OpenMRS Security Assessment 4

From Foss2Serve
(Difference between revisions)
Jump to: navigation, search
 
(One intermediate revision by one user not shown)
Line 1: Line 1:
 
__NOTOC__
 
__NOTOC__
{| border="1"
 
|-
 
|'''Title''' || OpenMRS Security Assessment 4
 
|-
 
|'''Overview''' || Asset Identification in OpenMRS
 
|-
 
|'''Prerequisite Knowledge''' || Students must know the definition of asset in computer security and understand the breadth of resources that constitute assets. They also need to be familiar with the specific HIPAA rules that govern the kinds of identifiable and health information that must be protected (and therefor is an asset).
 
|-
 
|'''Learning Objectives''' ||
 
#    Students learn to search through a project for use of identifiers.
 
# Students practice thinking broadly about assets, not just information assets.
 
# Students practice identifying and classifying threats.
 
|}
 
  
=== Background: ===
+
{{Learning Activity Overview
 +
|title=
 +
OpenMRS Security Assessment 4
 +
|overview=
 +
Asset Identification in OpenMRS
 +
|prerequisites=
 +
Students must know the definition of asset in computer security and understand the breadth of resources that constitute assets. They also need to be familiar with the specific HIPAA rules that govern the kinds of identifiable and health information that must be protected (and therefor is an asset).
 +
|objectives=
 +
# Search through a project for use of identifiers.
 +
# Practice thinking broadly about assets, not just information assets.
 +
# Practice identifying and classifying threats.
 +
|process skills=
 +
}}
 +
 
 +
=== Background ===
 +
 
 
OpenMRS is an open-source medical record management system. It is very popular in some parts of the world, but requires work to make it compatible with [http://www.hhs.gov/ocr/privacy/index.html Department of Health and Human Services regulations] authorized by the Health Insurance Portability and Accountability Act (HIPAA). This series of assignments aims to identify specific changes that are required to achieve HIPAA compliance to use OpenMRS in the context of a small medical practice or hospital. (Larger medical practices and hospitals typically have more complex situations and unique risks that require them to conduct their own assessment.)
 
OpenMRS is an open-source medical record management system. It is very popular in some parts of the world, but requires work to make it compatible with [http://www.hhs.gov/ocr/privacy/index.html Department of Health and Human Services regulations] authorized by the Health Insurance Portability and Accountability Act (HIPAA). This series of assignments aims to identify specific changes that are required to achieve HIPAA compliance to use OpenMRS in the context of a small medical practice or hospital. (Larger medical practices and hospitals typically have more complex situations and unique risks that require them to conduct their own assessment.)
  
 
In this assignment, teams will identify assets and threats relevant to an assigned aspect of OpenMRS.
 
In this assignment, teams will identify assets and threats relevant to an assigned aspect of OpenMRS.
  
=== Directions: ===
+
=== Directions ===
  
 
This project is a large, team-based project with several parts.
 
This project is a large, team-based project with several parts.
Line 33: Line 35:
 
The template describes various ways to earn points for this assignment. You should earn at least 40 points during this phase.
 
The template describes various ways to earn points for this assignment. You should earn at least 40 points during this phase.
  
=== Deliverables: ===
+
=== Deliverables ===
 +
 
 
Teams create a Wiki page and add a description of their project and discussion of the challenges they faced installing the OpenMRS project.
 
Teams create a Wiki page and add a description of their project and discussion of the challenges they faced installing the OpenMRS project.
  
  
=== Assessment: ===
+
=== Assessment ===
  
 
The instructor will grade the report after the full assessment is completed.
 
The instructor will grade the report after the full assessment is completed.
Line 47: Line 50:
  
  
=== Comments: ===
+
=== Comments ===
  
 
=== Additional Information: ===
 
=== Additional Information: ===
{| border="1"
+
 
|-
+
{{Learning Activity Info
|'''ACM Knowledge Area/Knowledge Unit''' || IAS/Threats and Attacks
+
|acm unit=
|-
+
IAS/Threats and Attacks
|'''ACM Topic''' || Attacker goals, capabilities, and motivations (such as underground economy, digital espionage,
+
|acm topic=
 +
Attacker goals, capabilities, and motivations (such as underground economy, digital espionage,
 
cyberwarfare, insider threats, hacktivism, advanced persistent threats)
 
cyberwarfare, insider threats, hacktivism, advanced persistent threats)
|-
+
|difficulty=
|'''Level of Difficulty''' || Medium
+
medium
|-
+
|time=
|'''Estimated Time to Completion''' ||  20 hours
+
20 hours
|-
+
|environment=
|'''Materials/Environment''' ||
+
 
# The instructor needs to a template page for this specific assignment, [[OpenMRS Security Assessment Wiki Assessment Template B]].  
 
