iPremier Case Study. EF. Edward Ferguson. Updated 26 November Transcript. iPremier Denial of Service Attack. Handlers. Zombies. Victim. Attacker. Founded in ; Based in Seattle Washington; Web-based commerce; Sell luxury, rare, and vintage goods; Customers mainly high-income. Develop their own security and facilities for storing data. Upgrade and maintain emergency procedures. Long Term Implementation.
|Published (Last):||13 February 2013|
|PDF File Size:||13.60 Mb|
|ePub File Size:||9.98 Mb|
|Price:||Free* [*Free Regsitration Required]|
Reacting to client calls, we promptly contacted our data center, Qdata, and worked with them to identify and correct the problem.
The iPremier Company
If the plans were in place, it would have been easier for the CIO to stop the attack faster and perhaps backup data centers running the site live while preventing the data from intrusion.
The company faced serious security issues, which led to their immediate downfall. The way the company responds to its first intrusion servers as a reference point for all casee consumers, media, investors, etc.
QData was certainly not the company iPremier would have outsourced their data works to. Furthermore, the level of security seems to be high enough, even though there is some room for caze. Management Management at iPremier consisted of young people who had been with the company for some time and a group of experienced managers Well educated technical and business professionals with high performance reputation Values: Although the interruption to our website lasted less than casse minutes, we intend to continue the investigation into the source of the intrusion.
Importance of stuxy planning Handling core business operations in a responsible and careful manner make sure the core business is in the right hands Importance of support from senior executives Unconditional collaboration in moments of crisis Importance of a good cultural environment relationships, innovations, entrepreneurship, team collaboration Define protocols and clear channels of communication Regular evaluation of the IT infrastructure vulnerability analysis, update protocols.
Without employing security experts, QData was nothing more than a data storage company, which does not prevent intrusion, etudy also does not assist in examining the attack. By continuing to use this website, you agree to their use.
iPremier Case Study by Edward Ferguson on Prezi
It is best for customers to hear about company mistakes directly from iPremier, rather than hearing it from third party sources, which could make the situation even more catastrophic.
Reassure Customers about Security Notifying customers gives iPremier the opportunity to communicate to customers how important security is to the company, to speak about the changes the company would like to enact to strengthen security technology and protocols, and to work more closely with financial institutions and law enforcement officials to ensure customer protection.
Fourth, the management of QData was reckless enough to allow intrusion by failing to implement basic mechanism such as employing security experts and building better network intrusion prevention tools.
How did Ipremier Perform? You are commenting using your Facebook account. In general, when security has been severely breached and personal data, such as addresses, purchases, or credit card information, has been stolen, a company is required by law to disclose this event.
iPremier Case Study by Stefan Leonhardt on Prezi
You are commenting using your Twitter account. The IT department employees were not able to fully understand the nature of attack. Publically disclosing the security breach might cripple the iPremier stock, but this is a chance they need to take if they want to maintain their customer loyalty. Provide arguments to support a decision to do nothing and continue business as usual. Luckily for iPremier, the attack was only a denial of service attack DoS possibly launched by a competitor or a script kiddie Austin, Fundraising presentation – Alliance for a Healthier Generation.
I regret this event took place, but please know that I take your privacy very seriously, and I will do everything in my power to protect your personal information. The economic implications were not too damaging for iPremier because the intrusion took place in the middle of the night when US customer operations activity was at its lowest. However, this particular incident, albeit sophisticated, seems not to have truly threatened the integrity of customer data, as it was only directed at the firewall of the system.
Do you have an escalation contact? Fill in your details below or click an icon to log in: If iPremier had security experts in its team, they would have been able to understand the attack and stopped it immediately, even though QData did not have the security experts. No Proper Disaster Recovery Plan: There are three main reasons to disclose this situation to the legislators and the public; legal, economical, and moral. Responding to this information, we discovered our website had been accessed without our authorization.
In turn, this would threaten the future of the company and is therefore not worth it.
Moral One could say that in case of such an event, a company has a moral obligation to inform customers about the potential ipremjer effects to them. Not only QData, iPremier did not employ security experts either in the IT team who could well understand and recommend procedures for the company to keep its data safe. First, QData did not employ security and network breach experts on site twenty four — seven, all year around.
What significant errors did iPremier make that led to its troubles? Economical As soon as the company pulled the ipremler, they would have to give an explanation to customers. January 17, Dear Loyal iPremier Consumer: Their information could, for instance, be used for identity theft and credit card fraud.
The network security employee was vacationing in Aruba and QData did not manage to have his back up replacement.
Moreover, the plan that Joanne had was out of date. This is my legal perspective Peter Stewart.
Based on the arguments in 2 and 3 we settled on an in-between solution. If law enforcement is involved, then the company has the obligation to notify the consumer.