Summary
In the previous chapter, we learned how threat modeling is used to identify security threats in the Moodle environment as it is being designed. Building on this knowledge, in this chapter, we learned how security frameworks will be used to capture and manage cybersecurity threats, not only in the application but also in the wider organization.
The OWASP is actively gathering data on current and emerging threats. As you have seen, we can use the resulting Top 10 Web Application Security Risks to ensure we are guarding our Moodle application against these threats. The OWASP Top 10 will be particularly important if you are developing your own Moodle plugins.
Moving from the application to the server and its supporting technologies, we then explored how the CIS Critical Security Controls and CIS Benchmarks provide the guidelines for configuring our Moodle environment to be protected against cyber threats.
Finally, bringing all this together is the NIST Cybersecurity Framework...