Skip to content

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risk, and compliance trends.

Webinars

IT risk management essentials: Miti...

On-demand Webinar

IT risk management essentials: Mitigate risk & stay secure

With cyber threats constantly evolving, understanding the essentials of IT risk management is crucial for businesses of ...
date-icon

Jun 12, 2024

location

Virtual

Building intelligent vendor risk pr...

On-demand Webinar

Building intelligent vendor risk programs

Discover how to revolutionize your vendor risk management (VRM) processes with 6clicks' comprehensive solution in our on...
date-icon

May 29, 2024

location

Virtual

Mastering Security Compliance

On-demand Webinar

Mastering Security Compliance

Join our webinar to unlock the potential of AI-driven security compliance with 6clicks! Discover how to intelligently au...
date-icon

May 15, 2024

location

Virtual

See all webinars
{tableName=glossary, name=Cyber Safety, description= Cyber safety is the practice of protecting oneself and one’s personal information from malicious online threats such as cyberbullying, identity theft, and hacking. Cyber safety involves taking steps to protect oneself from malicious online activity, including using strong passwords, avoiding suspicious links and websites, and being aware of one’s online activity. Additionally, cyber safety involves being aware of potential risks associated with social media, online gaming, and other online activities, and taking steps to mitigate those risks. Cyber safety is a growing concern as the internet and technology continue to evolve, and it is important for individuals to take steps to protect themselves from malicious online activity., topic=null, hs_path=cyber-safety}--
{tableName=glossary, name=ISO/IEC Accreditation, description= ISO/IEC accreditation is an internationally recognized standard for the evaluation of organizations that provide certification services. It is a process of assessing the competence of an organization to provide certification services, including the processes and procedures used to ensure that certification is conducted in accordance with the relevant international standards. In order to be accredited, an organization must demonstrate that it has the necessary technical and organizational infrastructure, personnel, and resources to perform certification activities in accordance with the requirements of the relevant international standards. ISO/IEC accreditation is issued by a recognized accreditation body, such as the International Accreditation Forum (IAF). Accreditation is an important part of the certification process, as it ensures that certified products and services meet the required standards and are of the highest quality., topic=null, hs_path=iso-iec-accreditation}--
{tableName=glossary, name=NIST SP 800-53 Benefits, description= NIST SP 800-53 Benefits is a set of guidelines developed by the National Institute of Standards and Technology (NIST) to help organizations identify, assess, and manage the security risks associated with their information systems. The goal of the guidelines is to provide organizations with a comprehensive set of best practices to ensure the confidentiality, integrity, and availability of their information systems. The guidelines are organized into four security control domains: security management, access control, system and communications protection, and system and information integrity. The guidelines provide organizations with a framework for assessing their security risks and implementing appropriate security controls to protect their information systems. The NIST SP 800-53 Benefits guidelines are designed to help organizations reduce the cost of security and increase the effectiveness of their security measures. Additionally, the guidelines help organizations ensure compliance with applicable laws and regulations, as well as industry best practices., topic=[{id=97620570515, createdAt=1673040885373, updatedAt=1715624498921, path='nist-sp-800-53', name=' NIST SP 800-53 Security Guide: Protect Your Data', 1='{type=string, value=NIST SP 800-53}', 2='{type=string, value= This guide provides a comprehensive overview of NIST SP 800-53, a security and privacy control framework for federal information systems and organizations. Learn how to protect your data and comply with NIST}', 5='{type=string, value=This authoritative guide is based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, which provides guidance for federal agencies on selecting, implementing, and managing information security controls. The guide covers a wide range of topics, including risk assessment, security control selection, security control implementation, and security control monitoring. It also provides detailed information on the security controls that should be implemented in the organization, as well as guidance on how to assess and monitor the effectiveness of those controls. Additionally, the guide provides detailed information on the Federal Information Security Management Act (FISMA) and its requirements for information security. The guide is intended to help organizations ensure that their information systems are secure and compliant with applicable laws and regulations.}', 15='{type=list, value=[{id=97620570515, name='NIST SP 800-53'}]}'}], hs_path=nist-sp-800-53-benefits}--
