Risk Assessment Methodology for EDI Unclassified/Sensitive Information Systems

Abstract

Because it is not cost-effective to implement more security procedures than a particular environment requires, defining security requirements based on the results of a thorough risk analysis provides an effective way to control the cost of security for information systems. The steps involved in the EDI risk assessment methodology presented in this paper are the same basic steps found in most types of risk assessment: define assets, review threats, identify security requirements, and select protective countermeasures. The methodology addresses all of the primary threats to an EDI application system and its data, which include the following: unauthorized disclosure of data, unauthorized modification of data, sender repudiation of transactions, receiver repudiation of transactions, unauthorized system access, and lack of system availability.... Information systems, Electronic Data Interchange (EDI), Security, Risk assessment

Open PDF

Document Details

Document Type
Technical Report
Publication Date
May 01, 1993
Accession Number
ADA268676

Entities

People

  • Julie A. Smith

Organizations

  • LMI

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Application Software
  • Authentication
  • Availability
  • Business Administration
  • Cybersecurity
  • Department Of Defense
  • Information Processing
  • Information Security
  • Information Systems
  • Logistics Management
  • National Security
  • Risk
  • Risk Analysis
  • Risk Management
  • Security
  • Unauthorized Disclosure
  • Vulnerability

Fields of Study

  • Computer science

Readers

  • Aviation Safety Risk Assessment.
  • Instructional Design and Training Evaluation.
  • Military Logistics and Supply Chain Management

Technology Areas

  • Microelectronics