Skip to content
Master Security Compliance: Join our upcoming webinar!

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
Replay: December Product Showcase
On-demand Webinar

Replay: December Product Showcase

Uncover 6clicks' 2023 highlights and future roadmap in our on-demand Product Showcase. Dive into the latest innovations shaping risk and compliance so...

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Register Now
Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

Register Now
How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

Register Now
See all webinars

Latest Answers

ASD Essential 8

Who has to comply with ASD Essential 8?

What is ASD Essential 8? The Australian Signals Di...

NIST Cybersecurity Framework (CSF)

Is NIST a standard or framework?

What is NIST? NIST, which stands for the National ...

ASD Essential 8

What is the ASD Essential Eight model?

What is the ASD essential eight model? The ASD Ess...

{tableName=glossary, name=Policy management, description= Policy management is the process of developing, implementing, and maintaining organizational policies, procedures, and guidelines. It is a comprehensive system of setting and enforcing standards and guidelines to ensure that all employees and stakeholders are aware of and comply with the organization’s policies. Policy management includes creating and maintaining a policy document, making sure it is up-to-date, communicating it to stakeholders, and monitoring compliance. It also includes developing an enforcement system to ensure that the policy is followed and that any violations are addressed and corrected. Policy management is an important part of any organization’s risk management strategy, as it helps to ensure that the organization is complying with relevant laws and regulations, and that it is taking steps to protect its employees, customers, and assets., topic=[{id=97620570510, createdAt=1673040885340, updatedAt=1685411365052, path='regulatory-compliance', name='Streamlining Compliance Management: The 6clicks Advantage', 1='{type=string, value=Compliance Management}', 2='{type=string, value=This guide provides an overview of the regulations and compliance requirements for businesses in the US, UK, AU and EU. Learn how to stay compliant and protect your business from potential legal issues.}', 5='{type=string, value=This guide provides an overview of the key principles and strategies for successful compliance management. Learn how to navigate regulatory requirements, mitigate risks, and streamline processes with the help of advanced compliance management solutions. Gain valuable insights to ensure your organization's adherence to laws, regulations, and industry standards while promoting a culture of compliance and achieving operational excellence.}'}], hs_path=policy-management}--
{tableName=glossary, name=Configuration Management Database (CMDB), description= A Configuration Management Database (CMDB) is a database that stores and organizes detailed information about the components of an organization's IT infrastructure, including hardware, software, networks, and services. It is used to track and manage changes to the infrastructure, such as upgrades, new installations, and decommissioning of components, as well as to monitor the health and performance of the system. The CMDB is also used to ensure that the IT infrastructure is compliant with organizational policies and regulations. In addition, the CMDB can be used to provide a comprehensive view of the IT environment and its relationships, which can be used for capacity planning, forecasting, and decision making. The CMDB is also used to automate and streamline IT operations, such as incident management and change management. The CMDB is a powerful tool for IT departments to ensure the reliability and availability of their IT infrastructure., topic=null, hs_path=configuration-management-database-cmdb}--
{tableName=glossary, name=ISO/IEC Cybersecurity, description= ISO/IEC Cybersecurity is a set of principles and practices designed to protect networks, systems, programs, and data from unauthorized access, use, disclosure, disruption, modification, or destruction. It includes the prevention, detection, and response to cyber-attacks, as well as the implementation of measures to protect against them. Cybersecurity is an important part of any organization’s information security program and is often a critical component of an organization’s overall risk management strategy. ISO/IEC Cybersecurity standards provide organizations with guidance on how to protect their information assets from potential risks, including malicious attacks. These standards provide a framework for organizations to develop, implement, and maintain effective cybersecurity programs that protect their information assets from unauthorized access, use, disclosure, disruption, modification, or destruction., topic=null, hs_path=iso-iec-cybersecurity}--
{tableName=glossary, name=Spear Phishing, description= Spear Phishing is a type of cyber attack that involves sending fraudulent emails or messages that appear to come from a trusted source in order to gain access to sensitive information such as usernames, passwords, financial data, or other confidential information. It is often used to target specific individuals or organizations, making it more difficult to detect than other types of phishing attacks. The attacker typically uses personal information gathered from the Internet or other sources to create a more convincing message that is tailored to the recipient. The attacker may also use social engineering techniques to further convince the recipient to open the message or click on a malicious link. Spear phishing is a serious threat as it can be used to gain access to confidential information and can lead to identity theft, fraud, and other malicious activities., topic=null, hs_path=spear-phishing}--
