Information Security News mailing list archives
review: EDI Security, Control, and Audit
From: mea culpa <jericho () DIMENSIONAL COM>
Date: Wed, 2 Feb 2000 02:23:56 -0700
amazon reviews: http://www.amazon.com/exec/obidos/ISBN=0890066108/insekurityorgA/ http://www.attrition.org/library/rev/0890066108.html EDI Security, Control, and Audit Albert J. Marcella, Jr. and Sally Chan Artech ISBN: 0-89006-610-8 Electronic Data Interchange (EDI) is a computer-to-computer or application-to-application exchange of business information in a standard format. In 1992, there were over 31,000 known EDI users, with a steady increase since 1987. EDI users can be found in such industries as transportation, retail, grocery, automobiles, warehousing, pharmaceuticals, healthcare and financial institutions. "EDI will change our lives, just as computers did. It will redefine the ways we work as it pushes us toward a knowledge-based society in which we pursue intellectual challenges while routine, noncreative tasks are assigned to computers." - Gene A. Nelson As a comprehensive book on EDI, several parts of the book deal more with the operation and setup of such a network. This leads into the areas that explain in technical detail the security and auditing of EDI networks. Beginning with the basics of EDI, the book walks through the pros and cons of such networks. It gives guidelines for who should implement and use it, operating issues, risks, control concerns and more. These sections are brief and to the point, suitable to give to non technical managers who may be considering EDI as a solution. The following three chapters (2 - 4) delve into the technical aspects and the standards governing their development and operating procedures. Covering infrastructure and standards, networks and telecommunications, and cross-vulnerabilities in EDI Partnerships, these chapters give a solid understanding of the issues at hand. This reading is not suggested for the technical neophyte! Dropping back out of the technical jargon, Chapter 5 (Managing Interenterprise Partnerships) seems to be more suited toward managers and legal staff. The next chapter jumps back into technical land and covers Application Control Issues, Security/Environmental/Project controls, Inbound/Outbound Control Issues and more. Maintaining the ping-pong style of writing, Chapter 7 (EDI Management and Environmental Control) delves into higher level project and planning. If your organization uses EDI, or is considering implementing it, this book is for you. Both management and the technical staff can get something out of this book by passing it back and forth to read chapters. For a one stop shop on EDI, this is it. review by: Brian Martin ISN is sponsored by Security-Focus.COM
Current thread:
- review: EDI Security, Control, and Audit mea culpa (Feb 02)