On 6/18/20 3:41 PM, John Harrold wrote:
Hello Kristin, Are you talking about risk analysis from the perspective of software vulnerabilities?
It appears that is exactly what is being asked. What is not clear is whether the installation would be offered to persons or groups on the network with no other security wrappers. R has never claimed to be "web-safe". It offers access to system level commands and file system manipulation that would probably compromise security arrangements. In fact, over the course of the last 12 years when I've been reading this mailing list, there has never been a credible suggestion to offer R applications to untrusted users. Quite the opposite. Naked R is surely not going to pass any sort threat or risk scrutiny.
My suggestion would be to investigate various wrappers for R such as Rstudio or the Microsoft re-worked version of what used to be Revolution R. They have lawyers and offer "enterprise solutions" and would presumably be able to speak to some sort of security analysis. Whether either of those approaches would provide the level of security needed by a healthcare organization would be an interesting question. Perhaps yopu can report back after completing your investigation?
-- David.
John On Thu, Jun 18, 2020 at 3:21 PM Wait, Kristin <wa...@amc.edu> wrote:HI all, I am with a NYS major trauma center and all programs that our employees/providers use must be vetted through the IT Department by way of a Risk Analysis. Is there someone I would talk to about this? I scoured your website and could not find a specific person. Thank you so much Kristin Wait Albany, NY ----------------------------------------- CONFIDENTIALITY NOTICE: This email and any attachments may contain confidential information that is protected by law and is for the sole use of the individuals or entities to which it is addressed. If you are not the intended recipient, please notify the sender by replying to this email and destroying all copies of the communication and attachments. Further use, disclosure, copying, distribution of, or reliance upon the contents of this email and attachments is strictly prohibited. To contact Albany Medical Center, or for a copy of our privacy practices, please visit us on the Internet at www.amc.edu. [[alternative HTML version deleted]] ______________________________________________ R-help@r-project.org mailing list -- To UNSUBSCRIBE and more, see https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code.
______________________________________________ R-help@r-project.org mailing list -- To UNSUBSCRIBE and more, see https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code.
