Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

On-Demand Webinar

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

See all webinars
{tableName=glossary, name=ISO/IEC /IEC 27004:2016 Clauses, description= ISO/IEC 27004:2016 Clauses is an international standard that provides guidance and best practices for measuring and managing the performance of Information Security Management Systems (ISMS). It is based on the ISO/IEC 27001:2013 standard and provides a framework for organizations to assess and improve their security posture. The standard is divided into six main sections, each of which contains a number of clauses. The sections cover topics such as security management, security controls, risk assessment and management, security incident management, security monitoring, and security assurance. Each clause provides guidance on the requirements for the specific topic and includes examples of how to implement the requirements. The standard also includes a number of annexes which provide additional guidance on security management, security controls, and security assurance. ISO/IEC 27004:2016 Clauses is designed to help organizations develop and maintain an effective ISMS, and to ensure that their security posture is up to date and in line with industry best practices., topic=null, hs_path=iso-iec-iec-270042016-clauses}--
{tableName=glossary, name=NIST SP 800-53, description= NIST SP 800-53 is a set of security controls and guidelines developed by the National Institute of Standards and Technology (NIST). It provides a comprehensive set of security requirements for federal information systems and organizations. It is designed to help organizations protect their information systems from unauthorized access, modification, misuse, and destruction. The security controls are divided into 18 categories, with each category containing a set of security controls and associated implementation guidance. The categories include access control, audit and accountability, awareness and training, configuration management, contingency planning, identification and authentication, incident response, maintenance, media protection, physical and environmental protection, planning, personnel security, risk assessment, system and services acquisition, system and communications protection, system and information integrity, system and network security, and system and organization security. Each security control is further divided into sub-controls, with each sub-control having a set of implementation guidance and a baseline security requirement. The baseline security requirement defines the minimum level of security that must be achieved for each sub-control. NIST SP 800-53 also provides guidance on how to implement the security controls and provides a framework for developing a security program., topic=[{id=97620570515, createdAt=1673040885373, updatedAt=1683947942816, path='nist-sp-800-53', name=' NIST SP 800-53 Security Guide: Protect Your Data', 1='{type=string, value=NIST SP 800-53}', 2='{type=string, value= This guide provides a comprehensive overview of NIST SP 800-53, a security and privacy control framework for federal information systems and organizations. Learn how to protect your data and comply with NIST}', 3='{type=string, value=Write the overview for an authoritative guide based on: NIST SP 800-53 Guide}', 5='{type=string, value=This authoritative guide is based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, which provides guidance for federal agencies on selecting, implementing, and managing information security controls. The guide covers a wide range of topics, including risk assessment, security control selection, security control implementation, and security control monitoring. It also provides detailed information on the security controls that should be implemented in the organization, as well as guidance on how to assess and monitor the effectiveness of those controls. Additionally, the guide provides detailed information on the Federal Information Security Management Act (FISMA) and its requirements for information security. The guide is intended to help organizations ensure that their information systems are secure and compliant with applicable laws and regulations.}', 7='{type=string, value=Write a web page title with no special characters and a maximum of 60 characters based on: NIST SP 800-53 Guide}', 8='{type=string, value=Write the overview for an authoritative guide based on: NIST SP 800-53 Guide}', 9='{type=string, value=20}', 10='{type=string, value=40}', 11='{type=string, value=200}', 12='{type=number, value=0}'}], hs_path=nist-sp-800-53}--
{tableName=glossary, name=Incident Response, description= Incident response is a set of procedures and processes for responding to and managing the aftermath of a security breach or cyber attack. It includes identifying the cause of the incident, assessing the damage, and implementing measures to prevent similar incidents from occurring in the future. It also involves communicating with stakeholders and responding to regulatory requirements. Incident response is an important part of an organization's overall security strategy and should be planned and tested in advance., topic=null, hs_path=incident-response}--
{tableName=glossary, name=Cybersecurity Insurance, description= Cybersecurity Insurance is a type of insurance that provides coverage for losses resulting from cyber-attacks, data breaches, and other cyber-related risks. It helps to protect businesses from the financial losses that can occur when confidential information, intellectual property, or customer data is compromised. Cybersecurity insurance policies can cover expenses related to responding to a breach, such as the cost of hiring a forensic investigator, legal fees, and notification costs. Additionally, it can provide reimbursement for lost income and expenses related to reputation damage. Cybersecurity insurance can also provide coverage for cyber extortion, cyber liability, and cybercrime., topic=null, hs_path=cybersecurity-insurance}--
{tableName=glossary, name=ISO/IEC /IEC 27005, description= ISO/IEC 27005 is an international standard for information security risk management. It provides a framework for organizations to assess, monitor, and manage information security risks. The standard is based on the ISO/IEC 27001 standard, which provides a comprehensive set of controls and processes for managing information security risks. ISO/IEC 27005 is designed to help organizations understand the risk management process and use it to make informed decisions about information security. It provides guidance on the risk assessment process, risk management strategies, risk mitigation, and risk communication. It also provides guidance on how to implement and monitor risk management activities. ISO/IEC 27005 is an important tool for organizations looking to improve their information security posture and protect their data., topic=null, hs_path=iso-iec-iec-27005}--
{tableName=glossary, name=Attribute-Based Access Control (ABAC), description= Attribute-Based Access Control (ABAC) is an access control system that uses a set of attributes to determine the access privileges of a user. It is a policy-based access control model that is based on the evaluation of attributes associated with a user, the resource being requested, and the environment. ABAC provides a flexible and powerful way to control access to resources, enabling administrators to easily create and manage access control policies. It is an alternative to traditional access control models such as role-based access control (RBAC) and discretionary access control (DAC). ABAC is based on the idea that users should be granted access to resources based on their attributes, rather than their roles or identity. Attributes can include things such as user’s age, location, and job title. The access control decision is made by evaluating the user’s attributes against the attributes of the resource being requested. ABAC is often used in conjunction with other access control models, such as RBAC and DAC, to provide a more comprehensive and secure access control system., topic=null, hs_path=attribute-based-access-control-abac}--

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...