Do any of you know anything about where I might learn about security...
.... issues when developing web-based software?
You folks taught me what an adapter was, how to purchase wireless phones and several other things. This has become my go-to forum for almost anything requiring smart people.
Fifteen years ago I wrote a program in MS Access for my son to use in the public school system to track behavior issues. He's a special ed teacher. He's now looking for a developer to migrate it to a web-based app that people can access on smart phones. We've found a great web site for submitting our RFP, but we're unable to specify the security requirements for this new web/public-school world. Might any of you be able to point me to resources where I could get myself sufficiently educated to specify our requirements? I don't even know (but I do fear) that requirements vary from school district to school district (Arrrrggghhhhh!!!)
tia
las

Phoenix61
(18,596 posts)data should be acceptable. The other option is to look at what the two different platforms require, Apple and Google. But as noted the biggest issue is going to be the school system. Student data is closely guarded and Im not sure how you would be able to access it.
LAS14
(15,371 posts)When you say "what the two different platforms require," are you talking about requirements for their own development? Or requirements for apps other people develop? In either case, where would I go to find those requirements? Likewise, where would I go to find standards for medical data?
I need to learn the vocabulary for this stuff in the modern age.
tia
las
Phoenix61
(18,596 posts)Platform is the operating system for the smart phone. Currently, the options are I-phones running the Apple operating system or android running a google operating system. If you want Apple to offer your app, it has to be in their App Store where I-phone users get all their apps. If you have a droid it uses Google. They each have their own requirements. But the biggest issue is going to be student data. If this is an app for the teacher to use even if they use random numbers for each student the teachers info would be there and it would be hackable which could possibly leave their students info vulnerable.
LAS14
(15,371 posts)steve2470
(37,468 posts)LAS14
(15,371 posts)... just looking for a way to articulate security requirements in an RFP for an app for public school use.
hunter
(40,102 posts)Leave software to the big players with hard core security experts and bad-ass legal departments. Leave it to school administrators to do any sort of "tracking" above and beyond that required of all teachers.
Seriously, teachers are not paid enough to deal with that crap.
This is not an advertisement, but the schools around here are using Chromebooks and Google.
https://edu.google.com/
ManiacJoe
(10,138 posts)An important requirement is to make sure that the database servers are not accessible from the internet.
Users' computers/phones talk to the front-end internet servers.
The front-end servers talk to the database servers.
Users cannot directly talk to the database servers.
Another consideration: Do you want this system to be facing the internet or do you want the users to only be connected locally in the wifi system?
Meeting the federal HIPAA requirements will go a long way in describing your security needs.
Are you looking to have a central data source with all school systems talking to the one data center, or are you looking for each school system to have its own installation?