data', 1='{type=string, value=NIST SP 800-53}', 2='{type=string, value= This guide provides a comprehensive overview of NIST SP 800-53, a security and privacy control framework for federal information systems and organizations. Learn how to protect your data and comply with NIST}', 5='{type=string, value=This authoritative guide is based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, which provides guidance for federal agencies on selecting, implementing, and managing information security controls. The guide covers a wide range of topics, including risk assessment, security control selection, security control implementation, and security control monitoring. It also provides detailed information on the security controls that should be implemented in the organization, as well as guidance on how to assess and monitor the effectiveness of those controls. Additionally, the guide provides detailed information on the Federal Information Security Management Act (FISMA) and its requirements for information security. The guide is intended to help organizations ensure that their information systems are secure and compliant with applicable laws and regulations.}', 15='{type=list, value=[{id=97620570515, name='NIST SP 800-53'}]}'}], hs_path=nist-sp-800-53-minimum-base-controls}--
{tableName=glossary, name=Intrusion Detection and Prevention System (IDPS), description= An Intrusion Detection and Prevention System (IDPS) is a security system used to detect and prevent unauthorized access to a computer network or system. It works by monitoring the network for suspicious activity and then taking action to block or alert the user when a malicious event occurs. The system consists of components such as network sensors, which detect malicious activity, and response mechanisms, which can be configured to block or alert the user when an attack is detected. IDPS can be used to protect networks from a variety of different threats including malware, phishing, and malicious code. It can also be used to detect and prevent insider threats, such as employees accessing confidential data or systems without authorization. IDPS can be deployed in either a software or hardware form, and can be used in conjunction with other security measures such as firewalls and antivirus software to provide a comprehensive security solution., topic=null, hs_path=intrusion-detection-and-prevention-system-idps}--
{tableName=glossary, name=SOC 1, description= SOC 1 is an abbreviation for Service Organization Controls 1 Report. It is a report issued by an independent auditor that provides assurance to a service organization's customers that the organization has adequate controls and safeguards in place to protect their customers’ financial information. The report is based on the American Institute of Certified Public Accountants (AICPA) Trust Services Principles and Criteria, which are a set of standards designed to evaluate the effectiveness of a service organization's internal controls. The report is used to provide assurance to customers that their financial information is secure and that the service organization is following accepted standards and procedures to protect their data. The report is also used to demonstrate compliance with applicable regulations and industry standards., topic=[{id=97620570514, createdAt=1673040885366, updatedAt=1715624490265, path='soc-2', name=' SOC 2 Compliance: A Comprehensive Guide', 1='{type=string, value=SOC 2}', 2='{type=string, value= Compliance SOC 2 Compliance Guide: Learn the basics of SOC 2 compliance and how to ensure your organization meets the necessary standards. Get expert advice and resources to help you understand and implement the necessary}', 5='{type=string, value=This comprehensive guide provides an in-depth look at SOC 2, a set of standards used to assess the security, availability, processing integrity, confidentiality, and privacy of a service organization. It is designed to help service organizations understand the requirements of the SOC 2 framework, as well as how to implement and maintain the necessary controls to achieve compliance. This guide provides a detailed overview of the SOC 2 framework, including the five trust principles, the criteria used to evaluate those principles, and the process organizations must go through to become compliant. Additionally, this guide provides best practices for organizations to ensure they remain compliant, as well as advice on how to handle any non-compliance issues that may arise. With this guide, service organizations can gain a better understanding of the SOC 2 framework and how to use it to maintain the security and privacy of their customers' data.}', 15='{type=list, value=[{id=97620570514, name='SOC 2'}]}'}], hs_path=soc-1}--
Strategic Risk

Strategic risk is the risk that an organization takes when it makes strategic decisions, such as ent...

Vendor Risk Management
Vendor Management Policy (Vmp)

A Vendor Management Policy (VMP) is a set of guidelines and procedures for managing relationships wi...

SOC 2
SOC 2

Compliance SOC 2 Compliance Guide: Learn the basics of SOC 2 compliance and how to ensure your organ...

NIST SP 800-53
NIST SP 800-53 Minimum/Base Controls

NIST SP 800-53 Minimum/Base Controls are a set of security controls established by the National Inst...

Intrusion Detection and Prevention System (IDPS)

An Intrusion Detection and Prevention System (IDPS) is a security system used to detect and prevent ...

SOC 2
SOC 1

SOC 1 is an abbreviation for Service Organization Controls 1 Report. It is a report issued by an ind...

eBooks

Revolutionizing GRC with AI: Harnes...

eBook

Revolutionizing GRC with AI: Harnessing the power of LLM and RAG technologies

Download
GRC 5.0: Explaining the Paradigm Sh...

eBook

GRC 5.0: Explaining the Paradigm Shift in GRC

In this eBook, 6clicks CEO, Anthony Stevens, covers the major paradigm shift in GRC, integrating your risk approach, ma...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks