Trusty Carpets: Security Requirements for CRM System Development

Verified

Added on 2019/10/01

AI Summary

This report outlines the security requirements for the development and implementation of a Customer Relationship Management (CRM) system for Trusty Carpets. The company, consisting of Trusty Carpets store, Metro Carpets store, and Mike’s carpet installation business, aims to integrate its sales, customer service, and customer base through the SalesforceIQ CRM. The document details crucial security aspects, including authentication and access control with two-factor verification and administrator privileges, network security with automated monitoring tools, intrusion detection, and prevention systems. It further addresses secure communication and reporting using SSL/SHTTP and encryption, transactional security ensuring ACID properties, and information security focusing on confidentiality, integrity, and availability through measures like anti-malware tools, firewalls, and anti-denial tools to safeguard against potential data breaches and attacks. The report emphasizes the need for robust security protocols to protect sensitive customer data, sales information, and other organizational resources within the cloud-based CRM system.

qwertyuiopasdfghjklzxcvbnmqwe
rtyuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiopa
sdfghjklzxcvbnmqwertyuiopasdfg
hjklzxcvbnmqwertyuiopasdfghjklz
xcvbnmqwertyuiopasdfghjklzxcv
bnmqwertyuiopasdfghjklzxcvbnm
qwertyuiopasdfghjklzxcvbnmqwe
rtyuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiopa
sdfghjklzxcvbnmqwertyuiopasdfg
hjklzxcvbnmqwertyuiopasdfghjklz
xcvbnmqwertyuiopasdfghjklzxcv
bnmqwertyuiopasdfghjklzxcvbnm
qwertyuiopasdfghjklzxcvbnmqwe
rtyuiopasdfghjklzxcvbnmrtyuiopa
sdfghjklzxcvbnmqwertyuiopasdfg
Trusty Carpets
Requirements Checklist
6/23/2017

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Trusty Carpets
Table of Contents
Introduction.................................................................................................................................................3
Security Requirements.................................................................................................................................3
Authentication and Access Control.........................................................................................................3
Network Security.....................................................................................................................................3
Secure Communications & Reporting.....................................................................................................4
Transactional Security.............................................................................................................................4
Information Security – Confidentiality, Integrity & Availability.............................................................5
References...................................................................................................................................................6
2

Trusty Carpets
Introduction
Trusty Carpets is a carpet store that is owned and run by Jerry Montgomery since past twenty
years. Currently, there are three components of the system as Trusty Carpets store, the Metro
Carpets store, and Mike’s carpet installation business. All of these components have a separate
sales system along with separate customer services and customer base associated with it. The
business was established a long time back and has largely expanded since its inception. The sales
numbers and profits have also gone up over the years.
Looking at the current problems of Trusty Carpets, it has been proposed that an integrated sales
Customer Relationship Management (CRM) system shall be developed and implemented in the
company. SalesforceIQ CRM is the system that has been proposed by the business experts which
is required to be deployed in Trusty Carpets. The document covers the security requirements
associated with the CRM system.
Security Requirements
Authentication and Access Control
SalesforceIQ, Customer Relationship Management (CRM) system that is required to be
developed for Trusty Carpets shall have enhanced authentication and access control implemented
in the system. The entry to the system shall be protected and validated with two-fold
authentication verification with the aid of a user id and password combination along with a
biometric check for granting access to the system. Also, there shall be access control
implemented in the database of the CRM system to allow only the authenticated users to access
the database and carry out data related operations in the system. There shall be an administrator
account created and only the admin user shall be able to make changes in the database and set up
the user privileges (Jonsson, 2017).
Network Security
The second security requirement that shall be implemented in the CRM system shall be in the
form of network security.
3

