Protection Poker Tutorial
Table 1: Database Table Value Points
Table |
Value |
Use in Requirement # |
allergies |
|
|
cptcodes |
|
|
hospitals |
|
|
icdcodes |
|
|
labprocedure |
|
|
loginfailures |
|
|
ndcodes |
|
|
officevisits |
|
|
ovdiagnosis |
|
|
ovmedication |
|
|
ovprocedure |
|
|
ovsurvey |
|
|
patients |
|
|
personalhealthinformation |
|
|
personnel |
|
|
transactionlog |
|
|
users |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Table 2: Database Tables Used by Requirement
(Security Risk = Ease Points x Value Points)
Requirement |
Table Used |
Value Points of Table |
Max Value |
1: Add role: emergency responder. |
|
|
|
2: Find qualified licensed health care professional. |
|
|
|
3: Update diagnosis code table. |
|
|
|
4: View access log. |
|
|
|
Table 3: Security Risk
(Security Risk = Ease Points x Value Points)
Requirement |
Ease of Attack Points |
Value of Asset Points |
Security Risk |
Rank of Security Risk |
1: Add role: emergency responder. |
|
|
|
|
2: Find qualified licensed health care professional. |
|
|
|
|
3: Update diagnosis code table. |
|
|
|
|
4:
View access log. |
|
|
|
|