[jacobian]

(Author here.) Well, you could always use this questionnaire as a starting point itself: ask yourself these questions, and if you're not happy with the answers, do something about it.

Another reasonable security practices starting point would be another article by Latacora: https://latacora.micro.blog/2020/03/12/the-soc-starting.html

It's semi-oriented towards SOC2, but every item on that list is practical, doable even for small teams, and has real solid security impact.

[orestis]

Ooh, I’ve done that, and I’m doing it with many such questionnaires I receive :) sometimes it makes sense and we do something about it, but many times you just don’t know what you don’t know, or you don’t know where to start, and it’s not a topic that comes up often on the various public fora.

I was looking for books, talks, guides - anything. I just read the latacora soc2 guide and it’s at least a starting point.