OpenMRS Security Assessment Wiki Template
Contents |
OpenMRS Security Assessment Wiki
We are breaking down our security and HIPAA risk assessment into smaller groups, based on the part of OpenMRS we are studying and the aspect of compliance we are focusing on. Each team should create a page for itself by copying the contents from the OpenMRS Security Assessment Wiki Assessment Template A.
This assessment is broken into a series of assignments. Since each team faces a different set of challenges, the assignments have a flexible allocation of points. Surplus points on any part will earn extra credit.
Assignments
- Assignment 2: (due 4/28) OpenMRS Security Assessment Wiki Interview Questions Template
- Assignment 3: (due 5/1) OpenMRS Security Assessment Wiki Assessment Template A
- Assignment 4: (due 5/4) OpenMRS Security Assessment Wiki Assessment Template B
- Assignment 5: (due 5/6) OpenMRS Security Assessment Wiki Assessment Template C
- Assignment 6: (due 5/8) OpenMRS Security Assessment Wiki Assessment Template D
WebApp
OpenMRS comes with an example user interface called the WebApp. Most users of OpenMRS just use this basic user interface, so we will be auditing its security.
Setup Instructions |
Install MySQL. Follow the OpenMRS instructions for installing OpenMRS. Find and follow additional instructions for acquiring the source code for the WebApp module. |
WebApp Auth Team Studying how authentication and access control are and should be used to control use of the WebApp to access or change PHI.
WebApp Confidentiality Team Studying how the WebApp ensures the confidentiality of PHI.
WebApp Audit Team Look at the auditing capability provided with the WebApp.
API
The core of the OpenMRS is a set of Java classes that provide controlled access to the PHI in the database.
Setup Instructions |
Follow the instructions for developers who want to work on the core api, which involves cloning the source repository using GIT. Do not try to install the API and get it working: you do not have time! You will be using code review as your assessment method. |
API Auth Team Studying how authentication and access control are and should be used to control access to or change or PHI through the API.
API Audit Team Studying how the API does and should audit access to and change of PHI.
Database
The PHI is all stored in a MySQL database.
Setup Instructions |
Install MySQL. Follow the OpenMRS instructions for installing OpenMRS. |
Database Auth Team Studying how authentication and access control are and should be used in the database.
Database Audit Team is Awesome! Studying how the database does and should audit access to and change of PHI.
Database Confidentiality Team Studying how the database ensures the confidentiality of PHI.
This work by Steven P. Crain (...@plattsburgh.edu) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License