OpenMRS Security Assessment Wiki Template

From Foss2Serve
Revision as of 11:03, 28 January 2017 by Clif.kussmaul (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

OpenMRS Security Assessment Wiki

We are breaking down our security and HIPAA risk assessment into smaller groups, based on the part of OpenMRS we are studying and the aspect of compliance we are focusing on. Each team should create a page for itself by copying the contents from the OpenMRS Security Assessment Wiki Assessment Template A.

This assessment is broken into a series of assignments. Since each team faces a different set of challenges, the assignments have a flexible allocation of points. Surplus points on any part can offset points needed on other parts.

Assignments

  1. Assignment 2: (due ...) OpenMRS Security Assessment Wiki Interview Questions Template
  2. Assignment 3: (due 4-7 days later) OpenMRS Security Assessment Wiki Assessment Template A
  3. Assignment 4: (due 5-7 week later) OpenMRS Security Assessment Wiki Assessment Template B
  4. Assignment 5: (due 1 week later) OpenMRS Security Assessment Wiki Assessment Template C
  5. Assignment 6: (due 2-3 days later) OpenMRS Security Assessment Wiki Assessment Template D

Reference Application

OpenMRS comes with an example user interface alternately called the WebApp, reference application or legacy user interface. Most users of OpenMRS just use this reference user interface, so we will be auditing its security.

WebApp Auth Team Studying how authentication and access control are and should be used to control use of the WebApp to access or change PHI.

WebApp Audit Team Look at the auditing capability provided with the WebApp.

WebApp Confidentiality Team Studying how the WebApp ensures the confidentiality of PHI.

API

The core of the OpenMRS is a set of Java classes that provide controlled access to the PHI in the database.

API Auth Team Studying how authentication and access control are and should be used to control access to or change or PHI through the API.

API Audit Team Studying how the API does and should audit access to and change of PHI.

API Confidentiality Team Studying how the API ensures the confidentiality of PHI.


Database

The PHI is all stored in a MySQL database.

Database Auth Team Studying how authentication and access control are and should be used in the database.

Database Audit Team (is Awesome!) Studying how the database does and should audit access to and change of PHI.

Database Confidentiality Team Studying how the database ensures the confidentiality of PHI.



This work by Steven P. Crain (...@plattsburgh.edu) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

Creativecommons-by-nc-sa-40.png

Personal tools
Namespaces
Variants
Actions
Events
Learning Resources
HFOSS Projects
Evaluation
Navigation
Toolbox