Mahdi Seify

Document Type

Conference Proceeding


Edith Cowan University


Seify, M. (2005). Risk management in CRM security management. In Proceedings of 3rd Australian Information Security Management Conference (pp. 95-102). Edith Cowan University. Avaliable here.


In an increasing competitive world, marketing survival can be depended simply on timely new information on customers and market trend. One of the most important strategies in CRM (Customer Relationship Management) is to capture enough information from customers and using this information carefully [Ryals , Tinsley]. Of course security of this information is very important in CRM data management [Bryan]. Data management is a method for scheduling and controlling data saving, recovering and processing. This activity has been done continually or periodically[Bryan]. Security level of this information depends on the security policy of the organization. CRM security policy is the directives and practices for managing, protecting and distributing assets which are included sensitive information, within an organization and its CRM systems[ISO/IEC TR 13335, ISO/IEC 17799, and BS7799]. CRM security policy is a high level plan that focuses on the strategic security methodology and is not limited to the guideline, standard or control way and plays a critical role in the defense of CRM systems and network [Barman, M.Amanda]. CRM risk evaluation is a method for increasing the efficiency of CRM security policy. In the manner that security threats and vulnerabilities against CRM is identified by its priority [Greenstein, Bryan, and ISO/IEC TR 13335]. First of all in this article, the importance of risk management in CRM is found out and then the suggested method of security risk management is introduced.