Skip to content

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risk, and compliance trends.

Webinars

6clicks Hub & Spoke: Smart GRC solu...

On-demand Webinar

6clicks Hub & Spoke: Smart GRC solution for enterprise needs

Explore how 6clicks' unique Hub & Spoke deployment architecture streamlines cyber GRC management for federated enterpris...
date-icon

Sep 2, 2024

location

Virtual

Q3 product showcase: Continuous Con...

On-demand Webinar

Q3 product showcase: Continuous Control Monitoring, Developer API, and more

Join our webinar for CISOs, risk and compliance professionals, and security teams to explore the latest 6clicks features...
date-icon

Aug 22, 2024

location

Virtual

AI and the Future of GRC

On-demand Webinar

AI and the Future of GRC

Join us for an insightful webinar featuring Anthony Stevens, CEO of 6clicks, and Michael Rasmussen, the GRC Pundit & Ana...
date-icon

Aug 2, 2024

location

Virtual

See all webinars
{tableName=glossary, name=Database Audit And Protection (DAP), description= Database Audit and Protection (DAP) is a set of processes and procedures used to monitor, audit, and protect data stored in a database. DAP involves the use of software tools to detect, analyze, and report on any unauthorized access, modification, or deletion of data stored in a database. DAP also involves the use of encryption to protect the data from being accessed by unauthorized users. DAP processes are designed to ensure that data is secure from unauthorized access, modification, or deletion, and that all changes made to the data are tracked and logged. DAP also helps organizations comply with applicable laws and regulations, such as the General Data Protection Regulation (GDPR). DAP is an important part of an organization's overall security strategy and helps to ensure that data is secure, accessible, and compliant with applicable laws and regulations., topic=null, hs_path=database-audit-and-protection-dap}--
{tableName=glossary, name=NIST SP 800-53, description= NIST SP 800-53 is a set of security controls and guidelines developed by the National Institute of Standards and Technology (NIST). It provides a comprehensive set of security requirements for federal information systems and organizations. It is designed to help organizations protect their information systems from unauthorized access, modification, misuse, and destruction. The security controls are divided into 18 categories, with each category containing a set of security controls and associated implementation guidance. The categories include access control, audit and accountability, awareness and training, configuration management, contingency planning, identification and authentication, incident response, maintenance, media protection, physical and environmental protection, planning, personnel security, risk assessment, system and services acquisition, system and communications protection, system and information integrity, system and network security, and system and organization security. Each security control is further divided into sub-controls, with each sub-control having a set of implementation guidance and a baseline security requirement. The baseline security requirement defines the minimum level of security that must be achieved for each sub-control. NIST SP 800-53 also provides guidance on how to implement the security controls and provides a framework for developing a security program., topic=[{id=97620570515, createdAt=1673040885373, updatedAt=1715624498921, path='nist-sp-800-53', name=' NIST SP 800-53 Security Guide: Protect Your Data', 1='{type=string, value=NIST SP 800-53}', 2='{type=string, value= This guide provides a comprehensive overview of NIST SP 800-53, a security and privacy control framework for federal information systems and organizations. Learn how to protect your data and comply with NIST}', 5='{type=string, value=This authoritative guide is based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, which provides guidance for federal agencies on selecting, implementing, and managing information security controls. The guide covers a wide range of topics, including risk assessment, security control selection, security control implementation, and security control monitoring. It also provides detailed information on the security controls that should be implemented in the organization, as well as guidance on how to assess and monitor the effectiveness of those controls. Additionally, the guide provides detailed information on the Federal Information Security Management Act (FISMA) and its requirements for information security. The guide is intended to help organizations ensure that their information systems are secure and compliant with applicable laws and regulations.}', 15='{type=list, value=[{id=97620570515, name='NIST SP 800-53'}]}'}], hs_path=nist-sp-800-53}--
{tableName=guides, name=Critical Infrastructure, description=Discover our expert guide on Cyber GRC for critical infrastructure. Learn key frameworks, risk management, and compliance practices to protect vital systems from cyber threats., topic=[{id=167306711909, createdAt=1715639896212, updatedAt=1715708390844, path='critical-infrastructure', name='Cybersecurity risk and compliance for Critical Infrastructure', 1='{type=string, value=Critical Infrastructure}', 2='{type=string, value=Discover our expert guide on Cyber GRC for critical infrastructure. Learn key frameworks, risk management, and compliance practices to protect vital systems from cyber threats.}', 5='{type=string, value=This comprehensive guide delves into Cyber Governance, Risk, and Compliance (GRC) tailored for critical infrastructure sectors such as energy, healthcare, and transportation. Discover key components, best practices, and country-specific frameworks from Australia, the UK, and the US. Gain insights on risk assessment, incident response, and future trends to enhance your organization's cybersecurity resilience.}', 15='{type=list, value=[{id=167306711909, name='Critical Infrastructure'}]}'}], hs_path=critical-infrastructure}--
{tableName=comparison, name=ISO 27001 vs SOC 2, description= ISO 27001 and SOC 2 are two global standards for information security management. Learn the key differences between them., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-27001-vs-soc-2}--
{tableName=glossary, name=SOC 2 Compliance, description= SOC 2 Compliance is a set of standards and requirements designed to ensure that organizations providing services to customers maintain the security, availability, processing integrity, confidentiality, and privacy of customer data. It requires organizations to implement a comprehensive set of security controls and processes to protect customer data and ensure its availability, integrity, and confidentiality. The SOC 2 standard is based on the Trust Services Criteria, which consists of five categories: Security, Availability, Processing Integrity, Confidentiality, and Privacy. Security includes measures to protect customer data from unauthorized access, use, or disclosure. Availability involves ensuring that customer data is available when needed. Processing Integrity requires that customer data is processed accurately and completely. Confidentiality ensures that customer data is not disclosed to unauthorized individuals or entities. Lastly, Privacy requires that organizations protect customer data in accordance with applicable laws and regulations. Organizations that achieve SOC 2 compliance demonstrate that they have taken the necessary steps to protect customer data and are committed to providing a secure environment., topic=null, hs_path=soc-2-compliance}--
{tableName=glossary, name=ISO/IEC 27001 Toolkit, description= ISO/IEC 27001 Toolkit is a collection of resources and documents designed to help organizations implement an Information Security Management System (ISMS) in accordance with the ISO/IEC 27001 standard. It includes an ISMS manual, policies and procedures, a risk assessment template, audit checklists, and other related documents. The toolkit provides a comprehensive set of resources to help organizations design, implement, and maintain an effective ISMS that meets the requirements of the ISO/IEC 27001 standard. The toolkit also serves as a reference guide to help organizations understand the different elements of the ISO/IEC 27001 standard and how they can be implemented in practice., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-toolkit}--