EDI Security

Matthew K. McGowan, Bradley University

Introduction

The Business Role of EDI

The EDI Process

EDI Vulnerabilities

Interception

Interruption

Modification

Fabrication

EDI Security Mechanisms

Access Control

Authentication

Nonrepudiation

Data Integrity

Auditable History

Communications Network Alternatives

Value-Added Network Services (VANs)

Internet-Based EDI

Security Threats of Internet-Based EDI

EDI Standards

The ANSI X12 Standard

EDIFACT

Security Features of EDI Standards

Secure EDI Application Examples

Navy Exchange Service Command (NEXCOM)

Mayo Clinic

Bank of America (BA)

Guidelines for Managing EDI Systems Risks

Establish Security Requirements by Data Class

Assess Risks

Conclusions and Recommendations

Glossary

Cross References

References

INTRODUCTION

Electronic data interchange (EDI) is the computer-to-computer exchange of business transactions in standardized formats. It is used for business-to-business (B2B) electronic commerce, the largest and fastest growing type of electronic commerce. EDI involves electronic links from one organization to another, classifying it as a type of interorganizational information system (IOIS). EDI includes support for a variety of business transactions. For example, Bell Helicopter (2002) uses EDI for invoices, payments, shipping schedules, and requests for quotes in conducting business with its suppliers. EDI uses standard formats for the electronic exchange of business transactions.

There are over 100,000 companies using EDI in ...

Get Handbook of Information Security, Volume 1, Key Concepts, Infrastructure, Standards, and Protocols now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.