OpenMRS Security Assessment Wiki Template

(Difference between revisions)
Jump to: navigation, search
(Initial template)
 
m (Added license)
Line 54: Line 54:
  
 
[[Database Confidentiality Team]] Studying how the database ensures the confidentiality of PHI.
 
[[Database Confidentiality Team]] Studying how the database ensures the confidentiality of PHI.
 +
 +
--------------------
 +
This work is licensed under a
 +
[http://creativecommons.org/licenses/by-nc-sa/4.0/ Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License]
 +
 +
[[File:Creativecommons-by-nc-sa-40.png]]

Revision as of 19:00, 18 August 2015

Contents

OpenMRS Security Assessment Wiki

We are breaking down our security and HIPAA risk assessment into smaller groups, based on the part of OpenMRS we are studying and the aspect of compliance we are focusing on. Each team should create a page for itself by copying the contents from the OpenMRS Security Assessment Wiki Assessment Template A.

This assessment is broken into a series of assignments. Since each team faces a different set of challenges, the assignments have a flexible allocation of points. Surplus points on any part will earn extra credit.

Assignemnts

  1. Assignment 2: (due ) OpenMRS Security Assessment Wiki Interview Questions Template
  2. Assignment 3: (due 5/1) OpenMRS Security Assessment Wiki Assessment Template A
  3. Assignment 4: (due 5/4) OpenMRS Security Assessment Wiki Assessment Template B
  4. Assignment 5: (due 5/6) OpenMRS Security Assessment Wiki Assessment Template C
  5. Assignment 6: (due 5/8) OpenMRS Security Assessment Wiki Assessment Template D

WebApp

OpenMRS comes with an example user interface called the WebApp. Most users of OpenMRS just use this basic user interface, so we will be auditing its security.

Setup Instructions
Install MySQL. Follow the OpenMRS instructions for installing OpenMRS. Find and follow additional instructions for acquiring the source code for the WebApp module.

WebApp Auth Team Studying how authentication and access control are and should be used to control use of the WebApp to access or change PHI.

WebApp Confidentiality Team Studying how the WebApp ensures the confidentiality of PHI.

WebApp Audit Team Look at the auditing capability provided with the WebApp.

API

The core of the OpenMRS is a set of Java classes that provide controlled access to the PHI in the database.

Setup Instructions
Follow the instructions for developers who want to work on the core api, which involves cloning the source repository using GIT. Do not try to install the API and get it working: you do not have time! You will be using code review as your assessment method.

API Auth Team Studying how authentication and access control are and should be used to control access to or change or PHI through the API.

API Audit Team Studying how the API does and should audit access to and change of PHI.

Database

The PHI is all stored in a MySQL database.

Setup Instructions
Install MySQL. Follow the OpenMRS instructions for installing OpenMRS.

Database Auth Team Studying how authentication and access control are and should be used in the database.

Database Audit Team is Awesome! Studying how the database does and should audit access to and change of PHI.

Database Confidentiality Team Studying how the database ensures the confidentiality of PHI.


This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

Creativecommons-by-nc-sa-40.png

Personal tools
Namespaces
Variants
Actions
Events
Learning Resources
HFOSS Projects
Evaluation
Navigation
Toolbox