other business process part 2 (Customer Relationship Management (CRM…
other business process part 2
Customer Relationship Management
The customer-driven business trend is to be focused on the wants and needs of the customers.
emphasizes the importance of following rather than on products.
focusing on information relating to transaction data,
demographic information and
service trends of customers,
optimum combination of strategy,
skill sets and technology.
Customer-centered applications focus on CRM processes
This includes , and
integration of telephony,
web and database technologies
inter- enterprise integration capabilities.
other business partners can share information, communicate and collaborate with the organization with the seamless integration of webenabled applications and without changing their local network and other configurations.
Operational CRM is concerned with
maximizing the utility of the customer’s service experience
while also capturing useful data about the customer interaction
Analytical CRM seeks to
information captured by the organization about its customers
and their interactions with the organization into information that allows greater value to be obtained from the customer base.
Among uses of analytical CRM are
customer product holdings or “share of customer wallet,”
increasing moving customers into higher margin products,
moving customers to lower-cost service channels,
increasing marketing success rates,
and making pricing decisions.
Artificial Intelligence and Expert Systems
Artificial intelligence (AI) is the study and application of the principles by which:
• Knowledge is acquired and used.
• Goals are generated and achieved.
• Information is communicated.
• Collaboration is achieved.
• Concepts are formed.
• Languages are developed
AI fields include, among others:
• Expert systems
• Natural and artificial (such as programming) languages
• Neural networks
• Intelligent text management
• Theorem proving
• Abstract reasoning
• Pattern recognition
• Voice recognition
• Problem solving
• Machine translation of foreign languages
Expert systems are an area of AI and perform a specific function or are prevalent in certain industries.
how it works?
An expert system allows the user to specify certain basic assumptions or formulas and then uses these assumptions or formulas to analyze arbitrary events.
Based on the information used as input to the system, a conclusion is produced
The use of expert systems has many potential benefits within an organization including
• Capturing the knowledge and experience of individuals
• Enhancing personnel productivity and performance
• Automating highly (statistically) repetitive tasks (help desk, score credits, etc.)
• Sharing knowledge and experience
• Operating in environments
where a human expert is not available
(e.g., medical assistance on board of a ship, satellites)
Key to the system is the knowledge base (KB), which contains
specific information or fact patterns associated with particular subject matter
and the rules for interpreting these facts.
interfaces with a database
in obtaining data to analyze a particular problem in deriving an expert conclusion.
The information in the KB can be expressed in several ways:
Use of questionnaires to lead the user through a series of choices, until a conclusion is reached. Flexibility is compromised because the user must answer the questions in an exact sequence.
Expression of declarative knowledge through the use of if-then relationships.
For example, if a patient’s body temperature is over 39°C(102.2°F) and their pulse is under 60, then the patient might be suffering from a certain disease.
Use of a graph in which the
nodes represent physical or conceptual objects
and the arcs describe the relationship between the nodes.
resemble a data flow diagram and make use of an
inheritance mechanism to prevent duplication of data.
inference engine shown is a program that uses the KB and determines the most appropriate outcome based on the information supplied by the user.
In addition, an expert system includes the following components:
– Knowledge interface—Inclusion of knowledge from an expert into the system without the traditional mediation of a software engineer
– Data interface—Collection of data from nonhuman sources through an expert system,
such as measurement instruments in a power plant
IS Auditor’s Role in Expert Systems
Well-designed questionnaires or software that integrates and reports on system parameters and data sets are available to assist IS auditors in reviewing these systems.
Other accounting-and auditing-related applications for expert systems include audit planning, internal control analysis, account attribute analysis, quality review, accounting decisions, tax planning and user training
An IS auditor needs to be concerned with
the controls relevant to these systems when used as an integral part of an organization’s business process or mission-critical functions,
and the level of experience or intelligence used as a basis for developing the software.
Specifically, an IS auditor should perform the following activities:
• Understand the
purpose and functionality of the system.
• Assess the system’s
to the organization and related businesses processes as well as the
associated potential risk.
• Review the
adherence of the system to corporate policies and procedures.
• Review the
decision logic built into the system to ensure that the expert knowledge or intelligence in the system is sound and accurate.
An IS auditor should ensure that the proper level of expertise was used in developing the basic assumptions and formulas.
procedures for updating information in the KB.
security access over the system, specifically the KB.
• Review procedures
to ensure that qualified resources are available for maintenance and upgrading
Industrial Control Systems see image 13
Industrial control system (ICS) is a general term that encompasses several types of control systems, including
supervisory control and data acquisition(SCADA) systems,
distributed control systems (DCS),
and other control system configurations such as
programmable logic controllers (PLC),
often found in the industrial sectors and critical infrastructures.
• Blocked or delayed flow of information through ICS networks, which could disrupt ICS operation
• Unauthorized changes to
commands or alarm thresholds,
damage, disable or shut down equipment,
create environmental impacts, and/or endanger human life
• Inaccurate information sent to system operators which could have various negative effects
, either to disguise unauthorized changes
or to cause the operators to initiate inappropriate actions,
• ICS software or configuration settings modified, or ICS software
infected with MALWARE
, which could have various negative effects
Interference with the operation of safety systems,
which could endanger human life
Restricting logical access to the ICS network and network activity. This includes
using a demilitarized zone (DMZ) network architecture with firewalls to prevent network traffic from passing directly between the corporate and ICS networks
and having separate authentication mechanisms and credentials for users of the corporate and ICS networks.
The ICS should also use a network topology that has multiple layers, with the most critical communications occurring in the most secure and reliable layer
Restricting physical access to the ICS network and devices.
Unauthorized physical access to components could cause serious disruption of the ICS’s functionality.
A combination of physical access controls should be used, such as locks, card readers and/or guards.
Protecting individual ICS components from exploitation. This includes ;
deploying security patches in as expeditious a manner as possible, after testing them under field conditions
disabling all unused ports and services;
restricting ICS user privileges
to only those that are required for each person’s role;
tracking and monitoring audit trails;
and using security controls such as antivirus software and file integrity checking software,
where technically feasible, to prevent, deter, detect and mitigate malware
Maintaining functionality during adverse conditions.
This involves designing the ICS so that
each critical component has a redundant counterpart.
Additionally, if a component fails, it should fail in a manner that does not generate unnecessary traffic on the ICS or other networks, or does not cause another problem elsewhere, such as a cascading event
Restoring the system after an incident. Incidents are inevitable, and an incident response plan is essential. .
A major characteristic of a good security program is how quickly a system can be recovered after an incident has occurred