Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

On-Demand Webinar

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

See all webinars
{tableName=glossary, name=Cybersecurity Incident Report, description= A Cybersecurity Incident Report is an official document that is used to document the details of a cybersecurity incident. It typically includes an overview of the incident, the timeline of events, the affected systems, and the steps taken to mitigate the incident. This report is often used to provide a complete picture of the incident to management, IT personnel, and other stakeholders. It is also used to provide a detailed analysis of the incident and the actions taken to prevent similar incidents from occurring in the future. The report can also be used to provide evidence in the event of a legal action., topic=null, hs_path=cybersecurity-incident-report}--
{tableName=comparison, name=ISO 27001 vs NIST CSF, description= Compare the ISO 27001 and NIST Cybersecurity Framework (CSF) standards and learn how they can help protect your data and systems., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='null'}]}'}], hs_path=iso-27001-vs-nist-cybersecurity-framework-csf}--
{tableName=glossary, name=IT Audit, description= An IT Audit is an independent review of the information systems and related operations of an organization. It is designed to evaluate the effectiveness of internal controls, ensure compliance with applicable laws and regulations, and identify opportunities for improvement. IT Audits assess the accuracy and completeness of data, the integrity of system security and access controls, the effectiveness of system performance and reliability, the accuracy of system processing, the accuracy and completeness of system documentation, and the accuracy and completeness of system backups and recovery processes. The audit also evaluates the appropriateness of policies and procedures, the effectiveness of the organization’s IT governance framework, the adequacy of risk management processes, and the effectiveness of system change management processes. The audit process typically includes interviews with personnel, review of system documentation, and testing of system controls. The results of the audit are summarized in a report that provides recommendations for improvement and corrective actions., topic=null, hs_path=it-audit}--
{tableName=glossary, name=Vendor Assessment, description= Vendor Assessment is the process of evaluating potential suppliers and vendors to determine their ability to meet the needs of an organization. This process typically involves analyzing a vendor's performance history, customer service, product quality, pricing, and other factors to determine if they are a suitable partner. Vendor assessments are used to ensure that the vendor provides the best value for the organization, and that the vendor is reliable, dependable, and offers the highest quality products and services. Vendor assessments can also help organizations identify potential risks associated with working with certain vendors and help them select the most suitable vendor for their needs., topic=[{id=97620570526, createdAt=1673040885440, updatedAt=1683947987018, path='vendor-risk-management', name=' Vendor Risk Management: A Guide to Best Practices', 1='{type=string, value=Vendor Risk Management}', 2='{type=string, value= Vendor Risk Management Guide: Learn the fundamentals of vendor risk management and how to identify, assess, and mitigate risks associated with third-party vendors.}', 5='{type=string, value=This Vendor Risk Management Guide provides a comprehensive overview of the key components of vendor risk management. It covers the fundamentals of vendor risk management, including risk identification, assessment, and mitigation strategies. It also provides guidance on the development of a vendor risk management program, including the process for selecting, onboarding, and monitoring vendors. Additionally, this guide provides guidance on the use of technology to automate and streamline the vendor risk management process. Finally, this guide provides a number of best practices for managing vendor risk and ensuring compliance with applicable regulations. With this guide, organizations can create a comprehensive and effective vendor risk management program that ensures the safety of their data and systems.}'}], hs_path=vendor-assessment}--
{tableName=comparison, name=SOC 2 vs NIST CSF, description=A comparison of SOC 2 and NIST Cybersecurity Framework (CSF). Learn the differences between the two frameworks, their security objectives., topic=[{id=97620570514, createdAt=1673040885366, updatedAt=1683947939686, path='soc-2', name=' SOC 2 Compliance: A Comprehensive Guide', 1='{type=string, value=SOC 2}', 2='{type=string, value= Compliance SOC 2 Compliance Guide: Learn the basics of SOC 2 compliance and how to ensure your organization meets the necessary standards. Get expert advice and resources to help you understand and implement the necessary}', 5='{type=string, value=This comprehensive guide provides an in-depth look at SOC 2, a set of standards used to assess the security, availability, processing integrity, confidentiality, and privacy of a service organization. It is designed to help service organizations understand the requirements of the SOC 2 framework, as well as how to implement and maintain the necessary controls to achieve compliance. This guide provides a detailed overview of the SOC 2 framework, including the five trust principles, the criteria used to evaluate those principles, and the process organizations must go through to become compliant. Additionally, this guide provides best practices for organizations to ensure they remain compliant, as well as advice on how to handle any non-compliance issues that may arise. With this guide, service organizations can gain a better understanding of the SOC 2 framework and how to use it to maintain the security and privacy of their customers' data.}'}], hs_path=soc-2-vs-nist-cybersecurity-framework-csf}--
{tableName=glossary, name=Risk Management Tool, description= Risk Management Tool is a system or process used to identify, assess, and prioritize risks associated with a particular activity, project, or business venture in order to reduce or eliminate potential losses. Risk Management Tools help organizations identify and analyze potential risks, develop strategies to reduce or manage those risks, and monitor the effectiveness of those strategies. Risk Management Tools can include a variety of methods and techniques, such as risk analysis, risk assessment, risk control, risk avoidance, and risk transfer. Risk Management Tools can also include tools for monitoring and reporting on risk, such as an enterprise risk management system. Risk Management Tools are used to ensure that organizations are aware of the risks associated with their activities, and that those risks are managed effectively., topic=[{id=97620570509, createdAt=1673040885334, updatedAt=1683947919413, path='enterprise-risk-management', name=' Enterprise Risk Management Guide: A Comprehensive Guide', 1='{type=string, value=Enterprise Risk Management}', 2='{type=string, value= This guide provides an overview of Enterprise Risk Management and its processes, enabling you to develop a risk management strategy and plan for your organization. Learn how to identify, assess, and mitigate risks.}', 5='{type=string, value=This authoritative guide provides an overview of enterprise risk management (ERM) and its essential components. It is designed to help business leaders understand the fundamentals of ERM and develop the skills and knowledge needed to effectively manage risk in their organizations. The guide begins by defining ERM and outlining its main objectives. It then examines the key elements of ERM, including risk identification, assessment, and management. It also covers the importance of risk culture and the role of technology in ERM. Finally, the guide provides best practices for implementing and maintaining an effective ERM program. With this guide, business leaders will gain the knowledge and tools needed to effectively manage risk in their organizations.}'}], hs_path=risk-management-tool}--

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...