Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

See all webinars
{tableName=glossary, name=SSAE 16, description= Statement on Standards for Attestation Engagements (SSAE) No. 16 is an attestation standard issued by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA). It replaces the previous standard, Statement on Auditing Standards (SAS) No. 70, and is used by service organizations to demonstrate their internal controls, processes, and systems are suitably designed and operating effectively. SSAE 16 is a service auditor's attestation that a service organization has been through an in-depth evaluation of their control objectives and control activities, and the results of that evaluation have been reported. It requires the service auditor to obtain an understanding of the service organization's control environment, assess the risk of material misstatement, test the operating effectiveness of the controls, and obtain sufficient appropriate evidence to support the opinion on the design and operating effectiveness of the controls. SSAE 16 also requires management of the service organization to provide written assertions regarding the design and operating effectiveness of the controls. The service auditor must then evaluate the evidence obtained and the assertions made by management, and provide a report that expresses an opinion on the fairness of the presentation of the description of the service organization's system, and the suitability of the design and operating effectiveness of the controls., topic=null, hs_path=ssae-16}--
{tableName=glossary, name=DMAC Security, description= Dmarc Security is a set of standards that helps protect email senders and recipients from malicious email activity. It stands for Domain-based Message Authentication, Reporting, and Conformance. Dmarc Security works by verifying the authenticity of a sender’s domain name and email address. It also provides detailed reports on email authentication and compliance, so that email administrators can monitor their email environment and identify suspicious activity. Dmarc Security is an important tool for organizations to protect their email systems from malicious actors. It helps to ensure that only legitimate emails are sent and received, and that unwanted or malicious emails are blocked. Dmarc Security also helps to protect the privacy of email recipients, by ensuring that only authorized senders can send emails to them., topic=[{id=97620570528, createdAt=1673040885452, updatedAt=1683947994134, path='cybersecurity-risk-management', name=' Cybersecurity Risk Management: A Guide for Businesses', 1='{type=string, value=Cybersecurity Risk Management}', 2='{type=string, value= This guide provides essential information on cyber security risk management, including how to identify, assess, and mitigate risks to your organization's data and systems. Learn how to create a cyber security strategy that}', 5='{type=string, value=This Cybersecurity Risk Management Guide is designed to provide an authoritative overview of the key concepts and processes associated with effective cybersecurity risk management. It provides an introduction to the principles of risk management and the key steps involved in developing a successful risk management plan. It outlines the importance of understanding the threats and vulnerabilities that exist in the digital environment, as well as the steps that can be taken to mitigate these risks. It also discusses the need to develop a culture of security within an organization and the role of leadership in setting the tone for a secure environment. Finally, the guide provides guidance on the selection and implementation of security technologies, as well as the monitoring and review of risk management processes. This guide is an essential resource for anyone looking to understand and manage risks associated with cyber threats.}'}], hs_path=dmarc-security}--
{tableName=glossary, name=ISO/IEC 27001 Data Retention Policy, description= ISO/IEC 27001 Data Retention Policy is a set of guidelines that outlines the procedures and standards for how data should be stored, managed, and retained to ensure the security and integrity of the data. This policy is designed to ensure that the data is properly secured, managed, and retained in a manner that is compliant with applicable laws and regulations. It outlines the requirements for the collection, storage, and retention of data, as well as the procedures for accessing, updating, and deleting data. The policy also establishes the procedures for monitoring and auditing the data to ensure that the data is secure and accessible. The policy should be reviewed and updated periodically to ensure that it remains current and up-to-date with the latest regulations and best practices., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-data-retention-policy}--
{tableName=glossary, name=Configuration Management Database (CMDB), description= A Configuration Management Database (CMDB) is a database that stores and organizes detailed information about the components of an organization's IT infrastructure, including hardware, software, networks, and services. It is used to track and manage changes to the infrastructure, such as upgrades, new installations, and decommissioning of components, as well as to monitor the health and performance of the system. The CMDB is also used to ensure that the IT infrastructure is compliant with organizational policies and regulations. In addition, the CMDB can be used to provide a comprehensive view of the IT environment and its relationships, which can be used for capacity planning, forecasting, and decision making. The CMDB is also used to automate and streamline IT operations, such as incident management and change management. The CMDB is a powerful tool for IT departments to ensure the reliability and availability of their IT infrastructure., topic=null, hs_path=configuration-management-database-cmdb}--
{tableName=comparison, name=ISO 27001 vs APRA CPS 234, description= ISO 27001 vs APRA CPS 234: Compare the two leading international information security standards. Learn the differences between ISO 27001 and APRA CPS 234., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-27001-vs-apra-cps-234}--
{tableName=glossary, name=GRC Tools, description= GRC (Governance, Risk, and Compliance) Tools are software solutions that help organizations assess, manage, and monitor their risk, compliance, and governance activities. These tools are designed to provide organizations with the ability to assess their risk posture, identify compliance gaps, and ensure that their internal operations are in line with applicable laws and regulations. GRC tools can also be used to monitor and track performance against established objectives and provide insight into the effectiveness of internal controls. GRC tools are typically used by organizations to ensure that their operations are aligned with their business strategies, while also helping to reduce operational costs and improve operational efficiency., topic=null, hs_path=grc-tools}--

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...