Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks
Taking the complexity out of distributed GRC
On-demand Webinar

Taking the complexity out of distributed GRC

Join industry experts Heather and Leigh to share their insights into how organizations operating in a distributed business model or organizational hie...

On-Demand Webinar

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Register Now
Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

Register Now
How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

Register Now
See all webinars

Latest Answers

ASD Essential 8

Who has to comply with ASD Essential 8?

What is ASD Essential 8? The Australian Signals Di...

NIST Cybersecurity Framework (CSF)

Is NIST a standard or framework?

What is NIST? NIST, which stands for the National ...

ASD Essential 8

What is the ASD Essential Eight model?

What is the ASD essential eight model? The ASD Ess...

{tableName=guides, name=CMMC, description= This authoritative guide provides an in-depth look at the Cybersecurity Maturity Model Certification (CMMC) certification process. It covers the different levels of certification, the requirements for each level,, topic=null, hs_path=cmmc}--
{tableName=glossary, name=PCI DSS, description= PCI DSS (Payment Card Industry Data Security Standard) is an information security standard for organizations that handle credit card and debit card information. It was created by major credit card companies such as Visa, MasterCard, American Express, and Discover, to ensure that all merchants and service providers who accept, process, store, or transmit credit card information do so securely and protect customers’ data from theft and fraud. PCI DSS outlines twelve requirements for organizations to follow in order to protect cardholder data, including maintaining a secure network, protecting cardholder data, regularly monitoring and testing networks, and maintaining an information security policy. It also requires organizations to assign a unique ID to each person with computer access, restrict physical access to cardholder data, and regularly monitor and test networks. PCI DSS applies to all organizations that accept, process, store, or transmit credit card information, regardless of size or number of transactions. Compliance with PCI DSS is mandatory for any organization that handles credit card information, and failure to comply may result in fines, penalties, and loss of the ability to accept credit cards., topic=[{id=97620570502, createdAt=1673040885290, updatedAt=1683947890075, path='pci-dss', name=' PCI-DSS: A Guide to Meeting Security Requirements', 1='{type=string, value=PCI-DSS}', 2='{type=string, value=This guide provides an overview of the Payment Card Industry Data Security Standard (PCI-DSS) and the steps to take to ensure compliance with}', 5='{type=string, value=

This comprehensive guide provides a comprehensive overview of the Payment Card Industry Data Security Standard (PCI-DSS), a set of security standards designed to protect cardholder data and reduce the risk of data breaches. It covers the key components of the PCI-DSS, including the 12 requirements, the 6 goals, and the 6 core principles. It also provides a detailed description of the processes, technologies, and tools required to comply with the standard. Furthermore, the guide includes best practices for implementing the standard and provides resources to help organizations stay on top of the latest developments in the industry.

This guide provides a roadmap for achieving PCI-DSS compliance and maintaining a secure environment.

}'}], hs_path=pci-dss}--
{tableName=glossary, name=Information Security Risk Monitoring And Review, description= Information Security Risk Monitoring and Review is the process of continually assessing and managing the risks associated with information systems. It involves identifying and evaluating potential risks, developing plans to mitigate them, and monitoring the effectiveness of those plans. This process also includes reviewing the current security posture of the organization and its systems and ensuring that appropriate measures are taken to protect the organization and its data from malicious actors. Information Security Risk Monitoring and Review is a critical component of an effective information security program, as it helps organizations identify and address potential risks before they can cause significant damage., topic=null, hs_path=information-security-risk-monitoring-and-review}--
{tableName=glossary, name=Intrusion Detection and Prevention System (IDPS), description= An Intrusion Detection and Prevention System (IDPS) is a security system used to detect and prevent unauthorized access to a computer network or system. It works by monitoring the network for suspicious activity and then taking action to block or alert the user when a malicious event occurs. The system consists of components such as network sensors, which detect malicious activity, and response mechanisms, which can be configured to block or alert the user when an attack is detected. IDPS can be used to protect networks from a variety of different threats including malware, phishing, and malicious code. It can also be used to detect and prevent insider threats, such as employees accessing confidential data or systems without authorization. IDPS can be deployed in either a software or hardware form, and can be used in conjunction with other security measures such as firewalls and antivirus software to provide a comprehensive security solution., topic=null, hs_path=intrusion-detection-and-prevention-system-idps}--
{tableName=glossary, name=Attribute-Based Access Control (ABAC), description= Attribute-Based Access Control (ABAC) is an access control system that uses a set of attributes to determine the access privileges of a user. It is a policy-based access control model that is based on the evaluation of attributes associated with a user, the resource being requested, and the environment. ABAC provides a flexible and powerful way to control access to resources, enabling administrators to easily create and manage access control policies. It is an alternative to traditional access control models such as role-based access control (RBAC) and discretionary access control (DAC). ABAC is based on the idea that users should be granted access to resources based on their attributes, rather than their roles or identity. Attributes can include things such as user’s age, location, and job title. The access control decision is made by evaluating the user’s attributes against the attributes of the resource being requested. ABAC is often used in conjunction with other access control models, such as RBAC and DAC, to provide a more comprehensive and secure access control system., topic=null, hs_path=attribute-based-access-control-abac}--
{tableName=glossary, name=Domain Name System (DNS), description= The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates domain names, which can be easily memorized by humans, to the numerical IP addresses needed for the purpose of locating and identifying computer services and devices with the underlying network protocols. The Domain Name System is an essential component of the functionality of the Internet, as it provides a worldwide, distributed directory service. It is responsible for translating domain names into the corresponding IP addresses, as well as providing other information such as mail routing information, and providing a list of available services associated with a domain. The Domain Name System is an integral part of the functionality of the Internet, as it provides a worldwide distributed directory service., topic=null, hs_path=domain-name-system-dns}--
CMMC

This authoritative guide provides an in-depth look at the Cybersecurity Maturity Model Certification...

PCI-DSS
PCI DSS

PCI DSS (Payment Card Industry Data Security Standard) is an information security standard for organ...

Information Security Risk Monitoring And Review

Information Security Risk Monitoring and Review is the process of continually assessing and managing...

Intrusion Detection and Prevention System (IDPS)

An Intrusion Detection and Prevention System (IDPS) is a security system used to detect and prevent ...

Attribute-Based Access Control (ABAC)

Attribute-Based Access Control (ABAC) is an access control system that uses a set of attributes to d...

Domain Name System (DNS)

The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or...

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Download
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Download
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...
Download
See all eBooks