Security Best Practices
Any discussion, question, or answer not related to a product, framework, or integration.
The world celebrates International Computer Security Day 🌍📱 this week on November 30th, and we couldn't be more be more excited here at Drata! With the growing number of potential threats online each year, it's imperative that we stay diligent in our efforts to protect ourselves from bad actors. So we ask you, Drata Community, how do you stay secure and proactive when it comes to potential threats? Comment below 👇🏼 for a chance to score some sweet Drata prizes! 🎁
Here are some simple and actionable tips you can implement to improve your computer security from Ray Lambert, Drata’s Security Analyst:✅ Create long, complex passwords.✅ Enable multi-factor authentication on your accounts.✅ Update the software on your devices often.✅ Lock your computer when you step away.
Hey there! Welcome to Drata’s Community Question of the Week, where each Monday we discuss various situations in cybersecurity and compliance. We know that everyone’s compliance journey is unique, but there are common questions that often come up and could benefit us all. So let’s discuss! Read on and add your comment below for a chance to win some pretty sweet Drata swag! 🎉 Question of the week: What are some things you can do to stay compliant if you have employees that use their own devices? (Check back with us Friday, November 18th at 12PM PST for insight to this question, directly from a Drata expert.)
Welcome to the Cybersecurity Awareness Month edition of Ask Me Almost Anything (AMAA). This round we have a special guest who is more than capable of fielding your yearning questions about security awareness, Curricula Founder and Huntress General Manager Nick Santora!To get us started, we have a rhetorical question for each of you: What is Cybersecurity Awareness Month?Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace.And for those of you new to AMAAs, here’s the scoop:AMAAs or Ask Me Almost Anything is designed to connect you with thought leaders, cybersecurity and compliance experts, IT practitioners, DevOps pros, and other awesome people in our industry.Submit your question (please keep it professional) We’ll curate your questions and chat with Kelli The recorded AMAA will be shared back to the comm
Hello Secured community! We are excited to share our next AMAA is with one of the brains that powers HyperComply, Kelli Wisuri.Are security reviews fun? No.Are they necessary? Absolutely!Does this process impact how quickly a deal or sale closes? Even more yes.If you’ve ever wondered what it takes to streamline the security review process, in particular for security questionnaires, our next AMAA guest is here to answer your questions.AMAAs or Ask Me Almost Anything is designed to connect you with thought leaders, cybersecurity and compliance experts, IT practitioners, DevOps pros, and other awesome people in our industry.Submit your question (please keep it professional) We’ll curate your questions and chat with Kelli The recorded AMAA will be shared back to the community blog Easy as 1, 2, 3!About Our Guest, Kelli WisuriKelli is the Head of Product for HyperComply. She is a product leader and engineer with 10 years of experience helping businesses work better.Learn more about Kelli
This week we are excited to share the first in our series of AMAAs featuring Jonathan Jaffe, Lemonade’s CISO, who was kind enough to kick things off with us. We received many wonderful questions via Secured and email (see below), and have curated and asked the best questions in a casual interview.Jonathan Answers Almost Anything Have additional questions for @jonathan? Feel free to post them below.
Hey, I would like to better understand Risks and Issues please.My understanding is that the former is a potential future loss event and the latter is a weakness/vulnerability/control gap etc. that usually comes out of audits/assessments.If that’s correct, I have some additional questions:Do you maintain separate registers for them? Is it fair to say that most issue have (or can have) a corresponding risk entry in the risk register? e.g. The lack of/inadequate DLP controls can have an entry in the issue register and also the risk register (as a data leakage risk scenario). If above statement and example is true, why can’t we just capture issues (control gaps/findings) as risks in the risk register (instead of issues in a separate register)? Is it because we don’t want the risk register to become really big with lots of entries? or because of other reasons too? Many thanks in advance.
Hey all, on September 7 Drata’s CISO, Ross, will be chatting about how you can better articulate the role risk management plays in your organization. Our goal is to better identify that a security-first approach should not feel like an anchor to progress, but more so help you accelerate it and bring stronger accountability to the table. If you have questions that you’d like answered during the presentation but can’t join us live, feel free to drop them in this thread. Reg/details for the webinar is here https://drata.com/risk-management-effectiveness-ciso
The short answer is no. Does compliance impact and in many cases lead to security efforts? Of course!Security and compliance aren’t interchangeable. Making sure internal teams outside of security including marketing, sales, engineering, and especially your executive team, understand their distinct differences will be essential in protecting your business. Read Troy’s article where he does some myth busting on compliance Vs. security, and highlights some of the security implications that are associated with compliance and privacy frameworks.Compliance Mindset vs. Security Mindset Ability to Respond to New Threats Scope and Approach to Risk Technology RequirementsRead on here
Hi, Hello, Greetings, Good Evening, and Good Morning! Now that you’ve officially joined the community we wanted to say thank you. Thank you for helping us on day one to build a network for GRC, cybersecurity, IT, and other related professionals to connect, grow, and engage with one another.
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.