Risk Assessment Methodology for EDI Unclassified/Sensitive Information Systems

摘要

Because it is not cost-effective to implement more security procedures than aparticular environment requires, defining security requirements based on the results of a thorough risk analysis provides an effective way to control the cost of security for information systems. The steps involved in the EDI risk assessment methodology presented in this paper are the same basic steps found in most types of risk assessment: define assets, review threats, identify security requirements, and select protective countermeasures. The methodology addresses all of the primary threats to an EDI application system and its data, which include the following: unauthorized disclosure of data, unauthorized modification of data, sender repudiation of transactions, receiver repudiation of transactions, unauthorized system access, and lack of system availability.... Information systems, Electronic Data Interchange (EDI), Security, Risk assessment.