'[ISN] review: EDI Security, Control, and Audit'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] review: EDI Security, Control, and Audit
From:       mea culpa <jericho () DIMENSIONAL ! COM>
Date:       2000-02-02 9:23:56
[Download RAW message or body]

amazon reviews: http://www.amazon.com/exec/obidos/ISBN=0890066108/insekurityorgA/

http://www.attrition.org/library/rev/0890066108.html
EDI Security, Control, and Audit
Albert J. Marcella, Jr. and Sally Chan
Artech ISBN: 0-89006-610-8

Electronic Data Interchange (EDI) is a computer-to-computer or
application-to-application exchange of business information in a standard
format. In 1992, there were over 31,000 known EDI users, with a steady
increase since 1987. EDI users can be found in such industries as
transportation, retail, grocery, automobiles, warehousing,
pharmaceuticals, healthcare and financial institutions.

     "EDI will change our lives, just as computers did. It will redefine the
      ways we work as it pushes us toward a knowledge-based society in which
      we pursue intellectual challenges while routine, noncreative tasks are
      assigned to computers."                - Gene A. Nelson

As a comprehensive book on EDI, several parts of the book deal more with
the operation and setup of such a network. This leads into the areas that
explain in technical detail the security and auditing of EDI networks.
Beginning with the basics of EDI, the book walks through the pros and cons
of such networks. It gives guidelines for who should implement and use it,
operating issues, risks, control concerns and more. These sections are
brief and to the point, suitable to give to non technical managers who may
be considering EDI as a solution.

The following three chapters (2 - 4) delve into the technical aspects and
the standards governing their development and operating procedures.
Covering infrastructure and standards, networks and telecommunications,
and cross-vulnerabilities in EDI Partnerships, these chapters give a solid
understanding of the issues at hand. This reading is not suggested for the
technical neophyte!

Dropping back out of the technical jargon, Chapter 5 (Managing
Interenterprise Partnerships) seems to be more suited toward managers and
legal staff. The next chapter jumps back into technical land and covers
Application Control Issues, Security/Environmental/Project controls,
Inbound/Outbound Control Issues and more. Maintaining the ping-pong style
of writing, Chapter 7 (EDI Management and

Environmental Control) delves into higher level project and planning.  If
your organization uses EDI, or is considering implementing it, this book
is for you. Both management and the technical staff can get something out
of this book by passing it back and forth to read chapters. For a one stop
shop on EDI, this is it.

review by: Brian Martin

ISN is sponsored by Security-Focus.COM

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic