iPremier Case Study. EF. Edward Ferguson. Updated 26 November Transcript. iPremier Denial of Service Attack. Handlers. Zombies. Victim. Attacker. Founded in ; Based in Seattle Washington; Web-based commerce; Sell luxury, rare, and vintage goods; Customers mainly high-income. Develop their own security and facilities for storing data. Upgrade and maintain emergency procedures. Long Term Implementation.
|Genre:||Health and Food|
|Published (Last):||7 May 2014|
|PDF File Size:||4.85 Mb|
|ePub File Size:||9.7 Mb|
|Price:||Free* [*Free Regsitration Required]|
If the attack had been more serious and customer credit card information had been stolen, the course of action would have different.
iPremier – Harvard Business School Case
It is best for customers to hear about company mistakes directly from iPremier, rather than hearing it from third party sources, which could make the situation even more catastrophic. Having your own security experts helps a company, especially if you are storing data such as in this eCommerce company. Avoid Customer Discomfort No customers want to feel that they or their information was at risk for too long before being notified. Provide arguments to support a decision to do nothing and continue business as usual.
This would cause a loss of customers, because people would lose trust that their data is secure with this company.
I personally promise to update you with additional information as it becomes available to me. The situation will be evaluated according to these three reasons to understand if the company should disclose the event.
iPremier and Denial Of Service Attack — Case Study – Digital CIO
Did you settle on 2 or 3? Management Management at iPremier consisted of young people who had been with the company for some time and a group of experienced managers Well educated technical and business professionals with high performance reputation Values: Iprdmier did you settle on something in between?
This breach, though very damaging, can provide a great platform to communicate to constituents the changes iPremier intends to make to strengthen security and make it their number one priority. Menu Skip to content. Pull the plug, credit cards can be stolen. On January 12, several callers informed our technology department that they were unable to access our website.
The iPremier Company
Still, there are several other reasons to disclose to customers the potential for a breach: Second, QData was least cooperative in stopping the attack. Technically Qdata is the responsible party in this case. The network security employee was vacationing in Aruba and QData did not manage to have his back up replacement.
If iPremier had security experts in its team, they would have been able to understand the attack and stopped it immediately, even though QData did not have etudy security experts.
Importance of contingency planning Handling core business operations in a responsible and careful manner make sure the core business is in the right hands Importance of support from senior executives Unconditional collaboration in moments of crisis Importance of a good cultural environment relationships, innovations, entrepreneurship, team collaboration Define protocols and clear channels of communication Regular evaluation of the IT infrastructure vulnerability analysis, update protocols.
Our Information Technology department implemented a full array of emergency procedures to protect our computer systems, website, and customer information. Even though it is at night, any downtime longer than a few minutes will be noticed by external people and in the current information age, that would upremier be communicated through various means.
However, three constraints were blocking the way to have a new data company to replace QData.
Moral One could say that in case of such an event, a company has a moral obligation to inform customers about the potential adverse effects to them. The way the company responds to its first intrusion servers as a reference point for all constituents consumers, media, investors, etc.
However, this particular incident, albeit sophisticated, seems not to have truly threatened the integrity of customer data, as it was only directed at the firewall of the system. Economical As soon as the company pulled the plug, they would have to give an explanation to customers.
Because there is not a real threat of information being stolen, the argument of moral is not relevant; customers would feel overly threatened by something which is in fact not really dangerous. Reacting to client calls, we promptly contacted our upremier center, Qdata, and worked with them to identify and correct the problem. No Proper Disaster Recovery Plan: Do you have an iremier contact?
What course of action would you recommend? Their information could, for instance, be used for identity theft and credit card fraud. Responding to this information, we discovered our website had been accessed without our authorization. Fourth, the management of QData was reckless enough to allow intrusion by failing to implement basic mechanism such as employing security experts and building better network intrusion prevention tools. Reassure Customers about Security Notifying customers gives iPremier the opportunity to communicate to customers how important security is to the company, to speak about the changes the company would like to enact to strengthen security technology and protocols, and to work more closely with financial institutions and law enforcement officials to ensure customer protection.
You can be confident that ipreimer computer security experts continue to address the situation and have already etudy steps to strengthen our data-related security. As a result, iPremier can take credit for the way they address the problems forensics investigations, cooperation with financial institution, etc.
What significant errors did iPremier make that led to its troubles? The economic implications were not too damaging for iPremier because the intrusion took place in the middle of the night when US customer operations activity was at its lowest. In keeping with the best industry security practices, please remember that iPremier will never ask you to provide or confirm information including credit card numbers.
You are commenting using your Twitter account. Fundraising presentation – Alliance for a Healthier Generation. There are three main reasons to disclose this situation to the legislators and the public; legal, economical, and moral. Although the interruption to our website lasted less than 75 minutes, we intend to continue the investigation into the source of the intrusion.