OpenMRS Security Assessment Wiki Assessment Template B

From Foss2Serve
Jump to: navigation, search

As of ..., your project WIKI page should include the content described below. You should earn at least 25 points during this phase. The next phase, OpenMRS Security Assessment Wiki Assessment Template C, is due ....


Identify the Assessment Area Here


The instructor will be compiling all of the submissions for this assignment into a report that will be made publicly available. If you wish public recognition for your contribution, you should create an OpenMRS ID at and then include your OpenMRS ID and optionally your name here.


This was described in a previous phase


List the assets that you are assessing. Make sure to consider:

  1. Any data that identifies users (PII).
  2. Any data related to treatments, medical conditions, charges or payments (PHI).
  3. Any data related to security, like usernames and passwords (SEC).
  4. Any code that provides important access to any of the above.
  5. Any supporting hardware and software that an attacker might be able to use for a different purpose.

For each asset, use the following template. (1 point per asset plus 1 point per threat)

Name of Asset

Type of Asset: (Pick Hardware, Software, Data, Communications)

Class: (Pick PII, PHI, SEC, Other)

Value of Asset: (Pick Insignificant, Minor, Moderate, Major, Critical)

Describe the asset in a sentence or a paragraph.

Threat Agents:

  • Describe a specific threat agent who would plausibly attack this asset, each threat agent on its own line.


  • Risk (Pick based on the Likelihood and Severity, using the chart below.) [Likelihood (Pick Rare, Unlikely, Possible, Likely, Almost Certain) * Severity (Pick Insignificant, Minor, Moderate, Major, Catastrophic, Doomsday) ] Thinking of all the above threat agents, list the plausible threat scenarios, one on each line.
Insignificant Minor Moderate Major Catastrophic Doomsday
Rare Low Low Medium High High Extreme
Unlikely Low Low Medium High Extreme Extreme
Possible Low Medium High Extreme Extreme Extreme
Likely Medium High High Extreme Extreme Extreme
Almost Certain High High Extreme Extreme Extreme Extreme

Source: W. Stallings and L. Brown, Computer Security: Principles and Practice, 3rd ed, Pearson, 2015, p. 505.

This work by Steven P. Crain ( is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License


Personal tools
Learning Resources
HFOSS Projects