Skip to content

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

On-Demand Webinars

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

See all webinars
{tableName=glossary, name=ISO/IEC 27001 Audit, description= An ISO/IEC 27001 Audit is a type of audit that evaluates an organization’s Information Security Management System (ISMS) to determine if it meets the requirements of the ISO/IEC 27001:2013 standard. This standard is an international standard that outlines the requirements for establishing, implementing, maintaining, and continually improving an ISMS. An ISO/IEC 27001 Audit is conducted by a third-party assessor who evaluates the organization’s ISMS against the requirements of the standard. The audit includes a review of the organization’s policies, procedures, and processes related to information security and a review of the organization’s implementation of the ISMS. The auditor also evaluates the effectiveness of the organization’s security controls and the extent to which the ISMS meets the requirements of the standard. The audit results in a report that outlines the findings and provides recommendations for improvement. The report can be used by the organization to make improvements to their ISMS and to demonstrate to stakeholders that the organization is compliant with the ISO/IEC 27001 standard., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-audit}--
{tableName=guides, name=NIST SP 800-171, description= This guide provides an overview of NIST SP 800-171, a cybersecurity standard for protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations. Learn about the security, topic=[{id=97620570517, createdAt=1673040885385, updatedAt=1715624508691, path='nist-sp-800-171', name=' NIST SP 800-171 Guide: A Comprehensive Overview', 1='{type=string, value=NIST SP 800-171}', 2='{type=string, value= This guide provides an overview of NIST SP 800-171, a cybersecurity standard for protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations. Learn about the security}', 5='{type=string, value=The NIST SP 800-171 Guide is an authoritative source of information for organizations looking to ensure the security of their Controlled Unclassified Information (CUI) in Nonfederal Information Systems and Organizations. This guide provides an overview of the security requirements and best practices for protecting CUI, as well as detailed guidance on how to implement these requirements. It covers topics such as user access control, system and network security, incident response, and logging and monitoring. The guide also provides an overview of the NIST Risk Management Framework and the NIST Cybersecurity Framework, and provides detailed guidance on how to use these frameworks to assess and mitigate risk. This guide is an essential resource for organizations looking to ensure the security of their CUI.}', 15='{type=list, value=[{id=97620570517, name='NIST SP 800-171'}]}'}], hs_path=nist-sp-800-171}--
{tableName=glossary, name=Australian Cyber Security Centre (ACSC), description= The Australian Cyber Security Centre (ACSC) is a government agency that works to protect Australia’s national security interests in cyberspace. It is a joint venture between the Australian Signals Directorate, the Australian Security Intelligence Organisation, the Australian Federal Police, and the Department of Home Affairs. The ACSC works to protect Australia’s national security interests in cyberspace by providing advice and assistance to government, industry and the public on cyber security. It is responsible for developing strategies to protect Australia’s critical infrastructure, managing cyber security incidents, and providing advice on how to respond to cyber threats and attacks. The ACSC also works with industry and the public to help them protect their digital assets and reduce their risk of cyber threats. It provides resources and guidance on cyber security best practices, as well as information on current cyber security threats. The ACSC works closely with other government agencies, industry and the public to ensure Australia’s cyber security is maintained and improved., topic=null, hs_path=australian-cyber-security-centre-acsc}--
{tableName=comparison, name=ISO 27001 vs SOC 2, description= ISO 27001 and SOC 2 are two global standards for information security management. Learn the key differences between them., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name=' ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=

This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.

Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.

This guide is an essential resource for anyone looking to understand and implement ISO 27001.

}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-27001-vs-soc-2}--
{tableName=glossary, name=IT Audit, description= An IT Audit is an independent review of the information systems and related operations of an organization. It is designed to evaluate the effectiveness of internal controls, ensure compliance with applicable laws and regulations, and identify opportunities for improvement. IT Audits assess the accuracy and completeness of data, the integrity of system security and access controls, the effectiveness of system performance and reliability, the accuracy of system processing, the accuracy and completeness of system documentation, and the accuracy and completeness of system backups and recovery processes. The audit also evaluates the appropriateness of policies and procedures, the effectiveness of the organization’s IT governance framework, the adequacy of risk management processes, and the effectiveness of system change management processes. The audit process typically includes interviews with personnel, review of system documentation, and testing of system controls. The results of the audit are summarized in a report that provides recommendations for improvement and corrective actions., topic=null, hs_path=it-audit}--
{tableName=glossary, name=FedRAMP, description= FedRAMP (Federal Risk and Authorization Management Program) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. It is designed to help federal agencies assess and approve cloud services and products, reduce costs, and improve security posture. The program is based on a “do once, use many times” approach that allows agencies to leverage security authorizations from other agencies, saving time and money. FedRAMP requires cloud service providers to meet a set of security requirements that are based on existing standards, guidelines, and practices from the National Institute of Standards and Technology (NIST). The program provides a standardized approach for agencies to evaluate cloud service providers and ensure the security of their cloud services. The program also provides a framework for cloud service providers to demonstrate their security capabilities, enabling them to be more competitive in the federal marketplace. Finally, the program provides a continuous monitoring process to ensure cloud service providers maintain their security posture over time., topic=[{id=97620570507, createdAt=1673040885321, updatedAt=1715624281837, path='fedramp', name='FedRAMP Guide: A Comprehensive Overview', 1='{type=string, value=FedRAMP}', 2='{type=string, value= FedRAMP is the U.S. Government's unified approach to securely adopt, assess, and monitor cloud services. Learn the basics and get started with this comprehensive guide.}', 5='{type=string, value=This guide provides a comprehensive overview of the Federal Risk and Authorization Management Program (FedRAMP). It covers the program's requirements, standards, and best practices, as well as its implementation and assessment processes. It explains the roles and responsibilities of all stakeholders, including the Federal Agency, Third-Party Assessor Organizations (3PAOs), and Cloud Service Providers (CSPs). It also provides step-by-step instructions on how to successfully complete the FedRAMP assessment process. In addition, it includes case studies and examples from organizations that have successfully implemented FedRAMP. This guide is an essential resource for anyone looking to understand and comply with the FedRAMP program.}', 15='{type=list, value=[{id=97620570507, name='FedRAMP'}]}'}], hs_path=fedramp}--

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...