Your Learning Team is a cybersecurity engineering team for a financial services company that sells investments to, and manages investment portfolios for, high net-worth individuals.
Your organization just completed the migration of the account managers to a cloud-based, customer relationship management (CRM) software application. Your organization has integrated the cloud-based CRM with on-site investing and account management systems to improve the sales of investment products to customers and potential customers and for managing customer accounts and investment portfolios. Account managers are excited to use the new system, especially since it supports mobile device access.
Management hopes the new cloud-based CRM, integrated with the on-site software applications that manage customer accounts and investment portfolios, will help the organization to generate more leads, increase sales, improve customer service, reduce the cost of sales for the organization, and increase revenue.
The Chief Information Security Officer (CISO) of your organization is concerned about the security of this new system and its integration to existing systems, and has requested that your team complete the following 6- to 8-page security analysis: Create a plan that addresses the secure use of mobile devices by internal employees and external employees as they use mobile devices to access these applications. Recommend physical security and environmental controls to protect the data center that runs the on-site applications. Propose an audit assessment and processes that will be used to ensure the cloud-based CRM software provider uses appropriate physical security and environmental controls to protect their data centers that run your cloud-based CRM software. Develop identity and access management policies for both the on-site systems and the cloud-based CRM. Recommend cryptography and public key infrastructure (PKI) uses which could be used to increase security for these systems.