Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

On-Demand Webinar

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

See all webinars
{tableName=glossary, name=Integrated Risk Management (IRM), description= Integrated Risk Management (IRM) is a comprehensive approach to managing risk across an organization. It is a structured process for identifying, assessing, and responding to risk factors in a coordinated and systematic way. IRM takes into account the entire organization’s risk profile and identifies areas of risk that could have an impact on the organization’s objectives. It is designed to ensure that risks are managed in a holistic manner and that resources are used efficiently to reduce the overall risk to the organization. IRM includes risk identification, risk assessment, risk response, and risk monitoring. It also includes the development of risk management plans and strategies, as well as the implementation of risk management processes and procedures. IRM is a proactive approach to risk management and seeks to identify, assess, and manage risks before they become a problem., topic=null, hs_path=integrated-risk-management-irm}--
{tableName=glossary, name=SOC 1, description= SOC 1 is an abbreviation for Service Organization Controls 1 Report. It is a report issued by an independent auditor that provides assurance to a service organization's customers that the organization has adequate controls and safeguards in place to protect their customers’ financial information. The report is based on the American Institute of Certified Public Accountants (AICPA) Trust Services Principles and Criteria, which are a set of standards designed to evaluate the effectiveness of a service organization's internal controls. The report is used to provide assurance to customers that their financial information is secure and that the service organization is following accepted standards and procedures to protect their data. The report is also used to demonstrate compliance with applicable regulations and industry standards., topic=[{id=97620570514, createdAt=1673040885366, updatedAt=1683947939686, path='soc-2', name=' SOC 2 Compliance: A Comprehensive Guide', 1='{type=string, value=SOC 2}', 2='{type=string, value= Compliance SOC 2 Compliance Guide: Learn the basics of SOC 2 compliance and how to ensure your organization meets the necessary standards. Get expert advice and resources to help you understand and implement the necessary}', 5='{type=string, value=This comprehensive guide provides an in-depth look at SOC 2, a set of standards used to assess the security, availability, processing integrity, confidentiality, and privacy of a service organization. It is designed to help service organizations understand the requirements of the SOC 2 framework, as well as how to implement and maintain the necessary controls to achieve compliance. This guide provides a detailed overview of the SOC 2 framework, including the five trust principles, the criteria used to evaluate those principles, and the process organizations must go through to become compliant. Additionally, this guide provides best practices for organizations to ensure they remain compliant, as well as advice on how to handle any non-compliance issues that may arise. With this guide, service organizations can gain a better understanding of the SOC 2 framework and how to use it to maintain the security and privacy of their customers' data.}'}], hs_path=soc-1}--
{tableName=comparison, name=ASD Essential 8 vs NIST SP 800-53, description=ASD Essential 8 vs NIST SP 800-53: Learn the differences between the Australian Signals Directorate (ASD) Essential 8 and the National Institute of Standards and Technology, topic=[{id=97620570506, createdAt=1673040885315, updatedAt=1685498674506, path='asd-essential-8', name=' ASD Essential 8 Guide: A Comprehensive Overview', 1='{type=string, value=ASD Essential 8}', 2='{type=string, value= This guide provides an overview of the ASD Essential 8 - 8 evidence-based strategies to help improve the outcomes of children with Autism Spectrum Disorder. Learn how to identify and implement these strategies to help}', 5='{type=string, value=This authoritative guide provides an in-depth look at the ASD Essential 8 (E8), a set of eight measures developed by the Australian Signals Directorate (ASD) to protect organizations from cyber threats. It explores whether the ASD Essential 8 are mandatory or not for your organisations and covers the fundamentals of each of the eight measures, including the maturity levels, how to perform an assessment and implementation guidenace.}'}], hs_path=asd-essential-8-vs-nist-sp-800-53}--
{tableName=glossary, name=Gartner And The Magic Quadrant, description= Gartner And The Magic Quadrant is an analytical tool used by businesses and organizations to evaluate the competitive landscape of a particular industry or market. The tool, developed by Gartner, a research and advisory firm, is designed to help organizations identify the most competitive vendors and products in their respective markets. The tool is based on a four-quadrant model that evaluates vendors and products on two axes: their ability to execute and their completeness of vision. The ability to execute axis is based on the vendor’s product or service, its overall market share, the quality of its customer service, and its financial stability. The completeness of vision axis is based on the vendor’s understanding of the market, its innovation and its ability to meet customer needs. Vendors and products are then plotted on the Magic Quadrant based on their scores in both categories. The Magic Quadrant can help organizations identify the most promising vendors and products in their respective markets, enabling them to make informed decisions about which vendors and products to invest in., topic=null, hs_path=gartner-and-the-magic-quadrant}--
{tableName=glossary, name=ISO/IEC 27002:2022 Controls, description= ISO/IEC 27002:2022 Controls, also known as the Code of Practice for Information Security Controls, is a framework of security controls developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It provides a set of security controls and guidelines for organizations to follow to ensure the security of their information systems and data. The framework includes a list of security controls and procedures that organizations should implement to protect their information assets. The controls include physical, technical, and administrative measures that organizations should take to protect their information systems and data from unauthorized access, use, disclosure, modification, and destruction. The framework also provides guidance on how to assess, monitor, and review the effectiveness of the security controls. Additionally, the framework provides guidance on how to develop, implement, and maintain an information security management system., topic=null, hs_path=iso-iec-270022022-controls}--
{tableName=glossary, name=Data Integrity, description= Data Integrity is the assurance that data is complete, accurate, and reliable throughout its lifecycle. It is the process of ensuring that data is not corrupted, compromised, or altered in any way. Data Integrity is achieved through a combination of technical and administrative measures that prevent unauthorized access to data and protect it from being modified, deleted, or otherwise corrupted. Data Integrity also ensures that data is stored and maintained in its original form, and that any changes made to the data are done in a controlled and secure manner. Data Integrity is essential for the successful operation of any system that relies on data for its functioning. Data Integrity is critical for the accuracy and reliability of data, as well as for the security of data and the protection of information., topic=null, hs_path=data-integrity}--

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...