OpenMRS Security Assessment 6

From Foss2Serve
(Difference between revisions)
Jump to: navigation, search
(Comments:: Added link to report resulting from assignment.)
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
__NOTOC__
 
__NOTOC__
{| border="1"
 
|-
 
|'''Title''' || OpenMRS Security Assessment 6
 
|-
 
|'''Overview''' || Security Recommendations and Assessment Report for OpenMRS
 
|-
 
|'''Prerequisite Knowledge''' || Students should be able to write a well-formed technical essay.
 
|-
 
|'''Learning Objectives''' ||
 
# Students learn to prioritize possible actions.
 
# Students practice persuasive technical writing.
 
|}
 
  
=== Background: ===
+
{{Learning Activity Overview
 +
|title=
 +
OpenMRS Security Assessment 6
 +
|overview=
 +
Security Recommendations and Assessment Report for OpenMRS
 +
|prerequisites=
 +
Students should be able to write a well-formed technical essay.
 +
|objectives=
 +
# Prioritize possible actions.
 +
# Write persuasive technical documents.
 +
|process skills=
 +
}}
 +
 
 +
=== Background ===
 +
 
 
OpenMRS is an open-source medical record management system. It is very popular in some parts of the world, but requires work to make it compatible with [http://www.hhs.gov/ocr/privacy/index.html Department of Health and Human Services regulations] authorized by the Health Insurance Portability and Accountability Act (HIPAA). This series of assignments aims to identify specific changes that are required to achieve HIPAA compliance to use OpenMRS in the context of a small medical practice or hospital. (Larger medical practices and hospitals typically have more complex situations and unique risks that require them to conduct their own assessment.)
 
OpenMRS is an open-source medical record management system. It is very popular in some parts of the world, but requires work to make it compatible with [http://www.hhs.gov/ocr/privacy/index.html Department of Health and Human Services regulations] authorized by the Health Insurance Portability and Accountability Act (HIPAA). This series of assignments aims to identify specific changes that are required to achieve HIPAA compliance to use OpenMRS in the context of a small medical practice or hospital. (Larger medical practices and hospitals typically have more complex situations and unique risks that require them to conduct their own assessment.)
  
 
In this assignment, teams will produce a final security assessment for a portion of OpenMRS, making specific recommendations.
 
In this assignment, teams will produce a final security assessment for a portion of OpenMRS, making specific recommendations.
  
=== Directions: ===
+
=== Directions ===
  
 
This project is a large, team-based project with several parts.
 
This project is a large, team-based project with several parts.
Line 36: Line 38:
 
The template describes various ways to earn points for this assignment. You should earn at least 30 points during this phase.
 
The template describes various ways to earn points for this assignment. You should earn at least 30 points during this phase.
  
=== Deliverables: ===
+
=== Deliverables ===
 +
 
 
Teams create a Wiki page and add a description of their project and discussion of the challenges they faced installing the OpenMRS project.
 
Teams create a Wiki page and add a description of their project and discussion of the challenges they faced installing the OpenMRS project.
  
  
=== Assessment: ===
+
=== Assessment ===
  
 
The instructor will be creating a combined report that should be submitted to OpenMRS in combination with doing the assessment.
 
The instructor will be creating a combined report that should be submitted to OpenMRS in combination with doing the assessment.
Line 62: Line 65:
 
Provide the edited document back to the team, so that they can see what you deemed valuable and learn from the corrections.
 
Provide the edited document back to the team, so that they can see what you deemed valuable and learn from the corrections.
  
=== Comments: ===
+
=== Comments ===
 +
 
 
In addition to the deliverables described here, I find it very helpful to ask the team members to each report what the contributions were of each team member. I generally give some bonus points to anyone who took on a leadership role. I also give a good grade to anyone who did a fair share of work, even if the team as a whole produced mediocre results.  
 
In addition to the deliverables described here, I find it very helpful to ask the team members to each report what the contributions were of each team member. I generally give some bonus points to anyone who took on a leadership role. I also give a good grade to anyone who did a fair share of work, even if the team as a whole produced mediocre results.  
  
