Imagine that you are a security professional who has been assigned to a Joint Application Development (JAD) team responsible for developing the business requirements for a new Customer Relationship Management (CRM) information system. You are preparing some notes for the JAD meeting. You know that CRMs can be useful for improving how customers interact with businesses, but CRMs can also be used to collect massive amounts of customer information that may be personal identification information. You want to ensure that the JAD team understands that system requirements drive how the information system and its information must be protected.
Write a paper explaining to the JAD team how business requirements affect how the system will be used.
Identify two internal threats and two external threats to the new CRM and what must be done to protect the system.