Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

On-Demand Webinar

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

See all webinars
{tableName=comparison, name=PCI-DSS vs SOC 2, description= PCI-DSS and SOC 2 are two of the most important compliance standards for businesses. Learn the differences between them and how they can help you., topic=[{id=97620570502, createdAt=1673040885290, updatedAt=1683947890075, path='pci-dss', name=' PCI-DSS: A Guide to Meeting Security Requirements', 1='{type=string, value=PCI-DSS}', 2='{type=string, value=This guide provides an overview of the Payment Card Industry Data Security Standard (PCI-DSS) and the steps to take to ensure compliance with}', 5='{type=string, value=

This comprehensive guide provides a comprehensive overview of the Payment Card Industry Data Security Standard (PCI-DSS), a set of security standards designed to protect cardholder data and reduce the risk of data breaches. It covers the key components of the PCI-DSS, including the 12 requirements, the 6 goals, and the 6 core principles. It also provides a detailed description of the processes, technologies, and tools required to comply with the standard. Furthermore, the guide includes best practices for implementing the standard and provides resources to help organizations stay on top of the latest developments in the industry.

This guide provides a roadmap for achieving PCI-DSS compliance and maintaining a secure environment.

}'}], hs_path=pci-dss-vs-soc-2}--
{tableName=glossary, name=Global Regulatory Management, description= Global Regulatory Management is the process of managing and coordinating the various regulations, policies, and procedures that govern the business activities of an organization on a global scale. It involves the monitoring and assessment of the compliance of an organization’s activities with the applicable laws and regulations, both domestic and international. It also includes the management of the organization’s relationship with its regulatory bodies, such as the FDA and EPA, and other government agencies, as well as the development of strategies for responding to changes in the regulatory environment. Global Regulatory Management is an important part of any organization’s risk management strategy and is essential for the successful operation of a global business., topic=null, hs_path=global-regulatory-management}--
{tableName=glossary, name=Reputational Risk, description= Reputational risk is the risk of damage to a company's reputation, resulting from adverse events or negative publicity. It is a type of non-financial risk and can be difficult to quantify, but can have a significant impact on a company's ability to attract customers, raise capital, and maintain relationships with employees, suppliers, and other stakeholders. Reputational risk is often caused by a company's failure to meet customer expectations, unethical behavior, or a lack of transparency. It can also be caused by events outside of the company's control, such as a natural disaster or a scandal involving another company in the same industry. Companies can manage reputational risk by monitoring their public image, engaging in corporate social responsibility initiatives, and having strong internal controls in place., topic=null, hs_path=reputational-risk}--
{tableName=glossary, name=Zero Day, description= Zero Day: A zero-day (also known as a zero-hour or zero-minute) vulnerability is a computer security vulnerability that is unknown to those who would be interested in mitigating the vulnerability (including the vendor of the target system). It is usually discovered by an independent security researcher or hacker and then made public, sometimes with working exploits. These vulnerabilities are extremely dangerous because they can be used by malicious actors to gain unauthorized access to a system or network, allowing them to steal data, install malware, or even take control of the system. Zero-day vulnerabilities are difficult to protect against because they are unknown to the target system's vendor, leaving the system vulnerable until a patch is released., topic=[{id=97620570512, createdAt=1673040885353, updatedAt=1683947931775, path='vulnerability-management', name=' Vuln Mgmt Guide: Learn to Protect Your Business', 1='{type=string, value=Vulnerability Management}', 2='{type=string, value= Learn how to identify, assess, and manage security vulnerabilities in your organization with this comprehensive guide to Vulnerability Management. Get started now!}', 5='{type=string, value=This Vulnerability Management Guide provides an authoritative overview of the processes, strategies, and best practices for effectively managing vulnerabilities in an organization's IT systems. It explains the importance of vulnerability management and outlines the steps needed to build an effective vulnerability management program. It also covers the various tools and techniques used to identify, assess, and remediate vulnerabilities, as well as the importance of monitoring and reporting on the program's progress. Finally, the guide provides guidance on how to select the appropriate security solutions for an organization's needs. By following the advice in this guide, organizations can ensure that their systems are secure and their data is protected.}'}], hs_path=zero-day}--
{tableName=glossary, name=Domain Name System (DNS), description= The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates domain names, which can be easily memorized by humans, to the numerical IP addresses needed for the purpose of locating and identifying computer services and devices with the underlying network protocols. The Domain Name System is an essential component of the functionality of the Internet, as it provides a worldwide, distributed directory service. It is responsible for translating domain names into the corresponding IP addresses, as well as providing other information such as mail routing information, and providing a list of available services associated with a domain. The Domain Name System is an integral part of the functionality of the Internet, as it provides a worldwide distributed directory service., topic=null, hs_path=domain-name-system-dns}--
{tableName=glossary, name=Spear Phishing, description= Spear Phishing is a type of cyber attack that involves sending fraudulent emails or messages that appear to come from a trusted source in order to gain access to sensitive information such as usernames, passwords, financial data, or other confidential information. It is often used to target specific individuals or organizations, making it more difficult to detect than other types of phishing attacks. The attacker typically uses personal information gathered from the Internet or other sources to create a more convincing message that is tailored to the recipient. The attacker may also use social engineering techniques to further convince the recipient to open the message or click on a malicious link. Spear phishing is a serious threat as it can be used to gain access to confidential information and can lead to identity theft, fraud, and other malicious activities., topic=null, hs_path=spear-phishing}--

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...