# The instructor needs to a template page for this specific assignment, [[OpenMRS Security Assessment Wiki Assessment Template B]].  
 
+
|author=
|-
+
Steven P. Crain
|'''Author''' || Steven P. Crain
+
|source=
|-
+
N/A
|'''Source''' || N/A
+
|license=
|-
+
{{License CC BY NC SA}}
|'''License''' || [[File:Creativecommons-by-nc-sa-40.png]] This activity is licensed under a [http://creativecommons.org/licenses/by-nc-sa/4.0/ Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License].
+
}}
|}
+
  
 
=== Suggestions for Open Source Community: ===
 
=== Suggestions for Open Source Community: ===
 
Suggestions for an open source community member who is working in conjunction with the instructor.
 
Suggestions for an open source community member who is working in conjunction with the instructor.
  
--------------------
+
[[Category:Learning Activity]]
This work is licensed under a
+
[[Category:Privacy and Security]]
[http://creativecommons.org/licenses/by-nc-sa/4.0/ Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License]
+
[[Category:OpenMRS]]
 
+
[[Category:Good Draft]]
[[File:Creativecommons-by-nc-sa-40.png]]
+
 
+
[[Category: Learning_Activity]]
+
[[Category: OpenMRS]]
+
[[Category: Privacy_and_Security]]
+

Latest revision as of 11:12, 8 September 2018


Title

OpenMRS Security Assessment 4

Overview

Asset Identification in OpenMRS

Prerequisites

Students must know the definition of asset in computer security and understand the breadth of resources that constitute assets. They also need to be familiar with the specific HIPAA rules that govern the kinds of identifiable and health information that must be protected (and therefor is an asset).

Learning
Objectives
After successfully completing this activity, the learner should be able to:
  1. Search through a project for use of identifiers.
  2. Practice thinking broadly about assets, not just information assets.
  3. Practice identifying and classifying threats.
Process Skills
Practiced


Background

OpenMRS is an open-source medical record management system. It is very popular in some parts of the world, but requires work to make it compatible with Department of Health and Human Services regulations authorized by the Health Insurance Portability and Accountability Act (HIPAA). This series of assignments aims to identify specific changes that are required to achieve HIPAA compliance to use OpenMRS in the context of a small medical practice or hospital. (Larger medical practices and hospitals typically have more complex situations and unique risks that require them to conduct their own assessment.)

In this assignment, teams will identify assets and threats relevant to an assigned aspect of OpenMRS.

Directions

This project is a large, team-based project with several parts.

The assignment requires you to conduct a risk assessment of OpenMRS and post your assessment on the Security Assessment Wiki.

You can get to your project Wiki pages from OpenMRS Security Assessment Wiki Template. The template for this assignment is OpenMRS Security Assessment Wiki Assessment Template B, due .... Click the "edit" option at the top of the template page, copy all of the text of the template and paste it into your team's Wiki page. Then, follow the directions in the template:

  1. Identify all of the assets that are relevant to your team's portion of the assessment. In doing this, you should search the source code and application for anything that must be protected according to the HIPAA regulations. You should also search for other relevant aspects as mentioned in the template.
  2. For each asset, identify the threat agents who could violate the security of the asset.
  3. For each asset, brainstorm the threats against the agent. Keep focus: auth teams should focus on threats that attack or circumvent authentication or authorization; accounting teams should focus on threats that attack or circumvent accountability and confidentiality teams should focus on threats that improperly access PHI.

The template describes various ways to earn points for this assignment. You should earn at least 40 points during this phase.

Deliverables

Teams create a Wiki page and add a description of their project and discussion of the challenges they faced installing the OpenMRS project.


Assessment

The instructor will grade the report after the full assessment is completed.

The instructor should look over the work of each team and provide feedback that will help the team improve their security assessment skills and the remaining portions of the assessment.

The instructor should provide time in the classroom to discuss the assessment as it progresses.


Comments

Additional Information:

ACM BoK
Area & Unit(s)

IAS/Threats and Attacks

ACM BoK
Topic(s)

Attacker goals, capabilities, and motivations (such as underground economy, digital espionage, cyberwarfare, insider threats, hacktivism, advanced persistent threats)

Difficulty

medium

Estimated Time
to Complete

20 hours

Environment /
Materials
  1. The instructor needs to a template page for this specific assignment, OpenMRS Security Assessment Wiki Assessment Template B.
Author(s)

Steven P. Crain

Source

N/A

License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

Creativecommons-by-nc-sa-40.png


Suggestions for Open Source Community:

Suggestions for an open source community member who is working in conjunction with the instructor.

Personal tools
Namespaces
Variants
Actions
Events
Learning Resources
HFOSS Projects
Evaluation
Navigation
Toolbox