Trusty Carpets
The CRM system will be a cloud based system and therefore there may be a number of security
attacks that may occur in the system. It is because of the reason that enhanced network security
shall be present in the system. There shall be automated network monitoring tools that shall be
implemented in the system that shall record all of the network activity related with Trusty
Carpets. These tools will record all the network activities and will store them in the form of
network logs which may be accessible and reviewed by the network experts to get an idea of all
of the network related operations. Intrusion detection and prevention systems shall also be
installed in the CRM system for Trusty Carpets to make sure that the intruders do not enter the
networks (Boneh and Mitchell, 2010).
Secure Communications & Reporting
Communication and reporting will be an integral element of the CRM system for Trusty Carpets.
The system will be an integrated system for all of the three components of the organization as
Trusty Carpets store, the Metro Carpets store, and Mike’s carpet installation business. The single
system will provide various entities associated with the organization to communicate with each
other. The customers will be able to easily contact the business representatives and executives
and vice versa. Also, there will be a number of reports that will be exchanged between the
various entities internal and external to the organization such as sales data and reports, customer
related reports and so on (Gong, 2014).
Protection and security of all these reports along with the communication channels will be
necessary to make sure that the information associated with Trusty Carpets does not go in wrong
hands. It is because of this reason that a secure communication channel shall be utilized along
with a Server Socket Layer (SSL) and Secure Hypertext Transfer Protocol (SHTTP). Also, the
reports that shall be exchanged shall be protected using encryption of the reports. These security
requirements shall be implemented in the CRM system for the organization so that reporting and
communication system shall always be secured.
Transactional Security
There will be a number of transactions that will take place in the CRM system that will be
developed for Trusty Carpets. These data transactions shall be protected in the CRM system to
make sure that the ACID properties associated with the database as atomicity, consistency,
isolation and durability are maintained in all of the transactions. These requirements shall be met
4

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Trusty Carpets
by making use of the automated verification and validation tools implemented in the CRM
system for enhancing the transactional security of the system (Hwang, 2010).
Information Security – Confidentiality, Integrity & Availability
There will be a lot of information that will be associated with the CRM system for Trusty
Carpets such as customer related information, sales data and information, information associated
with the resources of the organization, market data and a lot more. Many of the internal and
external entities will have the access to these information sets and therefore, it will be necessary
to protect these information sets.
Three of the most important properties of information that must be protected in the CRM system
shall be information confidentiality, integrity and availability.
There may be data and information breaches and leaks that may occur in the cloud based CRM
system that will be developed and deployed for Trusty Carpets. These issues shall be tackled
with the aid of enhanced authentication and access control along with the deployment of anti-
malware tools and packages in the system. Also, there shall be use of firewalls and proxy servers
done to enhance the confidentiality of the information (Akter, 2013).
Integrity issues will also be required to be prevented with the aid of enhanced transactional
security and there shall be activity monitors that shall be installed to check on each of the activity
taking place in the CRM systems.
The availability attacks can occur in the CRM systems in the form of denial attacks and a
number of other flooding attacks. These attacks shall be controlled by fulfilling the requirement
associated with the installation of anti-denial tools in the CRM system. These tools will prevent
the occurrence of the denial of service and other denial attacks in the system.
5

Trusty Carpets
References
Akter, L. (2013). Information Security in Cloud Computing. [online] Available at:
http://airccse.org/journal/ijitcs/papers/3413ijitcs02.pdf [Accessed 23 Jun. 2017].
Boneh, D. and Mitchell, J. (2010). Computer and Network Security. [online] Available at:
https://crypto.stanford.edu/cs155old/cs155-spring11/lectures/01-intro-thompson.pdf [Accessed
23 Jun. 2017].
Gong, G. (2014). Communication System Security. [online] Available at:
https://www.frisc.no/wp-content/uploads/2014/05/finse2014-gong.pdf [Accessed 23 Jun. 2017].
Hwang, K. (2010). Trusted Cloud Computing with Secure Resources and Data Coloring.
[online] Available at: http://gridsec.usc.edu/hwang/papers/trusted-cloud-computing.pdf
[Accessed 23 Jun. 2017].
Jonsson, E. (2017). Authentication and Access Control. [online] Available at:
http://www.cse.chalmers.se/edu/year/2016/course/course/EDA263/oh15/L04%20authentication
%20and%20access%20control.pdf [Accessed 23 Jun. 2017].
6