Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

See all webinars
{tableName=comparison, name=SOC 2 vs ASD Essential 8, description=SOC 2 vs ASD Essential 8: Compare the two standards to understand their differences & similarities. Learn which standard is best for your organization., topic=[{id=97620570514, createdAt=1673040885366, updatedAt=1683947939686, path='soc-2', name=' SOC 2 Compliance: A Comprehensive Guide', 1='{type=string, value=SOC 2}', 2='{type=string, value= Compliance SOC 2 Compliance Guide: Learn the basics of SOC 2 compliance and how to ensure your organization meets the necessary standards. Get expert advice and resources to help you understand and implement the necessary}', 5='{type=string, value=This comprehensive guide provides an in-depth look at SOC 2, a set of standards used to assess the security, availability, processing integrity, confidentiality, and privacy of a service organization. It is designed to help service organizations understand the requirements of the SOC 2 framework, as well as how to implement and maintain the necessary controls to achieve compliance. This guide provides a detailed overview of the SOC 2 framework, including the five trust principles, the criteria used to evaluate those principles, and the process organizations must go through to become compliant. Additionally, this guide provides best practices for organizations to ensure they remain compliant, as well as advice on how to handle any non-compliance issues that may arise. With this guide, service organizations can gain a better understanding of the SOC 2 framework and how to use it to maintain the security and privacy of their customers' data.}'}], hs_path=soc-2-vs-asd-essential-8}--
{tableName=glossary, name=Database Audit And Protection (DAP), description= Database Audit and Protection (DAP) is a set of processes and procedures used to monitor, audit, and protect data stored in a database. DAP involves the use of software tools to detect, analyze, and report on any unauthorized access, modification, or deletion of data stored in a database. DAP also involves the use of encryption to protect the data from being accessed by unauthorized users. DAP processes are designed to ensure that data is secure from unauthorized access, modification, or deletion, and that all changes made to the data are tracked and logged. DAP also helps organizations comply with applicable laws and regulations, such as the General Data Protection Regulation (GDPR). DAP is an important part of an organization's overall security strategy and helps to ensure that data is secure, accessible, and compliant with applicable laws and regulations., topic=null, hs_path=database-audit-and-protection-dap}--
{tableName=glossary, name=Supplier Risk Management, description= Supplier Risk Management is the process of identifying, assessing, and mitigating the risks associated with working with suppliers and other third parties. It involves evaluating the potential risks associated with a supplier’s operations, such as financial stability, quality of goods or services, delivery times, and compliance with regulations, and taking steps to reduce or eliminate those risks. This process also involves maintaining regular communication with suppliers to ensure they are meeting their contractual obligations and to address any issues that arise. Additionally, supplier risk management includes developing policies and procedures to ensure the security of the supplier’s data, as well as monitoring the supplier’s performance on an ongoing basis. By implementing a comprehensive supplier risk management program, organizations can ensure that their suppliers are reliable, trustworthy, and compliant with applicable laws and regulations., topic=null, hs_path=supplier-risk-management}--
{tableName=glossary, name=Malware Vs. Viruses Vs. Worm, description=s Malware: Malware is a type of software designed to harm or exploit computer systems without the user’s knowledge or consent. It can be used to gain access to sensitive information, steal data, or cause damage to a computer system or network. Common types of malware include viruses, worms, spyware, adware, ransomware, and Trojans. Viruses: A virus is a type of malware that infects computer systems or networks by replicating itself without the user’s knowledge or consent. It can spread from one computer to another, often via email or malicious websites. Once a virus is installed on a computer, it can cause damage by deleting files, corrupting data, or stealing information. Worms: A worm is a type of malware that replicates itself across computer networks without the user’s knowledge or consent. Unlike a virus, a worm does not require a host program to spread. It can spread from one computer to another, often via email or malicious websites. Worms can be used to steal data, spread malicious code, or cause damage to a computer system or network., topic=null, hs_path=malware-vs.-viruses-vs.-worm}--
{tableName=glossary, name=ISO/IEC 27001 Annex A Controls, description= ISO/IEC 27001 Annex A Controls are a set of 114 security controls and associated guidance that can be used to help organizations protect their information assets. These controls are divided into 14 categories, including Access Control, Cryptography, Personnel Security, Physical and Environmental Security, System and Communications Protection, System and Information Integrity, and Organization of Information Security. Each control is accompanied by a detailed description and implementation guidance. The controls are designed to provide organizations with a comprehensive set of security measures that can be tailored to their specific needs and risk profile. The controls provide a framework for organizations to evaluate their current security posture, identify gaps, and develop an action plan to address those gaps. By following the guidance provided in the Annex A Controls, organizations can create a secure and reliable information system that meets their security objectives., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1684824913644, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-annex-a-controls}--
{tableName=glossary, name=Cloud Infrastructure, description= Cloud Infrastructure is a type of computing infrastructure that provides shared computer processing resources and data to computers and other devices on demand over the internet. It is typically composed of a combination of hardware and software components, such as servers, storage, networks, and applications. Cloud Infrastructure allows users to access their data and applications from any device, anywhere in the world, with minimal setup and maintenance. It is designed to be highly scalable and cost-effective, allowing businesses to quickly and easily expand their computing resources as needed. Cloud Infrastructure also provides enhanced security, reliability, and performance, making it a popular choice for businesses of all sizes., topic=null, hs_path=cloud-infrastructure}--

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...