iPremier Case Study. EF. Edward Ferguson. Updated 26 November Transcript. iPremier Denial of Service Attack. Handlers. Zombies. Victim. Attacker. Founded in ; Based in Seattle Washington; Web-based commerce; Sell luxury, rare, and vintage goods; Customers mainly high-income. Develop their own security and facilities for storing data. Upgrade and maintain emergency procedures. Long Term Implementation.
||21 December 2018
|PDF File Size:
|ePub File Size:
||Free* [*Free Regsitration Required]
How did Ipremier Perform? To find out more, including how to control cookies, see here: This would cause a loss of customers, because people would lose trust that their data is secure with this company. However, regardless of the severity of the attack, iPremier still has a moral obligation to let their customers know about the security breach. By continuing to use this website, you agree to their use.
Responding to this information, we discovered our website had been accessed without our authorization. As a result, iPremier can take credit for the way they address the problems forensics investigations, cooperation with financial institution, etc. There were no employees to assist Joanne.
As no data has been stolen, there is no economical reason to disclose the event. Make it a One-Day Story Communicating with the public early can reduce the chances that the media will leak details iprdmier the story in reports or publish critics.
iPremier and Denial Of Service Attack — Case Study
However, this particular incident, albeit sophisticated, seems not to have truly threatened the integrity of customer data, as it was only directed at the firewall of the system.
These penalizations can be amplified by class action lawsuit, potentially initiated with victims of the security breach.
A formal contract is not formed in a B2C relationship which places iPremier ipfemier the MARKET section of the matrix as it provides goods, processes payments and maintains customer profiles. Based on the arguments in 2 and 3 we settled on an in-between solution. It is critical for a business to develop a business continuity plan and train its employees because the disasters do not come forewarned.
Although personal relationships are foundation of most deals made caxe business, Raj should not have compromised with the customer data security by allowing an unsecure and unreliable data company to host iPremier website and retain customer data. Even though it is at night, any downtime longer than a few minutes will be sthdy by external people and in the current information age, that would sure be communicated through various means.
Third, one of the cofounders of iPremier enjoyed a personal relationship with QData. Importance of contingency planning Handling core business operations in a responsible and careful manner make sure the core business is in the right hands Importance of support from senior executives Unconditional collaboration in moments of crisis Importance of a good cultural environment relationships, innovations, entrepreneurship, team collaboration Define protocols and clear channels of communication Regular evaluation of the IT infrastructure vulnerability analysis, update protocols.
If the plans were in place, it would have been easier for the CIO to stop the attack faster and perhaps backup data centers running the site live while preventing the data from intrusion. You are commenting using your WordPress.
You are commenting using your Facebook account. If law enforcement is involved, then the company has the obligation to notify the consumer.
iPremier Case Study by Stefan Leonhardt on Prezi
Reacting to client calls, we promptly contacted our data center, Qdata, and worked with them to identify and correct the problem. Such an intrusion should be regarded as an opportunity to evaluate the security infrastructure and to improve on existing emergency procedures should an ipremisr happen again. Did you settle on 2 or 3?
I regret this event took place, but please know that I take your privacy very seriously, and I ipemier do everything in my power to protect your personal information.
Management Management at iPremier consisted of young people who had been with the company for some time and a group of experienced managers Well educated technical and business professionals with high performance reputation Values: Warren Spangler We have a problem…. Fourth, the management of QData was reckless enough to allow intrusion by failing to implement basic mechanism such as employing security experts and building better network intrusion prevention tools.
Having your own security experts helps a company, especially if you are storing data such as in this eCommerce company. On January 12, several callers informed our technology department that they were unable to access our website. You can be confident that our computer security experts continue to address the situation and have already taken steps to strengthen our data-related security.
Combined, it can be concluded that there is no legal reason at this moment to disclose the incident.
The iPremier Company
Provide a copy of the letter you would write to customers and be prepared to read it aloud in class for us to discuss. In this case, when the network was hacked, the employees did not know the guiding procedure to follow.
In keeping with the best industry security practices, please remember studu iPremier will never ask you to provide or confirm information including credit card numbers. Even though the security breach lasted for only a short time, it provided some valuable lessons. Provide arguments to support a decision to do nothing and continue business as usual. Pull the plug, credit cards can be stolen.
Reassure Customers about Security Notifying customers gives iPremier the opportunity to communicate to customers how important security is to the company, to speak about the changes the company would like to enact to strengthen security technology and protocols, and to work more closely with financial institutions and law enforcement officials to ensure customer cawe.
The iPremier Company
There are three main reasons to disclose this situation to the legislators and the public; legal, economical, and moral. The way the company responds to its first intrusion servers as a reference point for all constituents consumers, media, investors, etc. Third, QData had no procedures to prevent the intrusion or stop the intrusion. What course of action would you recommend? You are commenting using your Twitter account. Public relations Inform the press and customers about: January 17, Dear Loyal iPremier Consumer: The network security employee was vacationing in Aruba and QData did not manage to have his back up replacement.
If the attack had been more serious and customer credit card information had been stolen, the course of action would have different. However, three constraints were blocking the way to have a new data company to replace QData.
Because there is not a real threat of information being stolen, the argument of moral is not relevant; customers would feel overly threatened by something which is in fact not really dangerous.
Without employing security experts, QData was nothing more cse a data storage company, which does not prevent intrusion, but also does not assist in examining the attack. The IT department employees were not able to fully understand the nature of attack.
Documents Flashcards Grammar checker.