Skip to content
Master Security Compliance: Join our upcoming webinar!

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
Effectively leverage artificial intelligence in your GRC initiatives​
On-demand Webinar

Effectively leverage artificial intelligence in yo...

Discover the power of AI in GRC with Dr. Heather Buker. Access our on-demand webinar for insights on effectively leveraging Artificial Intelligence to...

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Register Now
Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

Register Now
How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

Register Now
See all webinars

Latest Answers

ASD Essential 8

Who has to comply with ASD Essential 8?

What is ASD Essential 8? The Australian Signals Di...

NIST Cybersecurity Framework (CSF)

Is NIST a standard or framework?

What is NIST? NIST, which stands for the National ...

ASD Essential 8

What is the ASD Essential Eight model?

What is the ASD essential eight model? The ASD Ess...

{tableName=glossary, name=Common Vulnerabilities And Exposures (CVE), description= Common Vulnerabilities and Exposures (CVE) is a list of publicly known cyber security vulnerabilities and exposures. It is maintained by the non-profit organization, the MITRE Corporation, and is sponsored by the U.S. Department of Homeland Security. CVE is a dictionary of standardized names for vulnerabilities and exposures that are used to reference publicly known security issues. It provides a reference to security vulnerabilities and exposures, which allows developers and security professionals to identify and share information about these issues. The list of vulnerabilities and exposures is constantly updated and includes detailed information about the severity of the issue, the affected software and hardware, and the type of attack. CVE also provides a reference to the associated Common Vulnerability Scoring System (CVSS) score, which is used to rank the severity of the vulnerability or exposure. This score is used to help prioritize security patches and other security measures. CVE is an important resource for security professionals and developers, as it helps them quickly identify and address security issues., topic=[{id=97620570512, createdAt=1673040885353, updatedAt=1683947931775, path='vulnerability-management', name=' Vuln Mgmt Guide: Learn to Protect Your Business', 1='{type=string, value=Vulnerability Management}', 2='{type=string, value= Learn how to identify, assess, and manage security vulnerabilities in your organization with this comprehensive guide to Vulnerability Management. Get started now!}', 5='{type=string, value=This Vulnerability Management Guide provides an authoritative overview of the processes, strategies, and best practices for effectively managing vulnerabilities in an organization's IT systems. It explains the importance of vulnerability management and outlines the steps needed to build an effective vulnerability management program. It also covers the various tools and techniques used to identify, assess, and remediate vulnerabilities, as well as the importance of monitoring and reporting on the program's progress. Finally, the guide provides guidance on how to select the appropriate security solutions for an organization's needs. By following the advice in this guide, organizations can ensure that their systems are secure and their data is protected.}'}], hs_path=common-vulnerabilities-and-exposures-cve}--
{tableName=glossary, name=Health Information Trust Alliance (HITRUST), description= The Health Information Trust Alliance (HITRUST) is a non-profit organization that was created to provide a unified framework for managing and protecting sensitive healthcare information. This framework is designed to help organizations of all sizes and types, including healthcare providers, health plans, healthcare technology vendors, and other stakeholders, better manage and protect their sensitive information. HITRUST provides an array of services, including standards, tools, and resources, to help organizations assess and improve their security and privacy posture. The HITRUST Common Security Framework (CSF) is a comprehensive, prescriptive, and scalable security framework that provides organizations with a unified approach to managing and protecting sensitive information. The CSF includes a variety of security and privacy controls, including those related to data security, system security, personnel security, access control, and incident response. HITRUST also provides a variety of educational and certification programs to help organizations better understand and implement the CSF., topic=[{id=97620570526, createdAt=1673040885440, updatedAt=1683947987018, path='vendor-risk-management', name=' Vendor Risk Management: A Guide to Best Practices', 1='{type=string, value=Vendor Risk Management}', 2='{type=string, value= Vendor Risk Management Guide: Learn the fundamentals of vendor risk management and how to identify, assess, and mitigate risks associated with third-party vendors.}', 5='{type=string, value=This Vendor Risk Management Guide provides a comprehensive overview of the key components of vendor risk management. It covers the fundamentals of vendor risk management, including risk identification, assessment, and mitigation strategies. It also provides guidance on the development of a vendor risk management program, including the process for selecting, onboarding, and monitoring vendors. Additionally, this guide provides guidance on the use of technology to automate and streamline the vendor risk management process. Finally, this guide provides a number of best practices for managing vendor risk and ensuring compliance with applicable regulations. With this guide, organizations can create a comprehensive and effective vendor risk management program that ensures the safety of their data and systems.}'}], hs_path=health-information-trust-alliance-hitrust}--
