OpenMRS Security Assessment Wiki Assessment Template C

(Difference between revisions)
Jump to: navigation, search
m (Added byline)
m
Line 1: Line 1:
As of 5/6, your project WIKI page should include the content described below. You should earn at least 40 points during this phase. The last phase, [[OpenMRS Security Assessment Wiki Assessment Template D]], is due 5/8.
+
As of ..., your project WIKI page should include the content described below. You should earn at least 40 points during this phase. The last phase, [[OpenMRS Security Assessment Wiki Assessment Template D]], is due ....
  
 
= Identify the Assessment Area Here =
 
= Identify the Assessment Area Here =
Line 16: Line 16:
 
== Risks ==
 
== Risks ==
  
Place each threat into one of the following categories based on the table on p. 505 in Stallings. Use the template provided in the '''Low Risks''' section.
+
Reorder the threats according to their risks. Use the template provided in the '''Low Risks''' section.
  
 
=== Extreme Risks ===
 
=== Extreme Risks ===
Line 42: Line 42:
 
Practical definition in this context.
 
Practical definition in this context.
  
''E'' Specific comments on strengths and weaknesses.
+
''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses.
  
 
===  Fail-safe Defaults ===
 
===  Fail-safe Defaults ===
 
Practical definition in this context.
 
Practical definition in this context.
  
''E'' Specific comments on strengths and weaknesses.
+
''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses.
  
 
=== Complete Mediation ===
 
=== Complete Mediation ===
 
Practical definition in this context.
 
Practical definition in this context.
  
''E'' Specific comments on strengths and weaknesses.
+
''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses.
  
 
=== Open Design ===
 
=== Open Design ===
 
Practical definition in this context.
 
Practical definition in this context.
  
''E'' Specific comments on strengths and weaknesses.
+
''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses.
  
 
=== Separation of Privilege ===
 
=== Separation of Privilege ===
 
Practical definition in this context.
 
Practical definition in this context.
  
''E'' Specific comments on strengths and weaknesses.
+
''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses.
 
=== Least Privilege ===
 
=== Least Privilege ===
 
Practical definition in this context.
 
Practical definition in this context.
  
''E'' Specific comments on strengths and weaknesses.
+
''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses.
  
 
=== Least Common Mechanism ===
 
=== Least Common Mechanism ===
 
Practical definition in this context.
 
Practical definition in this context.
  
''E'' Specific comments on strengths and weaknesses.
+
''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses.
  
 
=== Psychological Acceptability ===
 
=== Psychological Acceptability ===
 
Practical definition in this context.
 
Practical definition in this context.
  
''E'' Specific comments on strengths and weaknesses.
+
''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses.
  
 
=== Isolation ===
 
=== Isolation ===
 
Practical definition in this context.
 
Practical definition in this context.
  
''E'' Specific comments on strengths and weaknesses.
+
''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses.
  
 
=== Encapsulation ===
 
=== Encapsulation ===
 
Practical definition in this context.
 
Practical definition in this context.
  
''E'' Specific comments on strengths and weaknesses.
+
''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses.
  
 
=== Modularity ===
 
=== Modularity ===
 
Practical definition in this context.
 
Practical definition in this context.
  
''E'' Specific comments on strengths and weaknesses.
+
''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses.
  
 
=== Layering ===
 
=== Layering ===
 
Practical definition in this context.
 
Practical definition in this context.
  
''E'' Specific comments on strengths and weaknesses.
+
''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses.
  
 
=== Least Astonishment ===
 
=== Least Astonishment ===
 
Practical definition in this context.
 
Practical definition in this context.
  
''E'' Specific comments on strengths and weaknesses.
+
''(Pick grade A, B, C, D or E)'' Specific comments on strengths and weaknesses.
  
 
--------------------
 
--------------------

Revision as of 19:46, 30 June 2016

As of ..., your project WIKI page should include the content described below. You should earn at least 40 points during this phase. The last phase, OpenMRS Security Assessment Wiki Assessment Template D, is due ....

Contents

Identify the Assessment Area Here

Authors

The instructor will be compiling all of the submissions for this assignment into a report that will be made publicly available. If you wish public recognition for your contribution, you should create an OpenMRS ID at https://id.openmrs.org and then include your OpenMRS ID and optionally your name here.

Scope

This section was described in a previous template.

Assets

This section was described in a previous template.

Risks

Reorder the threats according to their risks. Use the template provided in the Low Risks section.

Extreme Risks

High Risks

Medium Risks

Low Risks

Name of Threat

Assess the section of OpenMRS you are studying to see what controls are in place to address this threat. Document how you assessed controls for this threat and what controls you found. Remember that controls can: reduce the probability of the threat being attempted; reduce the probability of an attack being successful; reduce the damage an attack does; identify an attack that is in progress; identify an attack that happened in the past; figure out what happened during an attack; repair damage done by an attack. (1 point per control you found)

Identify any obvious controls for this kind of attack that are missing in the part of OpenMRS you looked at. (1 point per missing control you identified.)

State how confident you are in your assessment. Were you very, very thorough or might you have missed important controls because you just peaked at a few things? How well did you understand what you were looking for? (1 point for each threat with a meaningful and distinctive response.)

Give your general impression of how well OpenMRS controls this threat. (1 point for each threat with a meaningful and distinctive response.)

Design Principes

Assess your part of OpenMRS on each of the design principles. Write an explanation of what each of the design principles means in this specific context. With respect to each principle, what specifically has it done well and what specifically needs improvement? Give a letter grade for each design principle, A means that it was flawless, C means there is substantial room for improvement, E means that there is no evidence that any attempt has been made in this regard. (2 points per useful parqagraph.)

Economy of Mechanism

Practical definition in this context.

(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.

Fail-safe Defaults

Practical definition in this context.

(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.

Complete Mediation

Practical definition in this context.

(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.

Open Design

Practical definition in this context.

(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.

Separation of Privilege

Practical definition in this context.

(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.

Least Privilege

Practical definition in this context.

(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.

Least Common Mechanism

Practical definition in this context.

(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.

Psychological Acceptability

Practical definition in this context.

(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.

Isolation

Practical definition in this context.

(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.

Encapsulation

Practical definition in this context.

(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.

Modularity

Practical definition in this context.

(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.

Layering

Practical definition in this context.

(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.

Least Astonishment

Practical definition in this context.

(Pick grade A, B, C, D or E) Specific comments on strengths and weaknesses.


This work by Steven P. Crain (...@plattsburgh.edu) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

Creativecommons-by-nc-sa-40.png

Personal tools
Namespaces
Variants
Actions
Events
Learning Resources
HFOSS Projects
Evaluation
Navigation
Toolbox