OpenMRS Security Assessment Wiki Interview Questions Template

From Foss2Serve
(Difference between revisions)
Jump to: navigation, search
m (Introduction: Fixed link)
m
 
(4 intermediate revisions by one user not shown)
Line 1: Line 1:
=OpenMRS Survey Questions=
+
= OpenMRS Survey Questions =
==Introduction==
+
 
 +
== Introduction ==
 +
 
 
In Assignment 1, you each came up with some questions that you would like to ask OpenMRS users.
 
In Assignment 1, you each came up with some questions that you would like to ask OpenMRS users.
  
Line 12: Line 14:
 
| Due Date || Activity
 
| Due Date || Activity
 
|-  
 
|-  
| Wed 4/22 || Add the questions from your Assignment 1 in the appropriate categories.
+
| ... || Add the questions from your Assignment 1 in the appropriate categories.
 
|-
 
|-
| || Form teams of 3–4 students.
+
| || Form teams of 1–2 students.
 
|-
 
|-
| Fri 4/24 || Sign up for 2 approved questions per team.
+
| About 3 days later || Sign up for 2 approved questions per team.
 
|-
 
|-
| Tue 4/28 || Complete the interviews and record the responses on this page.
+
| About 4-7 days later || Complete the interviews and record the responses on this page.
 
|}
 
|}
  
Line 93: Line 95:
 
<br/>
 
<br/>
  
=== IRC Responses ===
+
--------------------
'''Please post your IRC responses below using the format provided in the template.'''
+
This work by [[User:Scrain|Steven P. Crain]] ([http://www.google.com/recaptcha/mailhide/d?k=01kQLVRud4_G4fLVvieRmptw==&c=xzrJ5nOx65OjeB8B5xOwSUCBUqxRQDpU96mG9Bes_GQ= ...@plattsburgh.edu]) is licensed under a
 +
[http://creativecommons.org/licenses/by-nc-sa/4.0/ Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License]
  
=== Template ===
+
[[File:Creativecommons-by-nc-sa-40.png]]
'''Use these templates to add categories, questions, take the questions you want to ask and record the results of the interviews.'''
+
<br/> <br/>
+
  
'''Students: Use this template to propose a question.'''
+
[[Category:OpenMRS]]
====This is a question. (Source: Last Names of people on Assignment 1 team who introduce the question.)====
+
<br/>
+
 
+
'''Instructors: Evaluate each proposed question. If there are minor issues, make the necessary corrections so the question is respectful, appropriate and useful. For more substantial problems, use this template to explain to the students what is wrong with the question.'''
+
'''This question is too vague.'''
+
<br/>
+
 
+
'''Instructors: Once a question is ready to be asked, use this template after the question so that students can sign up to ask it.'''
+
'''Students: Once a question has this template added to it, you may replace the specified text with your team's last names to claim the question.'''
+
{|
+
|Approved 4/23/2015
+
|-
+
| '''This question is available. Replace this text with the names of the people on your team to claim it.'''
+
|}
+
<br/>
+
 
+
'''Students: Use this template to document the interviews you conduct on IRC.'''
+
{|
+
|IRC Handle || Comment
+
|-
+
| Date and Time || Last names of team who asked this question.
+
|-
+
|IRC handle of person who answered || Quote their response.
+
|-
+
| || '''You can add additional lines if multiple people replied.'''
+
|}
+

Latest revision as of 11:02, 28 January 2017

Contents

OpenMRS Survey Questions

Introduction

In Assignment 1, you each came up with some questions that you would like to ask OpenMRS users.

In Assignment 2, you will be interviewing real OpenMRS users and developers, so we want to make sure that you are organized, respectful and ready to have a great interview experience.

In the following assignments, you will be conducting a risk assessment on one of the OpenMRS Security Assessment Wiki Template.

This project has the following deadlines:

Due Date Activity
... Add the questions from your Assignment 1 in the appropriate categories.
Form teams of 1–2 students.
About 3 days later Sign up for 2 approved questions per team.
About 4-7 days later Complete the interviews and record the responses on this page.

I have provided a few questions that you can use as examples, both in terms of the content and formatting. If other students have put questions in the wrong category or if you can make them better questions, please do so!

Survey Questions

OpenMRS General Objectives

List questions that probe the objectives of OpenMRS and of the health care providers who use it.

We know that the number one purpose of OpenMRS users is to care for their patients. What other factors go into their purpose? (Source: Crain)


OpenMRS General Policies

List questions that probe general policies of OpenMRS or of the health care providers who use it. The focus is on things that we might overlook yet have an influence of security.

In practice, how do most people evaluate if using OpenMRS is right for them? (Source: Dong)


OpenMRS General Risk Profile

List questions that probe how extensive attacks are on OpenMRS deployments, and how that could change in the future, especially if deployed in the U.S.

Are there any statistics on how many security breaches have involved OpenMRS? (Source: Crain)


OpenMRS Risk Appetite

List questions that probe how OpenMRS and its users would cope with a terrible security breach.

What are the consequences to a medical practice of a security failure in OpenMRS? (Source: Stallings, p. 490)


IT Security Objectives

List questions that address security goals.

While the OpenMRS development team correctly worry about Access Control, are there plans or intentions of aiming more at other important controls such as establishing a strong configuration backup policy and enabling detailed auditing of privileged commands? (Source: Miguel, Narciso)


IT Security Strategies

List questions that address strategies OpenMRS is taking to achieve adequate security.

Where can I find documentation from previous security assessments for OpenMRS? (Source: Crain)


IT Security Policies

List questions that address policies related to security.

When does the responsibility of security pass from the programmer to the user?(Source: Eisenhardt)


Patient Rights

List questions that probe the rights patients should have over access to and use of data about them.

OpenMRS User Rights

List questions that probe rights the users of OpenMRS should have regarding the data they collect in OpenMRS.

Assets

List questions that probe the parts of OpenMRS and its data that are indispensable, or that would be of value to an attacker.

What key aspects of a medical practice require OpenMRS support in order to operate efficiently? (Source: Stallings, p. 490)


What tasks can only be performed with OpenMRS support? (Source: Stallings, p. 490)


Which essential decisions depend on the accuracy, currency, integrity or availability of data managed by OpenMRS? (Source: Stallings, p. 490)


What data created, managed by, processed and stored by OpenMRS need protection? (Source: Stallings, p. 490)


OpenMRS User/Developer Security Awareness

List questions pertaining to how OpenMRS might increase awareness of the importance of security among users and developers.

Are there currently any known situations where users are routinely trying to circumvent security measures (for example, I read that people were often given too many permissions)? (Source: Torres)



This work by Steven P. Crain (...@plattsburgh.edu) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

Creativecommons-by-nc-sa-40.png

Personal tools
Namespaces
Variants
Actions
Events
Learning Resources
HFOSS Projects
Evaluation
Navigation
Toolbox