Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

On-Demand Webinar

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

See all webinars
{tableName=glossary, name=Cybersecurity Credentials, description= Cybersecurity credentials are a set of qualifications and certifications that a person or organization holds to demonstrate their knowledge and proficiency in the field of cybersecurity. These credentials may include certifications from industry-recognized organizations such as the International Information Systems Security Certification Consortium (ISC2), the Computing Technology Industry Association (CompTIA), the Certified Information Systems Security Professional (CISSP), and the Information Systems Audit and Control Association (ISACA). Cybersecurity credentials also may include certifications from universities and other educational institutions, as well as certifications from government agencies like the National Security Agency (NSA). Cybersecurity credentials are important for both individuals and organizations, as they demonstrate the expertise and knowledge of the holder in the field of cybersecurity and provide assurance that the holder is up-to-date on the latest security practices and technologies., topic=null, hs_path=cybersecurity-credentials}--
{tableName=glossary, name=Vendor Assessment, description= Vendor Assessment is the process of evaluating potential suppliers and vendors to determine their ability to meet the needs of an organization. This process typically involves analyzing a vendor's performance history, customer service, product quality, pricing, and other factors to determine if they are a suitable partner. Vendor assessments are used to ensure that the vendor provides the best value for the organization, and that the vendor is reliable, dependable, and offers the highest quality products and services. Vendor assessments can also help organizations identify potential risks associated with working with certain vendors and help them select the most suitable vendor for their needs., topic=[{id=97620570526, createdAt=1673040885440, updatedAt=1683947987018, path='vendor-risk-management', name=' Vendor Risk Management: A Guide to Best Practices', 1='{type=string, value=Vendor Risk Management}', 2='{type=string, value= Vendor Risk Management Guide: Learn the fundamentals of vendor risk management and how to identify, assess, and mitigate risks associated with third-party vendors.}', 5='{type=string, value=This Vendor Risk Management Guide provides a comprehensive overview of the key components of vendor risk management. It covers the fundamentals of vendor risk management, including risk identification, assessment, and mitigation strategies. It also provides guidance on the development of a vendor risk management program, including the process for selecting, onboarding, and monitoring vendors. Additionally, this guide provides guidance on the use of technology to automate and streamline the vendor risk management process. Finally, this guide provides a number of best practices for managing vendor risk and ensuring compliance with applicable regulations. With this guide, organizations can create a comprehensive and effective vendor risk management program that ensures the safety of their data and systems.}'}], hs_path=vendor-assessment}--
{tableName=comparison, name=ASD Essential 8 vs SOC 2, description=ASD Essential 8 vs SOC 2: Learn the differences between the Australian Signals Directorate's Essential 8 security strategies and the AICPA's SOC 2 framework, topic=[{id=97620570506, createdAt=1673040885315, updatedAt=1685498674506, path='asd-essential-8', name=' ASD Essential 8 Guide: A Comprehensive Overview', 1='{type=string, value=ASD Essential 8}', 2='{type=string, value= This guide provides an overview of the ASD Essential 8 - 8 evidence-based strategies to help improve the outcomes of children with Autism Spectrum Disorder. Learn how to identify and implement these strategies to help}', 5='{type=string, value=This authoritative guide provides an in-depth look at the ASD Essential 8 (E8), a set of eight measures developed by the Australian Signals Directorate (ASD) to protect organizations from cyber threats. It explores whether the ASD Essential 8 are mandatory or not for your organisations and covers the fundamentals of each of the eight measures, including the maturity levels, how to perform an assessment and implementation guidenace.}'}], hs_path=asd-essential-8-vs-soc-2}--
{tableName=glossary, name=ISO/IEC Audit, description= ISO/IEC Audit is an independent assessment of an organization’s compliance with the ISO/IEC standards, which are a set of international standards that provide guidance on how organizations should operate in order to ensure quality, safety and security. The audit is conducted by an independent auditor who evaluates an organization’s policies, procedures, processes, and systems to determine if they are in compliance with the standards. The audit typically includes interviews and reviews of documents, records, and other evidence to ensure that the organization is meeting the requirements set forth in the standard. The auditor then provides a report to the organization and may recommend corrective actions to be taken in order to ensure compliance. The audit is an important part of the ISO/IEC certification process, as it helps to ensure that organizations are meeting the standards and providing quality products and services to their customers., topic=null, hs_path=iso-iec-audit}--
{tableName=glossary, name=SOC Reports, description= SOC Reports, or Service Organization Control Reports, are independent third-party audit reports that provide assurance about the security, availability, and processing integrity of a service organization's system and the confidentiality and privacy of the information that is processed by the service organization. These reports are typically used by organizations that outsource their IT services or process customer data. SOC Reports are conducted by auditors who assess the service organization's internal controls, policies, procedures, and processes. They evaluate the effectiveness of the service organization's information security, privacy, and data protection programs, as well as the service organization's compliance with applicable laws and regulations. The reports are typically issued in three forms: SOC 1, SOC 2, and SOC 3. SOC 1 reports focus on the service organization's internal controls related to financial reporting, while SOC 2 and SOC 3 reports focus on the service organization's security, availability, and processing integrity., topic=null, hs_path=soc-reports}--
{tableName=glossary, name=SSAE 18, description= Statement on Standards for Attestation Engagements (SSAE) No. 18 is an attestation standard issued by the American Institute of Certified Public Accountants (AICPA). It defines the requirements for attestation engagements performed by a service auditor, and is applicable to service organizations that provide services to user entities. The standard provides guidance for service auditors on how to plan and perform an attestation engagement, and how to report on the results of the engagement. It is intended to replace the Statement on Auditing Standards (SAS) No. 70, which is the previous standard for service organization attestation engagements. SSAE 18 requires a service auditor to obtain an understanding of the service organization's system and its controls, assess the risks associated with the system, determine the nature, timing and extent of the tests to be performed, and evaluate the design and operating effectiveness of the controls. The service auditor must also issue an opinion on the fairness of the description of the service organization's system and the suitability of the design and operating effectiveness of the controls. The opinion must include a description of the tests performed and the results of the tests., topic=null, hs_path=ssae-18}--

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...