Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

See all webinars
{tableName=glossary, name=ISO/IEC Audit, description= ISO/IEC Audit is an independent assessment of an organization’s compliance with the ISO/IEC standards, which are a set of international standards that provide guidance on how organizations should operate in order to ensure quality, safety and security. The audit is conducted by an independent auditor who evaluates an organization’s policies, procedures, processes, and systems to determine if they are in compliance with the standards. The audit typically includes interviews and reviews of documents, records, and other evidence to ensure that the organization is meeting the requirements set forth in the standard. The auditor then provides a report to the organization and may recommend corrective actions to be taken in order to ensure compliance. The audit is an important part of the ISO/IEC certification process, as it helps to ensure that organizations are meeting the standards and providing quality products and services to their customers., topic=null, hs_path=iso-iec-audit}--
{tableName=glossary, name=Cloud Security, description= Cloud Security is the process of protecting data, applications, and infrastructure that are stored in the cloud from unauthorized access, misuse, and data loss. This involves the use of various security measures such as encryption, authentication, access control, and monitoring to ensure that data stored in the cloud is secure. Cloud security also involves the implementation of policies and procedures to ensure that cloud-based services are being used in a secure and compliant manner. Cloud security is an important part of any organization’s overall security strategy, as it can help protect sensitive data and applications from malicious threats and unauthorized access., topic=null, hs_path=cloud-security}--
{tableName=glossary, name=Cloud Control Matrix (CCm), description= A Cloud Control Matrix (CCm) is an organizational tool used to monitor and maintain the security, availability, and reliability of cloud-based services. It is a comprehensive framework that defines the policies, procedures, and controls necessary to ensure that cloud-based services are secure and compliant with applicable regulations. The CCm is typically composed of a set of policies and procedures that define the roles and responsibilities of all parties involved in the cloud services, including cloud service providers, customers, and other stakeholders. The CCm also outlines the security controls necessary to ensure the confidentiality, integrity, and availability of the cloud services and data. Additionally, the CCm may include audit and compliance requirements, user access controls, and incident response plans. The CCm is designed to help organizations ensure that their cloud services are secure and compliant with applicable regulations., topic=null, hs_path=cloud-control-matrix-ccm}--
{tableName=glossary, name=SOC 2 Trust Principles, description= SOC 2 Trust Principles are a set of criteria used to evaluate and assess the security, availability, processing integrity, confidentiality, and privacy of a service organization’s systems and services. The Trust Principles are based on the American Institute of Certified Public Accountants’ (AICPA) Trust Services Principles and Criteria, which are designed to provide assurance about the security, availability, and privacy of a service organization’s systems and services. The SOC 2 Trust Principles are focused on the security, availability, processing integrity, confidentiality, and privacy of a service organization’s systems, services, and data. The Trust Principles are used to assess the design, implementation, and operating effectiveness of a service organization’s controls, procedures, and systems. The Trust Principles are designed to help service organizations develop, maintain, and demonstrate effective security, availability, processing integrity, confidentiality, and privacy of their systems and services., topic=null, hs_path=soc-2-trust-principles}--
{tableName=glossary, name=NIST Controls, description= NIST Controls are a set of security guidelines developed by the National Institute of Standards and Technology (NIST) to help organizations protect their information systems, networks, and data. They provide a comprehensive framework of security requirements and best practices that organizations can use to protect their systems and data from malicious attacks, unauthorized access, and other cyber threats. NIST Controls are based on the NIST Cybersecurity Framework, which outlines five core functions: Identify, Protect, Detect, Respond, and Recover. These functions provide a comprehensive approach to cybersecurity, helping organizations identify vulnerabilities and threats, develop appropriate security measures, detect and respond to incidents, and recover from them. NIST Controls also provide guidance on implementing security controls, including technical, administrative, and physical security measures., topic=[{id=97620570503, createdAt=1673040885296, updatedAt=1683947893762, path='nist-cybersecurity-framework-csf', name=' NIST Cybersecurity Framework: A Comprehensive Guide', 1='{type=string, value=NIST Cybersecurity Framework (CSF)}', 2='{type=string, value= A comprehensive guide to the NIST Cybersecurity Framework (CSF) and how to use it to protect your organization's IT infrastructure and data. Learn best practices and tips to help you improve}', 5='{type=string, value=This authoritative guide provides an overview of the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). The guide will provide an in-depth look at the five core functions of the CSF, which are Identify, Protect, Detect, Respond, and Recover. It will also explain the importance of the CSF and how it can help organizations of all sizes to protect their networks and data from cyber threats. The guide will also provide an overview of the various tools and resources available to help organizations implement the CSF, as well as best practices for using the framework to ensure the security of their systems. Finally, the guide will provide a comprehensive look at the various roles and responsibilities associated with the CSF, including the roles of the organization, its employees, and external partners. This guide is an essential resource for any organization looking to protect its networks and data from the ever-evolving cyber threats.}'}], hs_path=nist-controls}--
{tableName=glossary, name=PCI DSS Standards, description= PCI DSS (Payment Card Industry Data Security Standard) is a set of requirements designed to ensure that all companies that process, store, or transmit credit card information maintain a secure environment. It is managed by the Payment Card Industry Security Standards Council (PCI SSC), an independent body that was created by the major credit card companies to protect their customers from data theft and fraud. The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. The goal of the PCI DSS is to protect cardholder data by requiring organizations to build and maintain a secure network environment, implement strong access control measures, regularly monitor and test networks, and maintain an information security policy. The PCI DSS also requires organizations to regularly assess their compliance with the standard and to submit an annual report to the PCI SSC., topic=[{id=97620570502, createdAt=1673040885290, updatedAt=1683947890075, path='pci-dss', name=' PCI-DSS: A Guide to Meeting Security Requirements', 1='{type=string, value=PCI-DSS}', 2='{type=string, value=This guide provides an overview of the Payment Card Industry Data Security Standard (PCI-DSS) and the steps to take to ensure compliance with}', 5='{type=string, value=

This comprehensive guide provides a comprehensive overview of the Payment Card Industry Data Security Standard (PCI-DSS), a set of security standards designed to protect cardholder data and reduce the risk of data breaches. It covers the key components of the PCI-DSS, including the 12 requirements, the 6 goals, and the 6 core principles. It also provides a detailed description of the processes, technologies, and tools required to comply with the standard. Furthermore, the guide includes best practices for implementing the standard and provides resources to help organizations stay on top of the latest developments in the industry.

This guide provides a roadmap for achieving PCI-DSS compliance and maintaining a secure environment.

}'}], hs_path=pci-dss-standards}--

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...