OpenMRS Security Assessment Wiki Template
(Updated) |
m |
||
(2 intermediate revisions by one user not shown) | |||
Line 15: | Line 15: | ||
OpenMRS comes with an example user interface alternately called the WebApp, reference application or legacy user interface. Most users of OpenMRS just use this reference user interface, so we will be auditing its security. | OpenMRS comes with an example user interface alternately called the WebApp, reference application or legacy user interface. Most users of OpenMRS just use this reference user interface, so we will be auditing its security. | ||
− | + | '''WebApp Auth Team''' Studying how authentication and access control are and should be used to control use of the WebApp to access or change PHI. | |
− | + | '''WebApp Audit Team''' Look at the auditing capability provided with the WebApp. | |
− | + | '''WebApp Confidentiality Team''' Studying how the WebApp ensures the confidentiality of PHI. | |
== API == | == API == | ||
The core of the OpenMRS is a set of Java classes that provide controlled access to the PHI in the database. | The core of the OpenMRS is a set of Java classes that provide controlled access to the PHI in the database. | ||
− | + | '''API Auth Team''' Studying how authentication and access control are and should be used to control access to or change or PHI through the API. | |
− | + | '''API Audit Team''' Studying how the API does and should audit access to and change of PHI. | |
− | + | '''API Confidentiality Team''' Studying how the API ensures the confidentiality of PHI. | |
Line 34: | Line 34: | ||
The PHI is all stored in a MySQL database. | The PHI is all stored in a MySQL database. | ||
− | + | '''Database Auth Team''' Studying how authentication and access control are and should be used in the database. | |
− | + | '''Database Audit Team''' (is Awesome!) Studying how the database does and should audit access to and change of PHI. | |
− | + | '''Database Confidentiality Team''' Studying how the database ensures the confidentiality of PHI. | |
Line 46: | Line 46: | ||
[[File:Creativecommons-by-nc-sa-40.png]] | [[File:Creativecommons-by-nc-sa-40.png]] | ||
+ | |||
+ | [[Category:OpenMRS]] |
Latest revision as of 11:03, 28 January 2017
Contents |
OpenMRS Security Assessment Wiki
We are breaking down our security and HIPAA risk assessment into smaller groups, based on the part of OpenMRS we are studying and the aspect of compliance we are focusing on. Each team should create a page for itself by copying the contents from the OpenMRS Security Assessment Wiki Assessment Template A.
This assessment is broken into a series of assignments. Since each team faces a different set of challenges, the assignments have a flexible allocation of points. Surplus points on any part can offset points needed on other parts.
Assignments
- Assignment 2: (due ...) OpenMRS Security Assessment Wiki Interview Questions Template
- Assignment 3: (due 4-7 days later) OpenMRS Security Assessment Wiki Assessment Template A
- Assignment 4: (due 5-7 week later) OpenMRS Security Assessment Wiki Assessment Template B
- Assignment 5: (due 1 week later) OpenMRS Security Assessment Wiki Assessment Template C
- Assignment 6: (due 2-3 days later) OpenMRS Security Assessment Wiki Assessment Template D
Reference Application
OpenMRS comes with an example user interface alternately called the WebApp, reference application or legacy user interface. Most users of OpenMRS just use this reference user interface, so we will be auditing its security.
WebApp Auth Team Studying how authentication and access control are and should be used to control use of the WebApp to access or change PHI.
WebApp Audit Team Look at the auditing capability provided with the WebApp.
WebApp Confidentiality Team Studying how the WebApp ensures the confidentiality of PHI.
API
The core of the OpenMRS is a set of Java classes that provide controlled access to the PHI in the database.
API Auth Team Studying how authentication and access control are and should be used to control access to or change or PHI through the API.
API Audit Team Studying how the API does and should audit access to and change of PHI.
API Confidentiality Team Studying how the API ensures the confidentiality of PHI.
Database
The PHI is all stored in a MySQL database.
Database Auth Team Studying how authentication and access control are and should be used in the database.
Database Audit Team (is Awesome!) Studying how the database does and should audit access to and change of PHI.
Database Confidentiality Team Studying how the database ensures the confidentiality of PHI.
This work by Steven P. Crain (...@plattsburgh.edu) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License