OpenMRS Security Assessment Wiki Assessment Template C
m (Added byline) |
m |
||
| Line 1: | Line 1: | ||
| − | As of | + | As of ..., your project WIKI page should include the content described below. You should earn at least 40 points during this phase. The last phase, [[OpenMRS Security Assessment Wiki Assessment Template D]], is due .... |
= Identify the Assessment Area Here = | = Identify the Assessment Area Here = | ||
| Line 16: | Line 16: | ||
== Risks == | == Risks == | ||
| − | + | Reorder the threats according to their risks. Use the template provided in the '''Low Risks''' section. | |
=== Extreme Risks === | === Extreme Risks === | ||
| Line 42: | Line 42: | ||
Practical definition in this context. | Practical definition in this context. | ||
| − | ''E'' Specific comments on strengths and weaknesses. | + | ''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses. |
=== Fail-safe Defaults === | === Fail-safe Defaults === | ||
Practical definition in this context. | Practical definition in this context. | ||
| − | ''E'' Specific comments on strengths and weaknesses. | + | ''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses. |
=== Complete Mediation === | === Complete Mediation === | ||
Practical definition in this context. | Practical definition in this context. | ||
| − | ''E'' Specific comments on strengths and weaknesses. | + | ''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses. |
=== Open Design === | === Open Design === | ||
Practical definition in this context. | Practical definition in this context. | ||
| − | ''E'' Specific comments on strengths and weaknesses. | + | ''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses. |
=== Separation of Privilege === | === Separation of Privilege === | ||
Practical definition in this context. | Practical definition in this context. | ||
| − | ''E'' Specific comments on strengths and weaknesses. | + | ''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses. |
=== Least Privilege === | === Least Privilege === | ||
Practical definition in this context. | Practical definition in this context. | ||
| − | ''E'' Specific comments on strengths and weaknesses. | + | ''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses. |
=== Least Common Mechanism === | === Least Common Mechanism === | ||
Practical definition in this context. | Practical definition in this context. | ||
| − | ''E'' Specific comments on strengths and weaknesses. | + | ''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses. |
=== Psychological Acceptability === | === Psychological Acceptability === | ||
Practical definition in this context. | Practical definition in this context. | ||
| − | ''E'' Specific comments on strengths and weaknesses. | + | ''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses. |
=== Isolation === | === Isolation === | ||
Practical definition in this context. | Practical definition in this context. | ||
| − | ''E'' Specific comments on strengths and weaknesses. | + | ''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses. |
=== Encapsulation === | === Encapsulation === | ||
Practical definition in this context. | Practical definition in this context. | ||
| − | ''E'' Specific comments on strengths and weaknesses. | + | ''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses. |
=== Modularity === | === Modularity === | ||
Practical definition in this context. | Practical definition in this context. | ||
| − | ''E'' Specific comments on strengths and weaknesses. | + | ''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses. |
=== Layering === | === Layering === | ||
Practical definition in this context. | Practical definition in this context. | ||
| − | ''E'' Specific comments on strengths and weaknesses. | + | ''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses. |
=== Least Astonishment === | === Least Astonishment === | ||
Practical definition in this context. | Practical definition in this context. | ||
| − | ''E'' Specific comments on strengths and weaknesses. | + | ''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses. |
-------------------- | -------------------- | ||
Revision as of 19:46, 30 June 2016
As of ..., your project WIKI page should include the content described below. You should earn at least 40 points during this phase. The last phase, OpenMRS Security Assessment Wiki Assessment Template D, is due ....
Identify the Assessment Area Here
Authors
The instructor will be compiling all of the submissions for this assignment into a report that will be made publicly available. If you wish public recognition for your contribution, you should create an OpenMRS ID at https://id.openmrs.org and then include your OpenMRS ID and optionally your name here.
Scope
This section was described in a previous template.
Assets
This section was described in a previous template.
Risks
Reorder the threats according to their risks. Use the template provided in the Low Risks section.
Extreme Risks
High Risks
Medium Risks
Low Risks
Name of Threat
Assess the section of OpenMRS you are studying to see what controls are in place to address this threat. Document how you assessed controls for this threat and what controls you found. Remember that controls can: reduce the probability of the threat being attempted; reduce the probability of an attack being successful; reduce the damage an attack does; identify an attack that is in progress; identify an attack that happened in the past; figure out what happened during an attack; repair damage done by an attack. (1 point per control you found)
Identify any obvious controls for this kind of attack that are missing in the part of OpenMRS you looked at. (1 point per missing control you identified.)
State how confident you are in your assessment. Were you very, very thorough or might you have missed important controls because you just peaked at a few things? How well did you understand what you were looking for? (1 point for each threat with a meaningful and distinctive response.)
Give your general impression of how well OpenMRS controls this threat. (1 point for each threat with a meaningful and distinctive response.)
Design Principes
Assess your part of OpenMRS on each of the design principles. Write an explanation of what each of the design principles means in this specific context. With respect to each principle, what specifically has it done well and what specifically needs improvement? Give a letter grade for each design principle, A means that it was flawless, C means there is substantial room for improvement, E means that there is no evidence that any attempt has been made in this regard. (2 points per useful parqagraph.)
Economy of Mechanism
Practical definition in this context.
(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.
Fail-safe Defaults
Practical definition in this context.
(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.
Complete Mediation
Practical definition in this context.
(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.
Open Design
Practical definition in this context.
(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.
Separation of Privilege
Practical definition in this context.
(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.
Least Privilege
Practical definition in this context.
(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.
Least Common Mechanism
Practical definition in this context.
(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.
Psychological Acceptability
Practical definition in this context.
(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.
Isolation
Practical definition in this context.
(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.
Encapsulation
Practical definition in this context.
(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.
Modularity
Practical definition in this context.
(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.
Layering
Practical definition in this context.
(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.
Least Astonishment
Practical definition in this context.
(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.
This work by Steven P. Crain (...@plattsburgh.edu) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License
