Accession Number : ADA268676


Title :   Risk Assessment Methodology for EDI Unclassified/Sensitive Information Systems


Descriptive Note : Final rept.,


Corporate Author : LOGISTICS MANAGEMENT INST BETHESDA MD


Personal Author(s) : Smith, Julie A


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/a268676.pdf


Report Date : May 1993


Pagination or Media Count : 32


Abstract : Because it is not cost-effective to implement more security procedures than a particular environment requires, defining security requirements based on the results of a thorough risk analysis provides an effective way to control the cost of security for information systems. The steps involved in the EDI risk assessment methodology presented in this paper are the same basic steps found in most types of risk assessment: define assets, review threats, identify security requirements, and select protective countermeasures. The methodology addresses all of the primary threats to an EDI application system and its data, which include the following: unauthorized disclosure of data, unauthorized modification of data, sender repudiation of transactions, receiver repudiation of transactions, unauthorized system access, and lack of system availability.... Information systems, Electronic Data Interchange (EDI), Security, Risk assessment


Descriptors :   *RISK , *INFORMATION EXCHANGE , *SYSTEMS ANALYSIS , *DATA PROCESSING SECURITY , CONTROL , REQUIREMENTS , THREATS , AVAILABILITY , COUNTERMEASURES , ACCESS , COSTS , INFORMATION SYSTEMS , ELECTRONICS , METHODOLOGY , ENVIRONMENTS


Subject Categories : Computer Systems Management and Standards


Distribution Statement : APPROVED FOR PUBLIC RELEASE