Compile all of the reports together into a single document, in any reasonable and consistent order. Add sections at the beginning for a master executive summary, table of contents, context and recommendations. FOr an example, see the report [[File:OpenMRS_Security_Assessment_Report_Spring_2016.pdf]].
+
Compile all of the reports together into a single document, in any reasonable and consistent order. Add sections at the beginning for a master executive summary, table of contents, context and recommendations.
  
 
Find an appropriate location in the OpenMRS talk system, and post that you have a report from your class's security assessment, and would like to know how OpenMRS would like to receive the report. It is a good idea to mention what format it is currently in and how long it is.
 
Find an appropriate location in the OpenMRS talk system, and post that you have a report from your class's security assessment, and would like to know how OpenMRS would like to receive the report. It is a good idea to mention what format it is currently in and how long it is.
  
=== Additional Information: ===
+
=== Additional Information ===
{| border="1"
+
 
|-
+
{{Learning Activity Info
|'''ACM Knowledge Area/Knowledge Unit''' || SP/Professional Communication
+
|acm unit=
|-
+
SP/Professional Communication
|'''ACM Topic''' || Writing effective technical documentation and materials
+
|acm topic=
|-
+
Writing effective technical documentation and materials
|'''Level of Difficulty''' || Medium
+
|difficulty=
|-
+
medium
|'''Estimated Time to Completion''' ||  5 hours
+
|time=
|-
+
5 hours
|'''Materials/Environment''' ||
+
|environment=
 
# The instructor needs to a template page for this specific assignment, [[OpenMRS Security Assessment Wiki Assessment Template D]].  
 
# The instructor needs to a template page for this specific assignment, [[OpenMRS Security Assessment Wiki Assessment Template D]].  
 
+
|author=
|-
+
Steven P. Crain   
|'''Author''' || Steven P. Crain   
+
|source=
|-
+
N/A
|'''Source''' || N/A
+
|license=
|-
+
{{License CC BY NC SA}}
|'''License''' || [[File:Creativecommons-by-nc-sa-40.png]] This activity is licensed under a [http://creativecommons.org/licenses/by-nc-sa/4.0/ Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License].
+
}}
|}
+
  
 
=== Suggestions for Open Source Community: ===
 
=== Suggestions for Open Source Community: ===
Suggestions for an open source community member who is working in conjunction with the instructor.
+
* ''Suggestions for an open source community member who is working in conjunction with the instructor.''
 
+
--------------------
+
This work is licensed under a
+
[http://creativecommons.org/licenses/by-nc-sa/4.0/ Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License]
+
 
+
[[File:Creativecommons-by-nc-sa-40.png]]
+
  
[[Category: Learning_Activity]]
+
[[Category:Learning Activity]]
[[Category: OpenMRS]]
+
[[Category:Privacy and Security]]
[[Category: Privacy_and_Security]]
+
[[Category:OpenMRS]]
 +
[[Category:Good Draft]]

Latest revision as of 11:20, 8 September 2018


Title

OpenMRS Security Assessment 6

Overview

Security Recommendations and Assessment Report for OpenMRS

Prerequisites

Students should be able to write a well-formed technical essay.

Learning
Objectives
After successfully completing this activity, the learner should be able to:
  1. Prioritize possible actions.
  2. Write persuasive technical documents.
Process Skills
Practiced


Background

OpenMRS is an open-source medical record management system. It is very popular in some parts of the world, but requires work to make it compatible with Department of Health and Human Services regulations authorized by the Health Insurance Portability and Accountability Act (HIPAA). This series of assignments aims to identify specific changes that are required to achieve HIPAA compliance to use OpenMRS in the context of a small medical practice or hospital. (Larger medical practices and hospitals typically have more complex situations and unique risks that require them to conduct their own assessment.)

In this assignment, teams will produce a final security assessment for a portion of OpenMRS, making specific recommendations.

Directions

This project is a large, team-based project with several parts.

The assignment requires you to complete the risk assessment of OpenMRS and post your final assessment on the Security Assessment Wiki.

You can get to your project Wiki pages from OpenMRS Security Assessment Wiki Template. The template for this assignment is OpenMRS Security Assessment Wiki Assessment Template D, due .... Click the "edit" option at the top of the template page, copy all of the text of the template and paste it into your team's Wiki page. Then, follow the directions in the template:

  1. Look through all of the recommendations that you made in the previous assignment. Pick a few (preferably 5, but certainly between 3 and 7) recommendations that are the most critical for improving the security of OpenMRS.
  2. Write about these recommendations, following the template. Your recommendations should be specific, measurable (how can you tell if the change was made correctly and has the desired affect on security?) and realistic. Write the recommendations in a way that is clear to someone with no computer security background. Use a persuasive style.
  3. Write a conclusion paragraph for your assessment.
  4. At the top of your assessment, write an executive summary.
  • Your reader will read the first sentence of the executive summary to decide if it is worth reading the whole executive summary, so make sure the first sentence makes it clear what the purpose of your assessment was, how well OpenMRS did on this as a whole, and how much improvement your recommendations will make.
  • Your reader will read the executive summary to see what parts of the report are worth reading, if any. The executive summary should summarize the important points made anywhere in your report, and needs to clearly lay out your main recommendations.


The template describes various ways to earn points for this assignment. You should earn at least 30 points during this phase.

Deliverables

Teams create a Wiki page and add a description of their project and discussion of the challenges they faced installing the OpenMRS project.


Assessment

The instructor will be creating a combined report that should be submitted to OpenMRS in combination with doing the assessment.

Start by copying each team report into a word processor document. The software I used maintained the formatting of the templates when I copied and pasted the text from the Wiki.

If supported, turn on the track changes feature to make it easier to give feedback to the team.

Commonly, the teams will make decisions in the assessment that are clearly wrong. For example, I have had teams make suggestions that would be bad for security, instead of helping it. Most commonly, they will make recommendations based on a faulty understanding of a design principle. Delete anything from the document that is clearly incorrect or bad advice.

Delete anything from the document that is poorly written, pointless or redundant.

Correct anything in the document that is on the right track, but incorrect.

Feel free to add additional comments that will help the team members learn.

Highlight any points in the document that are especially important. Also, copy these into another document where you collect the most important findings from all of the reports.

Go back through the document and tally the points, using the values provided in the templates. Poorly-written paragraphs (ones that you are embarrassed to send to OpenMRS) will have been cut out and get no points. Generally, most paragraphs, images, graphics and source code snippets are worth 2 points each. Most items in lists are worth 1 point each. Give 4 bonus points for anything you highlighted.

Provide the edited document back to the team, so that they can see what you deemed valuable and learn from the corrections.

Comments

In addition to the deliverables described here, I find it very helpful to ask the team members to each report what the contributions were of each team member. I generally give some bonus points to anyone who took on a leadership role. I also give a good grade to anyone who did a fair share of work, even if the team as a whole produced mediocre results.

Compile all of the reports together into a single document, in any reasonable and consistent order. Add sections at the beginning for a master executive summary, table of contents, context and recommendations.

Find an appropriate location in the OpenMRS talk system, and post that you have a report from your class's security assessment, and would like to know how OpenMRS would like to receive the report. It is a good idea to mention what format it is currently in and how long it is.

Additional Information

ACM BoK
Area & Unit(s)

SP/Professional Communication

ACM BoK
Topic(s)

Writing effective technical documentation and materials

Difficulty

medium

Estimated Time
to Complete

5 hours

Environment /
Materials
  1. The instructor needs to a template page for this specific assignment, OpenMRS Security Assessment Wiki Assessment Template D.
Author(s)

Steven P. Crain

Source

N/A

License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

Creativecommons-by-nc-sa-40.png


Suggestions for Open Source Community:

  • Suggestions for an open source community member who is working in conjunction with the instructor.
Personal tools
Namespaces
Variants
Actions
Events
Learning Resources
HFOSS Projects
Evaluation
Navigation
Toolbox