Security Industry Standards
In Chapter 2, we explored threat modeling. We learned that it’s vital to communicate what we are building so that we can understand the security threats we face. We asked ourselves four basic questions, ranging from “What are we working on?” to “Did we do a good job?”
Recall in Chapter 1, we touched on regulatory frameworks and how particular jurisdictions implement statutory security requirements.
In this chapter, we explore the work being carried out by both non-governmental/non-profit and governmental organizations to support our work as Moodle security advisors. We focus on US-based organizations, but the recommendations and benchmarks they promote have a worldwide application. Following the recommendations of these organizations will not only ensure the security of the Mathaholics platform but also quality and consistency. Consistency means increasing our productivity too – making it easier to find the...