iPremier Case Study. EF. Edward Ferguson. Updated 26 November Transcript. iPremier Denial of Service Attack. Handlers. Zombies. Victim. Attacker. Founded in ; Based in Seattle Washington; Web-based commerce; Sell luxury, rare, and vintage goods; Customers mainly high-income. Develop their own security and facilities for storing data. Upgrade and maintain emergency procedures. Long Term Implementation.

Author: Majind Ganris
Country: Sao Tome and Principe
Language: English (Spanish)
Genre: Life
Published (Last): 3 July 2010
Pages: 275
PDF File Size: 12.71 Mb
ePub File Size: 19.38 Mb
ISBN: 151-3-26579-904-5
Downloads: 7305
Price: Free* [*Free Regsitration Required]
Uploader: Grogrel

You are commenting using your Twitter account. This breach, though very damaging, can provide a great platform to communicate to constituents the changes iPremier intends to make to strengthen security and make it their number one priority. How did Ipremier Perform? The network security employee was vacationing in Aruba and QData did not manage to have his back up replacement. Leave a Reply Cancel reply Enter your comment here Their information could, for instance, be used for identity theft and credit card fraud.

However, this particular incident, albeit sophisticated, seems not to have truly threatened the integrity of customer data, as it was only directed at the firewall of the system. Combined, it can be concluded that there is no legal reason at this moment to disclose the incident.

iPremier – Harvard Business School Case

You can be confident that our computer security experts continue to address the situation and have already taken steps to strengthen our data-related security. This would cause a loss of customers, because people would lose trust that their data is secure with this company.

The situation will be evaluated according to these three reasons to understand if the company should disclose the event.

The harder a journalist has to dig up information about the breach the more value it will place on the story. Do you have an escalation contact?

Furthermore, the level of security seems to be high enough, even though there is some room for improvement. Responding to this information, we discovered our website had been accessed without our authorization.

As a consequence, even though giving information could be painful and embarrassing to the company, it is the best way to make it a one-day story.

If the plans were in place, it would have been easier for the CIO to stop the attack faster and perhaps backup data centers running the site live while preventing the data from intrusion. Provide arguments to support a decision to do nothing and continue business as usual. Warren Spangler We have a problem…. You are commenting using your Facebook account.


This site uses cookies. The profits should have been secondary to customer data security because the business was built on trust and losing customer confidence to shop on the website would prove fatal for the company. Management Management at iPremier consisted of young people who had been with the company for some time and a group of experienced managers Well educated technical and business professionals with high performance reputation Values: To find out more, including how to control cookies, see here: Second, company focused on immediate profits more than data security.

Luckily for iPremier, the attack was only a denial of service attack DoS possibly launched by a competitor or a script kiddie Austin, Pull the plug, credit cards can be stolen.

As a result, iPremier can take credit for the way they address the problems forensics investigations, cooperation with financial institution, etc. Without employing security experts, QData was nothing more than a data storage company, which does not prevent intrusion, but also does not assist in examining the attack. Although the interruption to our website lasted less than 75 minutes, we intend to continue the investigation into the source of the intrusion.

iPremier Case Study by Stefan Leonhardt on Prezi

I regret this event took place, but please know that I take your privacy very seriously, and I will kpremier everything in my power to protect your personal information. QData was certainly not the company iPremier would have outsourced their data works to.

Avoid Customer Discomfort No customers want to feel that they or their information ipremer at risk for too long before being ipremir. Reassure Customers about Security Notifying customers gives iPremier the opportunity to communicate to customers how important security is to the company, to speak about the changes the company would like to enact to strengthen security technology and protocols, and to work more closely with financial institutions and law enforcement officials to ensure customer protection.

Ipremirr IT department employees were not able to fully understand the nature stuey attack. Or did you settle on something in between? Importance of contingency planning Handling core business operations in a responsible and careful manner make sure the core business is in the right hands Importance of support from senior executives Unconditional collaboration in moments of crisis Importance of a good cultural environment relationships, innovations, entrepreneurship, team collaboration Define protocols and clear channels ipremeir communication Regular evaluation of the IT infrastructure vulnerability analysis, update protocols.


Notify me of new comments via email. I sincerely regret any inconvenience you may have experienced as a result of an unauthorized intrusion to our website. Even though it is at night, any downtime longer than a few minutes will be noticed by external people and in the current information age, that would sure be communicated through various means.

The company was not prepared and employees had no knowledge of disaster recovery plan in an emergency situation.

The iPremier Company

Even though the security breach lasted for only a short time, it provided some valuable lessons. Whether or not you recommend disclosure of some kind to customers, ipermier adopt that position for this question only. Publically disclosing the security breach might cripple the iPremier stock, but this is a chance they need to take if they want to maintain their customer loyalty. Make it a One-Day Story Communicating with the public early can reduce the chances that the media will leak details of the story in reports or publish critics.

Menu Skip ipremirr content. There are three main reasons to disclose this situation to the legislators and the public; legal, economical, and moral.

Fundraising presentation – Alliance for a Healthier Generation. Second, QData was least cooperative in stopping the attack. Yes, it can hamper customer loyalty and could raise questions about the IT department, but nevertheless we feel in the long-run it builds customer trust as the company is willing to own its mistakes and implement measures to correct them.

Moreover, the plan that Joanne had was out of date. However, three constraints were blocking ipermier way to have a new data company to replace QData. If law enforcement is involved, then the company has the obligation to notify the stuey. Not only QData, iPremier did not employ security cqse either in the IT team who could well understand and recommend procedures for the company to keep its data safe.