{tableName=glossary, name=Health Information Trust Alliance (HITRUST), description= The Health Information Trust Alliance (HITRUST) is a non-profit organization that was created to provide a unified framework for managing and protecting sensitive healthcare information. This framework is designed to help organizations of all sizes and types, including healthcare providers, health plans, healthcare technology vendors, and other stakeholders, better manage and protect their sensitive information. HITRUST provides an array of services, including standards, tools, and resources, to help organizations assess and improve their security and privacy posture. The HITRUST Common Security Framework (CSF) is a comprehensive, prescriptive, and scalable security framework that provides organizations with a unified approach to managing and protecting sensitive information. The CSF includes a variety of security and privacy controls, including those related to data security, system security, personnel security, access control, and incident response. HITRUST also provides a variety of educational and certification programs to help organizations better understand and implement the CSF., topic=[{id=97620570526, createdAt=1673040885440, updatedAt=1683947987018, path='vendor-risk-management', name=' Vendor Risk Management: A Guide to Best Practices', 1='{type=string, value=Vendor Risk Management}', 2='{type=string, value= Vendor Risk Management Guide: Learn the fundamentals of vendor risk management and how to identify, assess, and mitigate risks associated with third-party vendors.}', 5='{type=string, value=This Vendor Risk Management Guide provides a comprehensive overview of the key components of vendor risk management. It covers the fundamentals of vendor risk management, including risk identification, assessment, and mitigation strategies. It also provides guidance on the development of a vendor risk management program, including the process for selecting, onboarding, and monitoring vendors. Additionally, this guide provides guidance on the use of technology to automate and streamline the vendor risk management process. Finally, this guide provides a number of best practices for managing vendor risk and ensuring compliance with applicable regulations. With this guide, organizations can create a comprehensive and effective vendor risk management program that ensures the safety of their data and systems.}'}], hs_path=health-information-trust-alliance-hitrust}--
{tableName=comparison, name=NIST SP 800-53 vs PCI-DSS, description=NIST SP 800-53 and PCI-DSS are two of the most widely used security standards for organizations. Learn about the differences between the two., topic=[{id=97620570515, createdAt=1673040885373, updatedAt=1683947942816, path='nist-sp-800-53', name=' NIST SP 800-53 Security Guide: Protect Your Data', 1='{type=string, value=NIST SP 800-53}', 2='{type=string, value= This guide provides a comprehensive overview of NIST SP 800-53, a security and privacy control framework for federal information systems and organizations. Learn how to protect your data and comply with NIST}', 5='{type=string, value=This authoritative guide is based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, which provides guidance for federal agencies on selecting, implementing, and managing information security controls. The guide covers a wide range of topics, including risk assessment, security control selection, security control implementation, and security control monitoring. It also provides detailed information on the security controls that should be implemented in the organization, as well as guidance on how to assess and monitor the effectiveness of those controls. Additionally, the guide provides detailed information on the Federal Information Security Management Act (FISMA) and its requirements for information security. The guide is intended to help organizations ensure that their information systems are secure and compliant with applicable laws and regulations.}'}], hs_path=nist-sp-800-53-vs-pci-dss}--
Compliance Management
Policy management

Policy management is the process of developing, implementing, and maintaining organizational policie...

Configuration Management Database (CMDB)

A Configuration Management Database (CMDB) is a database that stores and organizes detailed informat...

ISO/IEC Cybersecurity

ISO/IEC Cybersecurity is a set of principles and practices designed to protect networks, systems, pr...

Spear Phishing

Spear Phishing is a type of cyber attack that involves sending fraudulent emails or messages that ap...

Vendor Risk Management
Health Information Trust Alliance (HITRUST)

The Health Information Trust Alliance (HITRUST) is a non-profit organization that was created to pro...

NIST SP 800-53
NIST SP 800-53 vs PCI-DSS

NIST SP 800-53 and PCI-DSS are two of the most widely used security standards for organizations. Lea...

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Download
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks