OpenMRS Security Assessment Wiki Assessment Template B
As of ..., your project WIKI page should include the content described below. You should earn at least 25 points during this phase. The next phase, OpenMRS Security Assessment Wiki Assessment Template C, is due ....
Identify the Assessment Area Here
The instructor will be compiling all of the submissions for this assignment into a report that will be made publicly available. If you wish public recognition for your contribution, you should create an OpenMRS ID at https://id.openmrs.org and then include your OpenMRS ID and optionally your name here.
This was described in a previous phase
List the assets that you are assessing. Make sure to consider:
- Any data that identifies users (PII).
- Any data related to treatments, medical conditions, charges or payments (PHI).
- Any data related to security, like usernames and passwords (SEC).
- Any code that provides important access to any of the above.
- Any supporting hardware and software that an attacker might be able to use for a different purpose.
For each asset, use the following template. (1 point per asset plus 1 point per threat)
Name of Asset
Type of Asset: (Pick Hardware, Software, Data, Communications)
Class: (Pick PII, PHI, SEC, Other)
Value of Asset: (Pick Insignificant, Minor, Moderate, Major, Critical)
Describe the asset in a sentence or a paragraph.
- Describe a specific threat agent who would plausibly attack this asset, each threat agent on its own line.
- Risk (Pick based on the Likelihood and Severity, using the chart below.) [Likelihood (Pick Rare, Unlikely, Possible, Likely, Almost Certain) * Severity (Pick Insignificant, Minor, Moderate, Major, Catastrophic, Doomsday) ] Thinking of all the above threat agents, list the plausible threat scenarios, one on each line.
Source: W. Stallings and L. Brown, Computer Security: Principles and Practice, 3rd ed, Pearson, 2015, p. 505.
This work by Steven P. Crain (...@plattsburgh.edu) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License