EDI Security
Matthew K. McGowan, Bradley University
Introduction
The Business Role of EDI
The EDI Process
EDI Vulnerabilities
Interception
Interruption
Modification
Fabrication
EDI Security Mechanisms
Access Control
Authentication
Nonrepudiation
Data Integrity
Auditable History
Communications Network Alternatives
Value-Added Network Services (VANs)
Internet-Based EDI
Security Threats of Internet-Based EDI
EDI Standards
The ANSI X12 Standard
EDIFACT
Security Features of EDI Standards
Secure EDI Application Examples
Navy Exchange Service Command (NEXCOM)
Mayo Clinic
Bank of America (BA)
Guidelines for Managing EDI Systems Risks
Establish Security Requirements by Data Class
Assess Risks
Conclusions and Recommendations
Glossary
Cross References
References
INTRODUCTION
Electronic data interchange (EDI) is the computer-to-computer exchange of business transactions in standardized formats. It is used for business-to-business (B2B) electronic commerce, the largest and fastest growing type of electronic commerce. EDI involves electronic links from one organization to another, classifying it as a type of interorganizational information system (IOIS). EDI includes support for a variety of business transactions. For example, Bell Helicopter (2002) uses EDI for invoices, payments, shipping schedules, and requests for quotes in conducting business with its suppliers. EDI uses standard formats for the electronic exchange of business transactions.
There are over 100,000 companies using EDI in ...
Get Handbook of Information Security, Volume 1, Key Concepts, Infrastructure, Standards, and Protocols now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
