Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

On-Demand Webinar

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

See all webinars
{tableName=glossary, name=SSAE 16, description= Statement on Standards for Attestation Engagements (SSAE) No. 16 is an attestation standard issued by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA). It replaces the previous standard, Statement on Auditing Standards (SAS) No. 70, and is used by service organizations to demonstrate their internal controls, processes, and systems are suitably designed and operating effectively. SSAE 16 is a service auditor's attestation that a service organization has been through an in-depth evaluation of their control objectives and control activities, and the results of that evaluation have been reported. It requires the service auditor to obtain an understanding of the service organization's control environment, assess the risk of material misstatement, test the operating effectiveness of the controls, and obtain sufficient appropriate evidence to support the opinion on the design and operating effectiveness of the controls. SSAE 16 also requires management of the service organization to provide written assertions regarding the design and operating effectiveness of the controls. The service auditor must then evaluate the evidence obtained and the assertions made by management, and provide a report that expresses an opinion on the fairness of the presentation of the description of the service organization's system, and the suitability of the design and operating effectiveness of the controls., topic=null, hs_path=ssae-16}--
{tableName=glossary, name=Financial Risk, description= Financial risk is the potential for financial loss or other adverse outcomes resulting from decisions made by an individual, organization, or government entity in the pursuit of financial gain. It can arise from a variety of sources, including financial markets, investments, corporate finance, lending, and other financial activities. Financial risk can be divided into two broad categories: systematic and unsystematic risk. Systematic risk is the risk that is associated with the entire market, and is often caused by macroeconomic events such as changes in interest rates, inflation, or the stock market. Unsystematic risk is the risk associated with a particular security or sector, and is typically caused by specific events such as company-specific news or changes in management. Financial risk management is the process of identifying, assessing, and managing the risks associated with financial activities in order to minimize the potential for financial losses. This involves analyzing the risks associated with various investments and financial activities, developing strategies to manage those risks, and monitoring the performance of those strategies., topic=null, hs_path=financial-risk}--
{tableName=glossary, name=ISO/IEC /IEC 27001:2017, description= ISO/IEC 27001:2017 is an international standard that provides specifications and guidance for organizations to establish, maintain, and continually improve an information security management system (ISMS). It is designed to help organizations protect their information assets and prevent unauthorized access, disclosure, destruction, or loss of data. The standard is based on a risk management approach and provides a framework for organizations to identify, assess, and manage their information security risks. It also provides guidance on how to select and implement appropriate security controls to protect and secure information assets. Organizations that meet the requirements of ISO/IEC 27001:2017 can demonstrate to customers, suppliers, and other stakeholders that they have taken appropriate measures to protect their information assets., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='null'}]}'}], hs_path=iso-iec-iec-270012017}--
{tableName=glossary, name=Operational Technology (OT), description= Operational Technology (OT) is a term used to refer to the hardware and software used to monitor and control physical devices and processes in an industrial setting. This includes programmable logic controllers (PLCs), distributed control systems (DCSs), supervisory control and data acquisition (SCADA) systems, and other industrial control systems (ICSs). OT is used in a variety of industries, including manufacturing, energy, transportation, and healthcare, to ensure the efficient and safe operation of industrial processes. OT systems are used to monitor and control physical devices such as pumps, valves, motors, and other equipment, as well as the processes that use these devices. OT systems are also used to collect data for analysis and reporting purposes, as well as for predictive maintenance. OT systems are typically connected to the Internet and other networks, allowing for remote access and control., topic=null, hs_path=operational-technology-ot}--
{tableName=guides, name=Responsible AI , description=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant., topic=[{id=148362465326, createdAt=1701649556332, updatedAt=1701653661775, path='responsibleai', name='Responsible AI Guide: A Comprehensive Guide', 1='{type=string, value=Responsible AI }', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

Artificial Intelligence (AI) and Machine Learning (ML) have become integral parts of the modern technological landscape, revolutionizing how we interact with data and automate processes. AI refers to the simulation of human intelligence in machines programmed to think and learn like humans. ML, a subset of AI, focuses on the development of systems that can learn and adapt from experience without being explicitly programmed. This groundbreaking field has led to significant advancements in various sectors, including healthcare, finance, and transportation, enhancing efficiency and opening new frontiers of innovation. The rise of AI has also introduced unique user interactions, reshaping how we engage with technology on a day-to-day basis. Understanding the components of AI solutions, from algorithms to data management, is crucial in leveraging their full potential.

However, with great power comes great responsibility. Responsible AI is a critical concept that emphasizes the ethical, transparent, and accountable use of AI technologies. It seeks to address the potential risks associated with AI, such as privacy concerns, bias in decision-making, and the broader societal impacts. The development and deployment of AI/ML solutions carry inherent risks, demanding careful consideration and management. Real-world incidents involving AI have highlighted the importance of secure and responsible adoption, both by individuals and organizations. This guide will delve into these topics, exploring frameworks like the NIST AI Risk Management Framework (RMF) and ISO 42001, which provide structured approaches for managing AI risks. Additionally, it will discuss the Responsible AI principles set forth by the OECD, which serve as a global benchmark for ensuring that AI systems are designed and used in a manner that respects human rights and democratic values.

}', 15='{type=list, value=[{id=148362465326, name='null'}]}'}], hs_path=responsibleai}--
{tableName=glossary, name=ISO/IEC 27005 And ISRM, description= ISO/IEC 27005 is an international standard that provides guidance on information security risk management (ISRM). It is designed to help organizations understand, manage, and reduce the risks associated with their information security activities. The standard focuses on the principles and processes of risk management, and provides guidance on the selection and implementation of risk management activities. It also provides guidance on the integration of risk management into the overall management system of an organization. ISO/IEC 27005 is based on the ISO/IEC 27001 standard, which provides a framework for the implementation of information security management systems. The standard is applicable to any organization, regardless of size, type, or sector. It is intended to help organizations identify and manage the risks associated with their information security activities, and to ensure that appropriate measures are taken to protect their information assets. The standard provides guidance on the assessment of risk, the development of risk management plans, and the implementation and monitoring of risk management measures., topic=null, hs_path=iso-iec-27005-and-isrm}--

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...