Discussions, questions, and answers around security best practices not related to a product, framework, or integration.
- 14 Topics
- 13 Replies
Welcome to the community!
Hi, Hello, Greetings, Good Evening, and Good Morning! Now that you’ve officially joined the community we wanted to say thank you. Thank you for helping us on day one to build a network for GRC, cybersecurity, IT, and other related professionals to connect, grow, and engage with one another.
Let's Talk About the Top Human Errors in Cybersecurity That Put Your Organization at Risk
Everyone makes mistakes, but when it comes to cybersecurity, those mistakes can wreak havoc. According to Verizon’s 2022 Data Breaches Investigations Report, 82% of data breaches involved a human element. In other words, when you have processes and systems in place to help your employees implement better cybersecurity practices, you can help reduce your risk. Here are some some of the most common human errors that can put your organization at risk: Weak Passwords Improper Handling of Company Devices Unsecured Personal Devices Accessing Company Data Can you guess the last two answers on our list? Comment below with your guess, and then check out the full article on our blog for the answers and more insight.
Drata for Annual Best Software Awards for 2023 🏆
Hey all! Great news! Did you know that Drata was recently recognized by G2 in the Annual Best Software Awards for 2023, and featured in the Top 100 and Top 50 of the following categories:🏆 Best Software Products🏆 Fastest Growing Products🏆 Highest Satisfaction Products🏆 Best Security Products🏆 Best Products for Mid-Market🏆 Best Products for Small BusinessesCheck out more on the award here 👉 https://lnkd.in/e76iU6WVBeing customer-centric and innovating around our customers has been a core value of Drata since the beginning. “It is helping us achieve SOC 2 certification which of course improves our application security and process but also helps us to get more B2B customers by providing the trust to customers.”Son T., CTO and Drata Customer As a community member, share with us how you build a better security posture and build trust below. 👇
How Superside leveraged compliance automation and saved 1500 hours. Sign up for our upcoming webinar on 1/26.
Join Drata in conversation with AWS and creative design company Superside for a live webinar on 1/26 at 10 AM PT/ 1 PM ET, and learn how to fast-track SOC 2. Using the AWS platform and Drata’s advanced automation, Superside saved 1500 hours and took control of their security and compliance program. Join us to learn how!
A Guide to Building Secure, Compliant Containers
Check out this guide to improving container security posture for cloud-first organizations here.This guide provides an overview of containers, outlines the security challenges they pose, and provides guidance on how to build secure, compliant container environments that support business objectives.
Community Question of the Week: This International Computer Security Day, How Do You Stay Secure?
The world celebrates International Computer Security Day 🌍📱 this week on November 30th, and we couldn't be more be more excited here at Drata! With the growing number of potential threats online each year, it's imperative that we stay diligent in our efforts to protect ourselves from bad actors. So we ask you, Drata Community, how do you stay secure and proactive when it comes to potential threats? Comment below 👇🏼 for a chance to score some sweet Drata prizes! 🎁
Computer Security Day: Tips You Can Deploy Today
Here are some simple and actionable tips you can implement to improve your computer security from Ray Lambert, Drata’s Security Analyst:✅ Create long, complex passwords.✅ Enable multi-factor authentication on your accounts.✅ Update the software on your devices often.✅ Lock your computer when you step away.
Community Question of the Week: What to do when all your employees bring their own devices?
Hey there! Welcome to Drata’s Community Question of the Week, where each Monday we discuss various situations in cybersecurity and compliance. We know that everyone’s compliance journey is unique, but there are common questions that often come up and could benefit us all. So let’s discuss! Read on and add your comment below for a chance to win some pretty sweet Drata swag! 🎉 Question of the week: What are some things you can do to stay compliant if you have employees that use their own devices? (Check back with us Friday, November 18th at 12PM PST for insight to this question, directly from a Drata expert.)
Ask Curricula's Nick Santora Almost Anything (AMAA)
Welcome to the Cybersecurity Awareness Month edition of Ask Me Almost Anything (AMAA). This round we have a special guest who is more than capable of fielding your yearning questions about security awareness, Curricula Founder and Huntress General Manager Nick Santora!To get us started, we have a rhetorical question for each of you: What is Cybersecurity Awareness Month?Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace.And for those of you new to AMAAs, here’s the scoop:AMAAs or Ask Me Almost Anything is designed to connect you with thought leaders, cybersecurity and compliance experts, IT practitioners, DevOps pros, and other awesome people in our industry.Submit your question (please keep it professional) We’ll curate your questions and chat with Kelli The recorded AMAA will be shared back to the comm
Ask HyperComply's Kelli Wisuri Almost Anything (AMAA)
Hello Secured community! We are excited to share our next AMAA is with one of the brains that powers HyperComply, Kelli Wisuri.Are security reviews fun? No.Are they necessary? Absolutely!Does this process impact how quickly a deal or sale closes? Even more yes.If you’ve ever wondered what it takes to streamline the security review process, in particular for security questionnaires, our next AMAA guest is here to answer your questions.AMAAs or Ask Me Almost Anything is designed to connect you with thought leaders, cybersecurity and compliance experts, IT practitioners, DevOps pros, and other awesome people in our industry.Submit your question (please keep it professional) We’ll curate your questions and chat with Kelli The recorded AMAA will be shared back to the community blog Easy as 1, 2, 3!About Our Guest, Kelli WisuriKelli is the Head of Product for HyperComply. She is a product leader and engineer with 10 years of experience helping businesses work better.Learn more about Kelli
Jonathan Jaffe Answers Almost Anything (AMAA)
This week we are excited to share the first in our series of AMAAs featuring Jonathan Jaffe, Lemonade’s CISO, who was kind enough to kick things off with us. We received many wonderful questions via Secured and email (see below), and have curated and asked the best questions in a casual interview.Jonathan Answers Almost Anything Have additional questions for @jonathan? Feel free to post them below.
Risks vs Issues
Hey, I would like to better understand Risks and Issues please.My understanding is that the former is a potential future loss event and the latter is a weakness/vulnerability/control gap etc. that usually comes out of audits/assessments.If that’s correct, I have some additional questions:Do you maintain separate registers for them? Is it fair to say that most issue have (or can have) a corresponding risk entry in the risk register? e.g. The lack of/inadequate DLP controls can have an entry in the issue register and also the risk register (as a data leakage risk scenario). If above statement and example is true, why can’t we just capture issues (control gaps/findings) as risks in the risk register (instead of issues in a separate register)? Is it because we don’t want the risk register to become really big with lots of entries? or because of other reasons too? Many thanks in advance.
How to measure the effectiveness of your risk management program
Hey all, on September 7 Drata’s CISO, Ross, will be chatting about how you can better articulate the role risk management plays in your organization. Our goal is to better identify that a security-first approach should not feel like an anchor to progress, but more so help you accelerate it and bring stronger accountability to the table. If you have questions that you’d like answered during the presentation but can’t join us live, feel free to drop them in this thread. Reg/details for the webinar is here https://drata.com/risk-management-effectiveness-ciso
Is Compliance the same thing as security?
The short answer is no. Does compliance impact and in many cases lead to security efforts? Of course!Security and compliance aren’t interchangeable. Making sure internal teams outside of security including marketing, sales, engineering, and especially your executive team, understand their distinct differences will be essential in protecting your business. Read Troy’s article where he does some myth busting on compliance Vs. security, and highlights some of the security implications that are associated with compliance and privacy frameworks.Compliance Mindset vs. Security Mindset Ability to Respond to New Threats Scope and Approach to Risk Technology RequirementsRead on here
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.