Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

LAS14

(14,758 posts)
Sat Aug 1, 2020, 09:43 AM Aug 2020

Do any of you know anything about where I might learn about security...

.... issues when developing web-based software?

You folks taught me what an adapter was, how to purchase wireless phones and several other things. This has become my go-to forum for almost anything requiring smart people.

Fifteen years ago I wrote a program in MS Access for my son to use in the public school system to track behavior issues. He's a special ed teacher. He's now looking for a developer to migrate it to a web-based app that people can access on smart phones. We've found a great web site for submitting our RFP, but we're unable to specify the security requirements for this new web/public-school world. Might any of you be able to point me to resources where I could get myself sufficiently educated to specify our requirements? I don't even know (but I do fear) that requirements vary from school district to school district (Arrrrggghhhhh!!!)

tia
las

8 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Do any of you know anything about where I might learn about security... (Original Post) LAS14 Aug 2020 OP
Anything that meets the standards for medical Phoenix61 Aug 2020 #1
Thanks. Can I ask a couple more questions? LAS14 Aug 2020 #2
Requirements for app developers. Phoenix61 Aug 2020 #3
Thanks. That's helpful. nt LAS14 Aug 2020 #5
maybe this will help ? steve2470 Aug 2020 #4
Thanks, but unless I missed something, this is way beyond my level. I'm... LAS14 Aug 2020 #6
I wouldn't touch that for any amount of money. hunter Aug 2020 #7
From the technical side, ManiacJoe Aug 2020 #8

Phoenix61

(17,704 posts)
1. Anything that meets the standards for medical
Sat Aug 1, 2020, 09:52 AM
Aug 2020

data should be acceptable. The other option is to look at what the two different platforms require, Apple and Google. But as noted the biggest issue is going to be the school system. Student data is closely guarded and I’m not sure how you would be able to access it.

LAS14

(14,758 posts)
2. Thanks. Can I ask a couple more questions?
Sat Aug 1, 2020, 10:04 AM
Aug 2020

When you say "what the two different platforms require," are you talking about requirements for their own development? Or requirements for apps other people develop? In either case, where would I go to find those requirements? Likewise, where would I go to find standards for medical data?

I need to learn the vocabulary for this stuff in the modern age.

tia
las

Phoenix61

(17,704 posts)
3. Requirements for app developers.
Sat Aug 1, 2020, 10:20 AM
Aug 2020

Platform is the operating system for the smart phone. Currently, the options are I-phones running the Apple operating system or android running a google operating system. If you want Apple to offer your app, it has to be in their App Store where I-phone users get all their apps. If you have a droid it uses Google. They each have their own requirements. But the biggest issue is going to be student data. If this is an app for the teacher to use even if they use random numbers for each student the teachers info would be there and it would be hackable which could possibly leave their students’ info vulnerable.

LAS14

(14,758 posts)
6. Thanks, but unless I missed something, this is way beyond my level. I'm...
Sat Aug 1, 2020, 10:43 AM
Aug 2020

... just looking for a way to articulate security requirements in an RFP for an app for public school use.

hunter

(39,008 posts)
7. I wouldn't touch that for any amount of money.
Sun Aug 2, 2020, 10:52 AM
Aug 2020

Leave software to the big players with hard core security experts and bad-ass legal departments. Leave it to school administrators to do any sort of "tracking" above and beyond that required of all teachers.

Seriously, teachers are not paid enough to deal with that crap.

This is not an advertisement, but the schools around here are using Chromebooks and Google.

https://edu.google.com/



ManiacJoe

(10,136 posts)
8. From the technical side,
Sat Aug 8, 2020, 07:32 PM
Aug 2020

An important requirement is to make sure that the database servers are not accessible from the internet.
Users' computers/phones talk to the front-end internet servers.
The front-end servers talk to the database servers.
Users cannot directly talk to the database servers.

Another consideration: Do you want this system to be facing the internet or do you want the users to only be connected locally in the wifi system?

Meeting the federal HIPAA requirements will go a long way in describing your security needs.

Are you looking to have a central data source with all school systems talking to the one data center, or are you looking for each school system to have its own installation?

Latest Discussions»Help & Search»Computer Help and Support»Do any of you know anythi...