Crain - Computer Security (Proposal)
Contents |
Summary
Develop a series of 5 assignments and scaffolding lecture notes for a security audit of OpenMRS.
Target Venue
Junior-level course — Computer Security (3 cr.)
A survey of the theory and practice of computer security. Topics will include mandatory and discretionary access control, cryptography, policies, mechanisms, profiles, and threat assessment. Prerequisite: CS1.
Target Student Audience
This course is mainly taken by students in one of our majors. It is required for the Computer Security major and minor. Generally it is taken by juniors and seniors, although the prerequisites are pretty light.
Learning Activities
The activities will be a series of 5 group assignments that together conduct a security audit of OpenMRS, with a special emphasis on HIPAA compliance. The activities will involve: interviews with members of the OpenMRS community; analysis of existing security-related documentation; identifying PII used in the application; tracking how the PII is used, existing access controls and audit trails; identifying HIPAA violations; documenting the results of the audit.
Evaluation
I will use the standard survey instruments with the addition of computer-security-specific questions that I can also make available. I will be administering the surveys at the start of the course, around midterm before the HFOSS is added (as a control), at the end of the semester and at the end of summer (to see if the students did participate in HFOSS over the summer).
Schedule
The assignments are scheduled to be piloted 3/23 - 5/7/2015, so I will be developing them over the next few months. Evaluation will be completed by August, with most results available in May. The assignments will be posted as they are developed, by 5/1/2015.
Budget
$2500
Contact Information
Steven P. Crain - email: ...@plattsburgh.edu