Your organization initiated an outsourcing project to develop the customer relationship management (CRM) system that would operate on a PaaS from a public cloud service provider. Mobile devices as CRM clients are purchased from a well-known brand. As a project manager, which of the following is the least concern in terms of procurement? (Wentz QOTD)
A. System and Organization Controls (SOC)
B. Capability Maturity Model Integration (CMMI)
C. Trusted Computer System Evaluation Criteria (TCSEC)
D. CISSP (Certified Information Systems Security Professional)

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Trusted Computer System Evaluation Criteria (TCSEC).

The US DoD promulgate the Trusted Computer System Evaluation Criteria (TCSEC) to evaluate computer systems to render assurance. However, it was obsolete and superseded by the Common Criteria (ISO 15408), which is more suitable for evaluating IT products, e.g., mobile devices as CRM clients mentioned in the question.

The public cloud service provider can provide System and Organization Controls (SOC) reports to its customers to increase confidence in security and privacy.

The Capability Maturity Model Integration (CMMI) helps evaluate the outsourcing vendor’s capability of software development.

A CISSP (Certified Information Systems Security Professional) helps consider security across the software development life cycle.

Reference

• Cyber Supply Chain Best Practices
• SOC for Service Organizations
• SOC 2 Reporting Changes Coming End of 2018
• C-SCRM REFERENCES
• BYOD vs. CYOD vs. COPE: What’s the Difference?

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

• It is available on Amazon.
• Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.

您的組織啟動了一個外包項目，以開發客戶關係管理（CRM）系統，該系統將在公有雲服務提供商的PaaS上運行。 作為CRM用戶端的行動裝置是從知名品牌購買的。 作為專案經理，在採購方面，以下哪項是最不值得關注的？？(Wentz QOTD)
A. System and Organization Controls (SOC)
B. Capability Maturity Model Integration (CMMI)
C. Trusted Computer System Evaluation Criteria (TCSEC)
D. CISSP (Certified Information Systems Security Professional)