OpenMRS Security Assessment Wiki Interview Questions Template
m (→Introduction: Fixed link) |
m (Added license) |
||
Line 127: | Line 127: | ||
| || '''You can add additional lines if multiple people replied.''' | | || '''You can add additional lines if multiple people replied.''' | ||
|} | |} | ||
+ | -------------------- | ||
+ | This work is licensed under a | ||
+ | [http://creativecommons.org/licenses/by-nc-sa/4.0/ Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License] | ||
+ | |||
+ | [[File:Creativecommons-by-nc-sa-40.png]] |
Revision as of 19:01, 18 August 2015
OpenMRS Survey Questions
Introduction
In Assignment 1, you each came up with some questions that you would like to ask OpenMRS users.
In Assignment 2, you will be interviewing real OpenMRS users and developers, so we want to make sure that you are organized, respectful and ready to have a great interview experience.
In the following assignments, you will be conducting a risk assessment on one of the OpenMRS Security Assessment Wiki Template.
This project has the following deadlines:
Due Date | Activity |
Wed 4/22 | Add the questions from your Assignment 1 in the appropriate categories. |
Form teams of 3–4 students. | |
Fri 4/24 | Sign up for 2 approved questions per team. |
Tue 4/28 | Complete the interviews and record the responses on this page. |
I have provided a few questions that you can use as examples, both in terms of the content and formatting. If other students have put questions in the wrong category or if you can make them better questions, please do so!
Survey Questions
OpenMRS General Objectives
List questions that probe the objectives of OpenMRS and of the health care providers who use it.
We know that the number one purpose of OpenMRS users is to care for their patients. What other factors go into their purpose? (Source: Crain)
OpenMRS General Policies
List questions that probe general policies of OpenMRS or of the health care providers who use it.
The focus is on things that we might overlook yet have an influence of security.
In practice, how do most people evaluate if using OpenMRS is right for them? (Source: Dong)
OpenMRS General Risk Profile
List questions that probe how extensive attacks are on OpenMRS deployments, and how that could change in the future, especially if deployed in the U.S.
Are there any statistics on how many security breaches have involved OpenMRS? (Source: Crain)
OpenMRS Risk Appetite
List questions that probe how OpenMRS and its users would cope with a terrible security breach.
What are the consequences to a medical practice of a security failure in OpenMRS? (Source: Stallings, p. 490)
IT Security Objectives
List questions that address security goals.
While the OpenMRS development team correctly worry about Access Control, are there plans or intentions of aiming more at other important controls such as establishing a strong configuration backup policy and enabling detailed auditing of privileged commands? (Source: Miguel, Narciso)
IT Security Strategies
List questions that address strategies OpenMRS is taking to achieve adequate security.
Where can I find documentation from previous security assessments for OpenMRS? (Source: Crain)
IT Security Policies
List questions that address policies related to security.
When does the responsibility of security pass from the programmer to the user?(Source: Eisenhardt)
Patient Rights
List questions that probe the rights patients should have over access to and use of data about them.
OpenMRS User Rights
List questions that probe rights the users of OpenMRS should have regarding the data they collect in OpenMRS.
Assets
List questions that probe the parts of OpenMRS and its data that are indispensable, or that would be of value to an attacker.
What key aspects of a medical practice require OpenMRS support in order to operate efficiently? (Source: Stallings, p. 490)
What tasks can only be performed with OpenMRS support? (Source: Stallings, p. 490)
Which essential decisions depend on the accuracy, currency, integrity or availability of data managed by OpenMRS? (Source: Stallings, p. 490)
What data created, managed by, processed and stored by OpenMRS need protection? (Source: Stallings, p. 490)
OpenMRS User/Developer Security Awareness
List questions pertaining to how OpenMRS might increase awareness of the importance of security among users and developers.
Are there currently any known situations where users are routinely trying to circumvent security measures (for example, I read that people were often given too many permissions)? (Source: Torres)
IRC Responses
Please post your IRC responses below using the format provided in the template.
Template
Use these templates to add categories, questions, take the questions you want to ask and record the results of the interviews.
Students: Use this template to propose a question.
This is a question. (Source: Last Names of people on Assignment 1 team who introduce the question.)
Instructors: Evaluate each proposed question. If there are minor issues, make the necessary corrections so the question is respectful, appropriate and useful. For more substantial problems, use this template to explain to the students what is wrong with the question.
This question is too vague.
Instructors: Once a question is ready to be asked, use this template after the question so that students can sign up to ask it. Students: Once a question has this template added to it, you may replace the specified text with your team's last names to claim the question.
Approved 4/23/2015 |
This question is available. Replace this text with the names of the people on your team to claim it. |
Students: Use this template to document the interviews you conduct on IRC.
IRC Handle | Comment |
Date and Time | Last names of team who asked this question. |
IRC handle of person who answered | Quote their response. |
You can add additional lines if multiple people replied. |
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License