{tableName=glossary, name=Personally Identifiable Information (PII), description= Personally Identifiable Information (PII) is any data that can be used to identify an individual, either directly or indirectly. This includes, but is not limited to, a person’s name, address, phone number, email address, Social Security number, driver’s license number, passport number, financial account information, biometric data, and any other unique identifier. PII is often collected and stored by organizations, such as employers, banks, and government agencies, for the purpose of providing services, conducting transactions, and maintaining records. It is important to note that PII can also be used for malicious purposes, such as identity theft and fraud. As such, organizations must take steps to ensure that PII is collected, stored, and used responsibly. This includes implementing strong security measures, such as encryption and access control, as well as providing individuals with clear information about how their data is being used., topic=null, hs_path=personally-identifiable-information-pii}--
{tableName=glossary, name=ISO/IEC Framework, description= The ISO/IEC Framework is a set of standards and guidelines developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) to provide a consistent and reliable approach to the development, implementation, and management of information systems. It is designed to ensure that the systems developed are secure, reliable, and capable of meeting the needs of the organization. The framework is composed of a set of principles and processes that guide the development, implementation, and management of information systems. These principles and processes include security, quality assurance, system design, system development, system maintenance, system evaluation, system optimization, system integration, and system management. The framework also provides guidance on the selection and use of appropriate technologies, and the development and implementation of appropriate policies and procedures. The ISO/IEC framework is an important tool for organizations to ensure that their information systems are reliable, secure, and capable of meeting their business needs., topic=null, hs_path=iso-iec-framework}--
{tableName=glossary, name=COBIT Framework Principles, description= The COBIT Framework Principles are a set of seven guiding principles for the effective governance and management of enterprise IT. The COBIT framework is a comprehensive, widely accepted approach to IT governance and management that provides organizations with the ability to effectively manage IT-related risks and realize the benefits of IT investments. The seven principles are: 1. Meeting Stakeholder Needs: IT should be managed to meet the needs of stakeholders, including customers, regulators, shareholders, and other stakeholders. 2. Covering the Enterprise End-to-End: IT should be managed holistically across the entire enterprise, from strategy to operations. 3. Applying a Single Integrated Framework: IT should be managed using a single integrated framework that incorporates best practices from multiple sources. 4. Enabling a Holistic Approach: IT should be managed in a holistic manner, considering the organization’s overall objectives, strategies, and risks. 5. Separating Governance from Management: IT governance should be separated from IT management, with governance focusing on setting policy and direction, and management focusing on the day-to-day operations. 6. Optimizing Risk vs. Return: IT investments should be managed to optimize the return on investment while managing IT-related risks. 7. Applying the Right Controls: IT should be managed using the appropriate controls to ensure that the organization’s objectives are met., topic=null, hs_path=cobit-framework-principles}--
{tableName=glossary, name=Association of International Certified Professional Accountants (AICPA), description= The Association of International Certified Professional Accountants (AICPA) is an organization that represents the global accounting profession. It is the world’s largest accounting body, with more than 650,000 members in over 130 countries. Its members include CPAs, Chartered Professional Accountants (CPAs) and Certified Management Accountants (CMAs). The AICPA sets the ethical and technical standards for the accounting profession, and provides guidance and resources to help its members stay current on changes in the profession. It also offers educational and certification programs, such as the CPA Exam and the CMA Exam, as well as continuing professional education. The AICPA also advocates for the profession and works to promote the public interest by advocating for sound financial reporting and disclosure, and by advocating for the protection of the public’s financial interests. It also works to ensure that the public has access to accurate and reliable financial information., topic=null, hs_path=association-of-international-certified-professional-accountants-aicpa}--
Vulnerability Management
Common Vulnerabilities And Exposures (CVE)

Common Vulnerabilities and Exposures (CVE) is a list of publicly known cyber security vulnerabilitie...

Vendor Risk Management
Health Information Trust Alliance (HITRUST)

The Health Information Trust Alliance (HITRUST) is a non-profit organization that was created to pro...

Personally Identifiable Information (PII)

Personally Identifiable Information (PII) is any data that can be used to identify an individual, ei...

ISO/IEC Framework

The ISO/IEC Framework is a set of standards and guidelines developed by the International Organizati...

COBIT Framework Principles

The COBIT Framework Principles are a set of seven guiding principles for the effective governance an...

Association of International Certified Professiona...

The Association of International Certified Professional Accountants (AICPA) is an organization that ...

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Download
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks