Step1: Gathering Information
The aim of this module is to collect all the important
information in the following assessments. Prior to
gathering input for the CRM asset identification and
valuation, the boundaries of the review should be
defined. A careful definition of boundaries at this stage
avoids unnecessary work and improves the quality of
the risk analysis. This module contains the steps:
Step1-1: Defining the CRM-Security Management
System (CRM-SMS)
The name of the company and scope of the review
are based on CRM security policy, interfaces and
dependencies are identified.
Step1-2: Identifying Assets
All assets in the CRM-SMS are identified like
customer information, CRM services, CRM document,
CRM arrangement and procedures, CRM software and
programs, CRM hardware, CRM media, connections
and communications, building and equipment, personnel
and organization and reputation.
Step1-3: Valuing Assets
Those wishing to carry out a detailed risk assessment
can identify values for the confidentiality, integrity and
availability of the CRM assets. In addition, another
valuation criterion can be identified for each CRM asset.
The valuation scale is low, medium or high.
Step2: Analyzing Gap
The Gap Analysis allows checking of the security
status of the CRM against the reasonable standard like
as BS 7799, ISO/IEC TR 13335, ISO/IEC 17799 and
TSSIT controls.
Step3: Identifying the Security Requirements (is
based on CRM security policy and gap analysis
report.)
This module concentrates on the identification of
security requirements resulting from threats and
vulnerabilities, and legal and business requirements. The
three steps in this module are:
Step3-1: Identifying the Threats and Vulnerabilities
A threat has the potential to harm the CRM system.
Threats may be of natural or human origin, and could be
accidental or deliberate; and on the other hand,
vulnerabilities includes identifying weaknesses in the
physical environment, organization procedures,
personnel, management, administration, hardware,
software, or communications equipment that may be
exploited by a threat source to cause harm to the assets.
The threats and vulnerabilities applicable for the
CRM assets are identified like as security breaches,
breaches of legislation, incidents, misuse, unauthorized
access, unauthorized changes, malicious code,
processing errors, threats to information exchange, threat related to cryptography, user's errors, threat to
mobile computing/teleworking, physical threats and
disaster and interruptions.
Step3-2: Identifying the Legal and Contractual
Obligations
The legal and contractual obligations applicable for
the CRM assets are identified like compliance with
governing and marketing laws, data protection and
privacy of customer information, intellectual property
rights (IPR) and CRM software copyright, Outsourcing
contract, right of audit in third party contracts, sub
contractual obligations and assignment, regulation of
cryptography controls, evidence in connection with
litigation, prevention of misuse of information
processing facilities and safeguard of CRM system and
organizational records.
Step3-3: Identifying the Business Requirements
The business requirements applicable for the CRM
assets are identified, like co-ordination of security
actives, compliance with standards, compliance with
CRM security policy, confidence by key institution,
correct business processing, maintenance by
competitiveness, out sourcing and use of third party
contractors, secure electronic commerce, secure internet,
secure intranet, secure mobile business, secure
teleworking, timely deliveries to customers and clients
and timely start of new ventures. threat related to cryptography, user's errors, threat to
mobile computing/teleworking, physical threats and
disaster and interruptions.
Step3-2: Identifying the Legal and Contractual
Obligations
The legal and contractual obligations applicable for
the CRM assets are identified like compliance with
governing and marketing laws, data protection and
privacy of customer information, intellectual property
rights (IPR) and CRM software copyright, Outsourcing
contract, right of audit in third party contracts, sub
contractual obligations and assignment, regulation of
cryptography controls, evidence in connection with
litigation, prevention of misuse of information
processing facilities and safeguard of CRM system and
organizational records.
Step3-3: Identifying the Business Requirements
The business requirements applicable for the CRM
assets are identified, like co-ordination of security
actives, compliance with standards, compliance with
CRM security policy, confidence by key institution,
correct business processing, maintenance by
competitiveness, out sourcing and use of third party
contractors, secure electronic commerce, secure internet,
secure intranet, secure mobile business, secure
teleworking, timely deliveries to customers and clients
and timely start of new ventures. threat related to cryptography, user's errors, threat to
mobile computing/teleworking, physical threats and
disaster and interruptions.
Step3-2: Identifying the Legal and Contractual
Obligations
The legal and contractual obligations applicable for
the CRM assets are identified like compliance with
governing and marketing laws, data protection and
privacy of customer information, intellectual property
rights (IPR) and CRM software copyright, Outsourcing
contract, right of audit in third party contracts, sub
contractual obligations and assignment, regulation of
cryptography controls, evidence in connection with
litigation, prevention of misuse of information
processing facilities and safeguard of CRM system and
organizational records.
Step3-3: Identifying the Business Requirements
The business requirements applicable for the CRM
assets are identified, like co-ordination of security
actives, compliance with standards, compliance with
CRM security policy, confidence by key institution,
correct business processing, maintenance by
competitiveness, out sourcing and use of third party
contractors, secure electronic commerce, secure internet,
secure intranet, secure mobile business, secure
teleworking, timely deliveries to customers and clients
and timely start of new ventures. threat related to cryptography, user's errors, threat to
mobile computing/teleworking, physical threats and
disaster and interruptions.
Step3-2: Identifying the Legal and Contractual
Obligations
The legal and contractual obligations applicable for
the CRM assets are identified like compliance with
governing and marketing laws, data protection and
privacy of customer information, intellectual property
rights (IPR) and CRM software copyright, Outsourcing
contract, right of audit in third party contracts, sub
contractual obligations and assignment, regulation of
cryptography controls, evidence in connection with
litigation, prevention of misuse of information
processing facilities and safeguard of CRM system and
organizational records.
Step3-3: Identifying the Business Requirements
The business requirements applicable for the CRM
assets are identified, like co-ordination of security
actives, compliance with standards, compliance with
CRM security policy, confidence by key institution,
correct business processing, maintenance by
competitiveness, out sourcing and use of third party
contractors, secure electronic commerce, secure internet,
secure intranet, secure mobile business, secure
teleworking, timely deliveries to customers and clients
and timely start of new ventures. threat related to cryptography, user's errors, threat to
mobile computing/teleworking, physical threats and
disaster and interruptions.
Step3-2: Identifying the Legal and Contractual
Obligations
The legal and contractual obligations applicable for
the CRM assets are identified like compliance with
governing and marketing laws, data protection and
privacy of customer information, intellectual property
rights (IPR) and CRM software copyright, Outsourcing
contract, right of audit in third party contracts, sub
contractual obligations and assignment, regulation of
cryptography controls, evidence in connection with
litigation, prevention of misuse of information
processing facilities and safeguard of CRM system and
organizational records.
Step3-3: Identifying the Business Requirements
The business requirements applicable for the CRM
assets are identified, like co-ordination of security
actives, compliance with standards, compliance with
CRM security policy, confidence by key institution,
correct business processing, maintenance by
competitiveness, out sourcing and use of third party
contractors, secure electronic commerce, secure internet,
secure intranet, secure mobile business, secure
teleworking, timely deliveries to customers and clients
and timely start of new ventures.
Step1: Gathering Information
The aim of this module is to collect all the important
information in the following assessments. Prior to
gathering input for the CRM asset identification and
valuation, the boundaries of the review should be
defined. A careful definition of boundaries at this stage
avoids unnecessary work and improves the quality of
the risk analysis. This module contains the steps:
Step1-1: Defining the CRM-Security Management
System (CRM-SMS)
The name of the company and scope of the review
are based on CRM security policy, interfaces and
dependencies are identified.
Step1-2: Identifying Assets
All assets in the CRM-SMS are identified like
customer information, CRM services, CRM document,
CRM arrangement and procedures, CRM software and
programs, CRM hardware, CRM media, connections
and communications, building and equipment, personnel
and organization and reputation.
Step1-3: Valuing Assets
Those wishing to carry out a detailed risk assessment
can identify values for the confidentiality, integrity and
availability of the CRM assets. In addition, another
valuation criterion can be identified for each CRM asset.
The valuation scale is low, medium or high.
Step2: Analyzing Gap
The Gap Analysis allows checking of the security
status of the CRM against the reasonable standard like
as BS 7799, ISO/IEC TR 13335, ISO/IEC 17799 and
TSSIT controls.
Step3: Identifying the Security Requirements (is
based on CRM security policy and gap analysis
report.)
This module concentrates on the identification of
security requirements resulting from threats and
vulnerabilities, and legal and business requirements. The
three steps in this module are:
Step3-1: Identifying the Threats and Vulnerabilities
A threat has the potential to harm the CRM system.
Threats may be of natural or human origin, and could be
accidental or deliberate; and on the other hand,
vulnerabilities includes identifying weaknesses in the
physical environment, organization procedures,
personnel, management, administration, hardware,
software, or communications equipment that may be
exploited by a threat source to cause harm to the assets.
The threats and vulnerabilities applicable for the
CRM assets are identified like as security breaches,
breaches of legislation, incidents, misuse, unauthorized
access, unauthorized changes, malicious code,
processing errors, threats to information exchange, threat related to cryptography, user's errors, threat to
mobile computing/teleworking, physical threats and
disaster and interruptions.
Step3-2: Identifying the Legal and Contractual
Obligations
The legal and contractual obligations applicable for
the CRM assets are identified like compliance with
governing and marketing laws, data protection and
privacy of customer information, intellectual property
rights (IPR) and CRM software copyright, Outsourcing
contract, right of audit in third party contracts, sub
contractual obligations and assignment, regulation of
cryptography controls, evidence in connection with
litigation, prevention of misuse of information
processing facilities and safeguard of CRM system and
organizational records.
Step3-3: Identifying the Business Requirements
The business requirements applicable for the CRM
assets are identified, like co-ordination of security
actives, compliance with standards, compliance with
CRM security policy, confidence by key institution,
correct business processing, maintenance by
competitiveness, out sourcing and use of third party
contractors, secure electronic commerce, secure internet,
secure intranet, secure mobile business, secure
teleworking, timely deliveries to customers and clients
and timely start of new ventures. threat related to cryptography, user's errors, threat to
mobile computing/teleworking, physical threats and
disaster and interruptions.
Step3-2: Identifying the Legal and Contractual
Obligations
The legal and contractual obligations applicable for
the CRM assets are identified like compliance with
governing and marketing laws, data protection and
privacy of customer information, intellectual property
rights (IPR) and CRM software copyright, Outsourcing
contract, right of audit in third party contracts, sub
contractual obligations and assignment, regulation of
cryptography controls, evidence in connection with
litigation, prevention of misuse of information
processing facilities and safeguard of CRM system and
organizational records.
Step3-3: Identifying the Business Requirements
The business requirements applicable for the CRM
assets are identified, like co-ordination of security
actives, compliance with standards, compliance with
CRM security policy, confidence by key institution,
correct business processing, maintenance by
competitiveness, out sourcing and use of third party
contractors, secure electronic commerce, secure internet,
secure intranet, secure mobile business, secure
teleworking, timely deliveries to customers and clients
and timely start of new ventures. threat related to cryptography, user's errors, threat to
mobile computing/teleworking, physical threats and
disaster and interruptions.
Step3-2: Identifying the Legal and Contractual
Obligations
The legal and contractual obligations applicable for
the CRM assets are identified like compliance with
governing and marketing laws, data protection and
privacy of customer information, intellectual property
rights (IPR) and CRM software copyright, Outsourcing
contract, right of audit in third party contracts, sub
contractual obligations and assignment, regulation of
cryptography controls, evidence in connection with
litigation, prevention of misuse of information
processing facilities and safeguard of CRM system and
organizational records.
Step3-3: Identifying the Business Requirements
The business requirements applicable for the CRM
assets are identified, like co-ordination of security
actives, compliance with standards, compliance with
CRM security policy, confidence by key institution,
correct business processing, maintenance by
competitiveness, out sourcing and use of third party
contractors, secure electronic commerce, secure internet,
secure intranet, secure mobile business, secure
teleworking, timely deliveries to customers and clients
and timely start of new ventures. threat related to cryptography, user's errors, threat to
mobile computing/teleworking, physical threats and
disaster and interruptions.
Step3-2: Identifying the Legal and Contractual
Obligations
The legal and contractual obligations applicable for
the CRM assets are identified like compliance with
governing and marketing laws, data protection and
privacy of customer information, intellectual property
rights (IPR) and CRM software copyright, Outsourcing
contract, right of audit in third party contracts, sub
contractual obligations and assignment, regulation of
cryptography controls, evidence in connection with
litigation, prevention of misuse of information
processing facilities and safeguard of CRM system and
organizational records.
Step3-3: Identifying the Business Requirements
The business requirements applicable for the CRM
assets are identified, like co-ordination of security
actives, compliance with standards, compliance with
CRM security policy, confidence by key institution,
correct business processing, maintenance by
competitiveness, out sourcing and use of third party
contractors, secure electronic commerce, secure internet,
secure intranet, secure mobile business, secure
teleworking, timely deliveries to customers and clients
and timely start of new ventures. threat related to cryptography, user's errors, threat to
mobile computing/teleworking, physical threats and
disaster and interruptions.
Step3-2: Identifying the Legal and Contractual
Obligations
The legal and contractual obligations applicable for
the CRM assets are identified like compliance with
governing and marketing laws, data protection and
privacy of customer information, intellectual property
rights (IPR) and CRM software copyright, Outsourcing
contract, right of audit in third party contracts, sub
contractual obligations and assignment, regulation of
cryptography controls, evidence in connection with
litigation, prevention of misuse of information
processing facilities and safeguard of CRM system and
organizational records.
Step3-3: Identifying the Business Requirements
The business requirements applicable for the CRM
assets are identified, like co-ordination of security
actives, compliance with standards, compliance with
CRM security policy, confidence by key institution,
correct business processing, maintenance by
competitiveness, out sourcing and use of third party
contractors, secure electronic commerce, secure internet,
secure intranet, secure mobile business, secure
teleworking, timely deliveries to customers and clients
and timely start of new ventures.
การแปล กรุณารอสักครู่..