Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

On-Demand Webinar

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

See all webinars
{tableName=glossary, name=Financial Risk Management, description= Financial risk management is the practice of creating and protecting value by managing exposure to risk. It involves the identification, assessment, and prioritization of risks, followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events. Financial risk management is a process that involves the use of financial instruments, such as derivatives, securities, and other financial instruments, to hedge or mitigate the financial risks associated with investments, business activities, and other financial transactions. Financial risk management is also used to identify, quantify, measure, and manage the risks associated with financial transactions and investments. Financial risk management helps to ensure that businesses and investors are able to maximize returns on their investments while minimizing their exposure to risk. This is accomplished by using various techniques, such as hedging, diversification, insurance, and portfolio management., topic=null, hs_path=financial-risk-management}--
{tableName=glossary, name=Association of International Certified Professional Accountants (AICPA), description= The Association of International Certified Professional Accountants (AICPA) is an organization that represents the global accounting profession. It is the world’s largest accounting body, with more than 650,000 members in over 130 countries. Its members include CPAs, Chartered Professional Accountants (CPAs) and Certified Management Accountants (CMAs). The AICPA sets the ethical and technical standards for the accounting profession, and provides guidance and resources to help its members stay current on changes in the profession. It also offers educational and certification programs, such as the CPA Exam and the CMA Exam, as well as continuing professional education. The AICPA also advocates for the profession and works to promote the public interest by advocating for sound financial reporting and disclosure, and by advocating for the protection of the public’s financial interests. It also works to ensure that the public has access to accurate and reliable financial information., topic=null, hs_path=association-of-international-certified-professional-accountants-aicpa}--
{tableName=guides, name=Responsible AI , description=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant., topic=[{id=148362465326, createdAt=1701649556332, updatedAt=1701653661775, path='responsibleai', name='Responsible AI Guide: A Comprehensive Guide', 1='{type=string, value=Responsible AI }', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

Artificial Intelligence (AI) and Machine Learning (ML) have become integral parts of the modern technological landscape, revolutionizing how we interact with data and automate processes. AI refers to the simulation of human intelligence in machines programmed to think and learn like humans. ML, a subset of AI, focuses on the development of systems that can learn and adapt from experience without being explicitly programmed. This groundbreaking field has led to significant advancements in various sectors, including healthcare, finance, and transportation, enhancing efficiency and opening new frontiers of innovation. The rise of AI has also introduced unique user interactions, reshaping how we engage with technology on a day-to-day basis. Understanding the components of AI solutions, from algorithms to data management, is crucial in leveraging their full potential.

However, with great power comes great responsibility. Responsible AI is a critical concept that emphasizes the ethical, transparent, and accountable use of AI technologies. It seeks to address the potential risks associated with AI, such as privacy concerns, bias in decision-making, and the broader societal impacts. The development and deployment of AI/ML solutions carry inherent risks, demanding careful consideration and management. Real-world incidents involving AI have highlighted the importance of secure and responsible adoption, both by individuals and organizations. This guide will delve into these topics, exploring frameworks like the NIST AI Risk Management Framework (RMF) and ISO 42001, which provide structured approaches for managing AI risks. Additionally, it will discuss the Responsible AI principles set forth by the OECD, which serve as a global benchmark for ensuring that AI systems are designed and used in a manner that respects human rights and democratic values.

}', 15='{type=list, value=[{id=148362465326, name='null'}]}'}], hs_path=responsibleai}--
{tableName=comparison, name=PCI-DSS vs SOC 2, description= PCI-DSS and SOC 2 are two of the most important compliance standards for businesses. Learn the differences between them and how they can help you., topic=[{id=97620570502, createdAt=1673040885290, updatedAt=1683947890075, path='pci-dss', name=' PCI-DSS: A Guide to Meeting Security Requirements', 1='{type=string, value=PCI-DSS}', 2='{type=string, value=This guide provides an overview of the Payment Card Industry Data Security Standard (PCI-DSS) and the steps to take to ensure compliance with}', 5='{type=string, value=

This comprehensive guide provides a comprehensive overview of the Payment Card Industry Data Security Standard (PCI-DSS), a set of security standards designed to protect cardholder data and reduce the risk of data breaches. It covers the key components of the PCI-DSS, including the 12 requirements, the 6 goals, and the 6 core principles. It also provides a detailed description of the processes, technologies, and tools required to comply with the standard. Furthermore, the guide includes best practices for implementing the standard and provides resources to help organizations stay on top of the latest developments in the industry.

This guide provides a roadmap for achieving PCI-DSS compliance and maintaining a secure environment.

}'}], hs_path=pci-dss-vs-soc-2}--
{tableName=glossary, name=Security Event, description= Security Event: A security event is an occurrence or incident that affects the security of a system, network, or application. It can be anything from a malicious attack such as a virus or malware, to an unauthorized user accessing a system or network, to a system or application malfunction. Security events can be detected in real time or in retrospect, and can be analyzed to identify the cause and potential impacts. Security events are monitored and analyzed to identify threats, vulnerabilities, and potential malicious activity, and to help ensure the security of a system, network, or application., topic=[{id=97620570528, createdAt=1673040885452, updatedAt=1683947994134, path='cybersecurity-risk-management', name=' Cybersecurity Risk Management: A Guide for Businesses', 1='{type=string, value=Cybersecurity Risk Management}', 2='{type=string, value= This guide provides essential information on cyber security risk management, including how to identify, assess, and mitigate risks to your organization's data and systems. Learn how to create a cyber security strategy that}', 5='{type=string, value=This Cybersecurity Risk Management Guide is designed to provide an authoritative overview of the key concepts and processes associated with effective cybersecurity risk management. It provides an introduction to the principles of risk management and the key steps involved in developing a successful risk management plan. It outlines the importance of understanding the threats and vulnerabilities that exist in the digital environment, as well as the steps that can be taken to mitigate these risks. It also discusses the need to develop a culture of security within an organization and the role of leadership in setting the tone for a secure environment. Finally, the guide provides guidance on the selection and implementation of security technologies, as well as the monitoring and review of risk management processes. This guide is an essential resource for anyone looking to understand and manage risks associated with cyber threats.}'}], hs_path=security-event}--
{tableName=glossary, name=Types Of Insider Threat Actors, description= Types of Insider Threat Actors are individuals or groups of people who have legitimate access to an organization’s resources, networks, and systems, but who use that access to cause harm to the organization or its stakeholders. These individuals are often motivated by financial gain, revenge, or political or ideological beliefs. They may also be motivated by a desire to steal sensitive information, disrupt operations, or damage the organization’s reputation. Types of Insider Threat Actors include malicious insiders, negligent insiders, and compromised insiders. Malicious insiders are those individuals who deliberately use their access to cause harm to the organization or its stakeholders. Negligent insiders are those individuals who unintentionally cause harm due to their lack of security awareness or understanding of the organization’s security policies. Compromised insiders are those individuals who are tricked or coerced into providing access to the organization’s resources, networks, and systems., topic=null, hs_path=types-of-insider-threat-actors}--

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...