Educause Security Discussion mailing list archives
Online Student Health System risk assessment
From: Gary Flynn <flynngn () JMU EDU>
Date: Tue, 17 Feb 2009 16:25:36 -0500
Hi, We're assessing an online student health system project consisting of bringing up a web server and application to front-end the current Health Center's internal Medicat system. It would be used to schedule appointments, submit immunization records and other forms, view records, and communicate with care providers. http://www.medicat.com/product_online_student_health.php Did those of you have implemented a similar system take any extra security protection steps above and beyond other online applications like student administration self service? For example, 1. Are you using reusable password authentication or something stronger? 2. Are you using a common campus-wide same/single-signon account used for things like e-mail, network access, and student registration to access the online health system? 3. Are you using a web application firewall in front of the application? If so, was it purchased specifically for this system? 4. Did you pen-test the application? Also, who monitors and administers the application - internal staff or the vendor? Thanks for any information. -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Online Student Health System risk assessment Gary Flynn (Feb 17)