Skip to content

Resources

Curated content for the risk and compliance professional: We cover the latest on cybersecurity, frameworks, risks, and compliance trends.

On-Demand Webinar

Delivering Hub & Spoke GRC in Distr...

On-demand Webinar

Delivering Hub & Spoke GRC in Distributed & Autonomous Business

Internationally renowned GRC analyst Michael Rasmussen has performed a deep dive on our Hub and Spoke architecture and i...
date-icon

Jan 1, 2023

location

Virtual

Using Zero Trust Architecture to Ba...

On-demand Webinar

Using Zero Trust Architecture to Balance Cyber Security Risks

While the concept of "Zero Trust" is not new among enterprises, however, the modern workplace has changed radically in r...
date-icon

Jan 3, 2023

location

Virtual

How Can a vCISO Help Protect Your N...

On-demand Webinar

How Can a vCISO Help Protect Your Network?

With the threat landscape growing by the hour, the role of CISO has never been more important. Yet high demand and massi...
date-icon

Jan 5, 2023

location

Virtual

See all webinars
{tableName=glossary, name=ISO/IEC 27008, description= ISO/IEC 27008 is an international standard for information security management systems (ISMS) that provides guidelines for the implementation and management of security controls. It is part of the ISO/IEC 27000 family of standards and is based on the ISO/IEC 27002 code of practice for information security management. The standard provides guidance on the implementation and management of an ISMS, including the establishment of policies, objectives, and processes to ensure the security of information assets. It also outlines the roles and responsibilities of those involved in managing the ISMS, as well as the requirements for monitoring, reviewing, and improving the system. ISO/IEC 27008 is intended to help organizations protect their information assets and ensure compliance with applicable laws, regulations, and standards., topic=null, hs_path=iso-iec-27008}--
{tableName=glossary, name=SOC 3, description= SOC 3 is an internationally recognized standard that is used to assess and report on the security and privacy of a service organization’s systems, processes, and controls. This standard is part of the System and Organization Controls (SOC) family of standards, developed and maintained by the American Institute of Certified Public Accountants (AICPA). The SOC 3 standard is a third-party assurance report that summarizes the results of a service organization’s system and controls review. The report is intended to provide assurance to customers, partners, and other stakeholders that the service organization has implemented effective security and privacy controls over the systems and processes that support its services. The SOC 3 report includes a description of the service organization’s system, the controls in place, and the results of the review. The report also includes an opinion from an independent auditing firm, which provides assurance that the controls are designed and implemented effectively. The SOC 3 standard is designed to help service organizations demonstrate their commitment to security and privacy, and to provide assurance to customers, partners, and other stakeholders that their data and systems are safe and secure., topic=null, hs_path=soc-3}--
{tableName=glossary, name=Operational Risk Management (ORM), description= Operational Risk Management (ORM) is the process of identifying, assessing, and mitigating risks that can arise from the operations of an organization. It is an important part of an organization’s overall risk management strategy, and involves the identification, evaluation, and control of risks that can arise from the organization’s operations. ORM is a proactive approach to managing risks and encompasses a wide range of activities, including risk identification and assessment, risk control and monitoring, and risk response and recovery. ORM also involves the development and implementation of policies, procedures, and systems to effectively manage operational risks. The goal of ORM is to ensure that the organization’s operations remain safe, secure, and efficient, while minimizing losses and maximizing returns. ORM is a continuous process that requires ongoing monitoring and review to ensure that risks are identified and addressed in a timely and effective manner., topic=null, hs_path=operational-risk-management-orm}--
{tableName=glossary, name=Web Security Threats, description= Web Security Threats are malicious attacks, exploits, or incidents that target or compromise the security of websites, web applications, networks, or computer systems. These threats can come in a variety of forms, including malware, phishing, SQL injection, cross-site scripting, and denial of service attacks. Malware is malicious software designed to infiltrate a computer system and gain access to sensitive information. Phishing is the practice of sending emails or other messages that appear to come from a legitimate source in order to gain access to confidential information. SQL injection is an attack that inserts malicious code into a web application in order to gain access to a database. Cross-site scripting is an attack that injects malicious code into a web page in order to gain access to a user’s browser. Denial of service attacks are attempts to make a website or computer system unavailable to users by flooding it with requests. Web Security Threats can have serious consequences and can lead to data loss, identity theft, and financial losses., topic=null, hs_path=web-security-threats}--
{tableName=glossary, name=Risk Control Self Assessment (RCSA), description= Risk Control Self Assessment (RCSA) is a systematic process used to identify, assess, monitor, and control risks within an organization. It is a tool used to ensure that risks are managed effectively, efficiently, and in accordance with organizational objectives. The RCSA process typically involves the identification of risk areas, the assessment of the risks, the application of control measures, the monitoring of risk levels, and the review of the risk management program. The RCSA process is designed to be an ongoing cycle, with continual feedback and improvement of the risk management program. The goal of the RCSA process is to ensure that risks are identified, assessed, and managed in a timely and effective manner. The RCSA process also helps to ensure that risks are managed in a way that is consistent with the organization's objectives., topic=null, hs_path=risk-control-self-assessment-rcsa}--
{tableName=comparison, name=GDPR vs NIST SP 800-53, description=GDPR and NIST SP 800-53 are two of the most important regulations for data privacy and security. Learn more about the differences between., topic=[{id=97620570523, createdAt=1673040885422, updatedAt=1683947976779, path='gdpr', name=' GDPR: A Comprehensive Guide to Compliance', 1='{type=string, value=GDPR}', 2='{type=string, value= This GDPR Guide provides an authoritative overview of the General Data Protection Regulation (GDPR) and how it affects businesses and organizations. It outlines the key principles of the GDPR and provides an}', 5='{type=string, value=This GDPR Guide provides a comprehensive overview of the European Union's General Data Protection Regulation (GDPR). It covers the full scope of the GDPR, including its purpose, scope, definitions, principles, rights, obligations, enforcement, and more. It also provides practical advice on how to comply with the GDPR, including best practices for data protection, data security, and data management. This guide is an essential resource for any organization that collects, stores, or processes personal data.}'}], hs_path=gdpr-vs-nist-sp-800-53}--

eBooks

GRC Buying Guide

eBook

GRC Buying Guide

In this eBook, we have covered the GRC buying basics including: knowing when to employ a new GRC capability, baseline ex...
Artificial Intelligence and Robust ...

eBook

Artificial Intelligence and Robust Content

Written by 6clicks CISO, Andrew Robinson, this eBook covers the interconnection of Artificial Intelligence and Machine L...
Everything You Need to Know About 6...

eBook

Everything You Need to Know About 6clicks

Learn more about 6clicks as an organization and GRC SaaS provider including a platform overview, our solutions, a deeper...