{tableName=glossary, name=Information Security Risk Management, description= Information Security Risk Management is the process of identifying, assessing, and controlling risks associated with the use of information systems. It involves analyzing the potential risks associated with the use of information systems, developing strategies to manage those risks, and implementing measures to protect the security of the information systems. Risk management includes assessing the likelihood of a security breach, evaluating the potential consequences of such a breach, and formulating a plan of action to reduce the risks. It also involves developing policies and procedures to ensure the security of information systems, establishing controls to prevent unauthorized access to information systems, monitoring security events, and responding to security incidents. Risk management is an ongoing process that must be regularly monitored and updated to ensure the security of information systems., topic=null, hs_path=information-security-risk-management}--
{tableName=glossary, name=SOC 1, description= SOC 1 is an abbreviation for Service Organization Controls 1 Report. It is a report issued by an independent auditor that provides assurance to a service organization's customers that the organization has adequate controls and safeguards in place to protect their customers’ financial information. The report is based on the American Institute of Certified Public Accountants (AICPA) Trust Services Principles and Criteria, which are a set of standards designed to evaluate the effectiveness of a service organization's internal controls. The report is used to provide assurance to customers that their financial information is secure and that the service organization is following accepted standards and procedures to protect their data. The report is also used to demonstrate compliance with applicable regulations and industry standards., topic=[{id=97620570514, createdAt=1673040885366, updatedAt=1715624490265, path='soc-2', name=' SOC 2 Compliance: A Comprehensive Guide', 1='{type=string, value=SOC 2}', 2='{type=string, value= Compliance SOC 2 Compliance Guide: Learn the basics of SOC 2 compliance and how to ensure your organization meets the necessary standards. Get expert advice and resources to help you understand and implement the necessary}', 5='{type=string, value=This comprehensive guide provides an in-depth look at SOC 2, a set of standards used to assess the security, availability, processing integrity, confidentiality, and privacy of a service organization. It is designed to help service organizations understand the requirements of the SOC 2 framework, as well as how to implement and maintain the necessary controls to achieve compliance. This guide provides a detailed overview of the SOC 2 framework, including the five trust principles, the criteria used to evaluate those principles, and the process organizations must go through to become compliant. Additionally, this guide provides best practices for organizations to ensure they remain compliant, as well as advice on how to handle any non-compliance issues that may arise. With this guide, service organizations can gain a better understanding of the SOC 2 framework and how to use it to maintain the security and privacy of their customers' data.}', 15='{type=list, value=[{id=97620570514, name='SOC 2'}]}'}], hs_path=soc-1}--
{tableName=glossary, name=Personally Identifiable Information (PII), description= Personally Identifiable Information (PII) is any data that can be used to identify an individual, either directly or indirectly. This includes, but is not limited to, a person’s name, address, phone number, email address, Social Security number, driver’s license number, passport number, financial account information, biometric data, and any other unique identifier. PII is often collected and stored by organizations, such as employers, banks, and government agencies, for the purpose of providing services, conducting transactions, and maintaining records. It is important to note that PII can also be used for malicious purposes, such as identity theft and fraud. As such, organizations must take steps to ensure that PII is collected, stored, and used responsibly. This includes implementing strong security measures, such as encryption and access control, as well as providing individuals with clear information about how their data is being used., topic=null, hs_path=personally-identifiable-information-pii}--

eBooks

GRC 5.0: Explaining the Paradigm Sh...

eBook

GRC 5.0: Explaining the Paradigm Shift in GRC

In this eBook, 6clicks CEO, Anthony Stevens, covers the major paradigm shift in GRC, integrating your risk approach, ma...
GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...