Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

See all webinars
{tableName=glossary, name=Risk Management Process, description= Risk Management Process is a systematic approach to identifying, analyzing, and responding to risks associated with an organization's operations, projects, and investments. It involves assessing the likelihood and impact of potential risks, then developing strategies to manage those risks. Risk management is an ongoing process that seeks to minimize the impact of risks on an organization's objectives, while also maximizing the potential benefit of taking on certain risks. It involves identifying, evaluating, and responding to potential risks, as well as monitoring and reviewing the effectiveness of the risk management strategies. The process of risk management also involves communicating and consulting with stakeholders to ensure that risks are being managed effectively., topic=[{id=97620570509, createdAt=1673040885334, updatedAt=1683947919413, path='enterprise-risk-management', name=' Enterprise Risk Management Guide: A Comprehensive Guide', 1='{type=string, value=Enterprise Risk Management}', 2='{type=string, value= This guide provides an overview of Enterprise Risk Management and its processes, enabling you to develop a risk management strategy and plan for your organization. Learn how to identify, assess, and mitigate risks.}', 5='{type=string, value=This authoritative guide provides an overview of enterprise risk management (ERM) and its essential components. It is designed to help business leaders understand the fundamentals of ERM and develop the skills and knowledge needed to effectively manage risk in their organizations. The guide begins by defining ERM and outlining its main objectives. It then examines the key elements of ERM, including risk identification, assessment, and management. It also covers the importance of risk culture and the role of technology in ERM. Finally, the guide provides best practices for implementing and maintaining an effective ERM program. With this guide, business leaders will gain the knowledge and tools needed to effectively manage risk in their organizations.}'}], hs_path=risk-management-process}--
{tableName=glossary, name=Instant Communications Security And Compliance, description= Instant Communications Security and Compliance is the practice of implementing measures to ensure the security and compliance of digital communications, such as emails, text messages, and other forms of electronic communication. It involves using technologies, processes, and policies to protect data and communications from unauthorized access or alteration. It also involves ensuring that all communications comply with applicable laws and regulations. This includes ensuring that all data is stored securely, that all communications are encrypted, and that all communications are monitored and audited. Additionally, it involves establishing processes to ensure that all communications are compliant with applicable laws and regulations, and that any changes to the system are documented and approved. Finally, it involves providing training to users on how to properly use and protect digital communications., topic=null, hs_path=instant-communications-security-and-compliance}--
{tableName=glossary, name=ISO/IEC 27001 Requirement Checklist, description= ISO/IEC 27001 Requirement Checklist is a document that outlines the requirements for an organization to implement an information security management system (ISMS) as per the ISO/IEC 27001 standard. The checklist provides a comprehensive list of all the requirements of the standard, including the scope of the ISMS, the roles and responsibilities of personnel, the security policies and procedures, the physical and environmental security, the access control and authentication, the system and network security, the security of applications and data, the security of communications, the incident management and business continuity, the monitoring and auditing, and the continual improvement of the ISMS. The checklist is designed to help organizations ensure that all the requirements of the standard are met, and that their ISMS is properly implemented and maintained., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-requirement-checklist}--
{tableName=glossary, name=Financial Risk, description= Financial risk is the potential for financial loss or other adverse outcomes resulting from decisions made by an individual, organization, or government entity in the pursuit of financial gain. It can arise from a variety of sources, including financial markets, investments, corporate finance, lending, and other financial activities. Financial risk can be divided into two broad categories: systematic and unsystematic risk. Systematic risk is the risk that is associated with the entire market, and is often caused by macroeconomic events such as changes in interest rates, inflation, or the stock market. Unsystematic risk is the risk associated with a particular security or sector, and is typically caused by specific events such as company-specific news or changes in management. Financial risk management is the process of identifying, assessing, and managing the risks associated with financial activities in order to minimize the potential for financial losses. This involves analyzing the risks associated with various investments and financial activities, developing strategies to manage those risks, and monitoring the performance of those strategies., topic=null, hs_path=financial-risk}--
{tableName=glossary, name=COBIT Framework Goals, description= The COBIT Framework Goals are a set of high-level objectives that provide guidance on the desired outcomes of IT governance and management processes. They are used to define the scope of IT governance and management activities and to ensure that IT-related activities are aligned with the organization’s overall business objectives. The COBIT Framework Goals provide a comprehensive view of IT governance and management activities and are designed to enable organizations to optimize the use of IT resources to achieve their strategic objectives. The COBIT Framework Goals are divided into four domains: Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate. The Plan and Organize domain focuses on the strategic planning and organizational design of IT governance and management processes. The Acquire and Implement domain focuses on the procurement and implementation of IT systems. The Deliver and Support domain focuses on the delivery of IT services and the management of IT operations. The Monitor and Evaluate domain focuses on the monitoring and evaluation of IT performance. The COBIT Framework Goals are designed to provide organizations with a comprehensive view of IT governance and management activities and to ensure that IT-related activities are aligned with the organization’s overall business objectives., topic=null, hs_path=cobit-framework-goals}--
{tableName=glossary, name=The Health Insurance Portability and Accountability (HIPAA), description= The Health Insurance Portability and Accountability (HIPAA) is a federal law enacted in 1996 that provides data privacy and security provisions for safeguarding medical information. The law applies to health plans, health care clearinghouses, and those health care providers that conduct certain financial and administrative transactions electronically. The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain financial and administrative transactions electronically. The Privacy Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The HIPAA Security Rule requires covered entities to maintain reasonable and appropriate administrative, physical, and technical safeguards for protecting and securing protected health information. The Security Rule addresses both technical and non-technical safeguards, such as administrative, physical, and technical controls. The HIPAA Enforcement Rule provides the procedures for enforcing the privacy and security provisions of HIPAA. The Enforcement Rule outlines the procedures for investigating and resolving complaints of noncompliance and outlines the penalties for violations of the HIPAA Rules. The HIPAA Breach Notification Rule requires covered entities to provide notification following a breach of unsecured protected health information. The Breach Notification Rule requires covered entities to provide notification to affected individuals, the Secretary of the Department of Health and Human Services (HHS), and, in certain cases, to the media., topic=null, hs_path=the-health-insurance-portability-and-accountability-hipaa}--

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...