In: Business and Management

Submitted By rubies44
Words 287
Pages 2
Ipremier Denial Of Service Case

1. Premier was unprepared for the 75 minutes attack. This might have come due to too much faith in the Qdata’s abilities to control these situation and lack of vision with regards to any threats. Every ones reaction was that of panic because there were no crisis management strategy or disaster plans in place. As the communication lines got crossed and broke down, the sense of panic at iPremier grew higher with no defined plan on how to get out of it.
2. We would have had a teleconference with all the Technical Executives to discuss their risk assessment measures, then we would also included the Qdata key point of contact on the issue at hand to discuss possible recovery plan for this situation. The legal advisor will be asked to listen in on this conversation so he can better understand the situation and provide legal advice for the plan.
3. Despite the sense of professionalism maintained by Turley and Ripley it was clear that the company has no procedures in place to deal with infrastructure risk at any level. Needless to say that if this or any similar attack occurred during high traffic time the consequences might be excessive to the infrastructure, business and the reputation of the company. It was clear in the case that Jack hired Bob to create and implement proper policies and procedures for the infrastructure risk management. To do this, iPremier has to assess all known threats to the infrastructure risk matrix and develop procedures to immediately identify the type and risk. These threats would need to be continually assessed as new ones emerge and identification would determine the proper procedures defending against them. Additionally,…...

Similar Documents

Ipremier Case Write Up

...The first reason for the deficient attention to security exhibited by the management of iPremier is the focus on short term gains which is deeply imbedded in the company's culture. Many times in this case concern was expressed about what the stock price would be the following morning. There is too much attention on the stock price, which in turn plays back into the short-term focus. Companies that focus on a short-term "earnings game" often lose focus of their long term strategy, and thus causes more harm than good. Another reason for the lack of focus on security within the management ranks is the fact that the ownership of the company’s incentive package encouraged that behavior. A number of employee’s compensation incentives should have been tied to security so that those numbers were pursued as aggressively as a climbing stock price. The company’s governing values, does not even include any reference to any value delivered to the customer; it only references the internal needs and wants of the management. A revised corporate mission and value statement should be considered and more resources directed to the IT department and other operational departments with focus on long term effectiveness. A third area to study is the high turn-over rate in the management ranks. It appears most employees are fearful of losing their jobs, “unsuccessful managers did not last long”, and they appear interested in only boosting their stock option plan. Individuals are forced to perform......

Words: 386 - Pages: 2

The Ipremier Company (a): Denial of Service Attack

...Case Analysis The iPremier Company (A): Denial of service Attack Case 2—2 MIS 606- Management Information Systems 4 December 2012 Summary of the problem The case presents a specific problem that has taken place in iPremier, a Seattle based company that was founded in 1996 by two students from Swathmore College and had become one of a few success web-based commerce, selling luxury, rare, and vintage goods over the Internet. It was exactly on January 12, 2007, when iPremier Web servers were brought to a standstill. The Web site of the company was locked up; neither employees nor customers can access the site due to a distrusted denial-of-service (DDoS) hacker attack. At that time, the company CIO, Bob Turley, who was recently hired, was out of the town on a mission, and that made the situation even worse. The problem was soon spread reaching the CEO! The shocking finding was the outdated emergency procedures. Eventually after 75 minutes the problem was solved and the main champion in my opinion was luck! Unstructured actions were taken to overcome this attack. The corrective action was taken but still iPremier will need to come up with preventive action for similar situations because this might threaten its existence. The technology The case discussed different technologies: distributed denial of service (DDoS) attack, firewall, and information security mainly in case of crisis. DDoS is a type of web attack that seeks to disrupt the normal......

Words: 1713 - Pages: 7

Pom 651

...AUSTIN JEREMY C. SHORT iPremier (A): Denial of Service Attack (Graphic Novel Version) October 16, 2008… ________________________________________________________________________________________________________________ HBS Professor Robert D. Austin prepared the original version of this case, “The iPremier Company (A): Denial of Service Attack,” HBS No. 601-114. This graphic novel version was prepared jointly by HBS Professor Robert D. Austin and Professor Jeremy C. Short of Texas Tech University. The authors gratefully acknowledge the contributions of Rachael Simmons (pencils), Will Terrell (inking), and Tessa Short (lettering) in developing the case. The situation described in this case is fictional. Any resemblance to actual companies, offerings, or individuals is accidental. HBS cases are developed solely as the basis for class discussion. Cases are not intended to serve as endorsements, sources of primary data, or illustrations of effective or ineffective management. Copyright © 2009 President and Fellows of Harvard College. To order copies or request permission to reproduce materials, call 1-800-545-7685, write Harvard Business School Publishing, Boston, MA 02163, or go to www.hbsp.harvard.edu/educators. This publication may not be digitized, photocopied, or otherwise reproduced, posted, or transmitted, without the permission of Harvard Business School. Purchased by: Joohon Lee blade3126@yahoo.com on October 27, 2013 609-092 iPremier (A): Denial of......

Words: 928 - Pages: 4

Ipremier Case Study

...Question 1 The employees at iPremier all performed well except for Bob Turley, CIO. In this case, even having one employee not perform well, meant that the company overall performed poorly. The overnight or third shift had an immediate response to the attack by taking the initiative to call the CIO at 4:30 am to inform him about the malicious incident and to drive down to the data center because no one on the Qdata phone was being helpful. Bob Turley should have pulled the plug much sooner. He had been working at iPremier for nearly three months and should have been aware of the company’s limited hacker defense capabilities. That awareness would have meant that iPremier was very vulnerable to anything beyond the most basic cyber-attacks. There was suspicion that the hackers could be stealing credit card information, yet he left the system up and running. The plug was only pulled after the legal counsel advised him to do so. Every second waiting to pull the plug could have been more and more damaging to the company, customers, and employees. A worst case scenario must be assumed in such a vulnerable situation. Another mishap was when Bob told an employee not to call the police because it could hurt the stock price. The stock price should not have been Bob’s most pressing concern considering law enforcement has resources available to assist iPremier in identifying or defending against the attack. There was also precious time wasted by waiting for his boss to call before......

Words: 663 - Pages: 3

Zara & Ipremier Strategic Information Systems

...Zara & IPremier: Strategic Information Systems 1 (a): Zara, at the time of the case had a low-cost, robust and reliable POS system. If the system broke down, the solution was simply to reboot it or reinstall the software. It is evident that Zara when considering Nolan & McFarlan's (2005) ‘IT Impact Grid’, is in support mode and is not highly dependable on IT. Also, Zara is not concerned with innovation in terms of technology, the key element of it’s strategy is to grow and increase the number of it’s stores. This puts into question the need for a new POS system, as it’s existing system is strategically aligned to low-cost and easy to implement replication across new stores. The implementation of a new POS system at Zara would create a number of risks, three of which are discussed below: operational risks due to IT dependency, overspending and disruption to business processes and knowledge. As Carr (2003) discusses, implementing a new POS system would introduce a number of operational risks such as technical glitches, obsolescence, service outages, unreliable vendors or partners, security breaches etc. With a new system, disruption or outages could paralyse Zara’s operating systems and processes such as: the ordering and delivery process; the flow of information sharing with headquarters (and possibly other stores); the POS transactional process; the customer experience; and in turn the customer satisfaction. Also, with the existing system, each store is hard wired......

Words: 1463 - Pages: 6


...THE iPREMIER COMPANY (A): Denial of Service Attack By Robert Austin November 19, 2003 DPDN Brian Dyrud Jennifer Paterson Paul Davidson Lindsay Neal BACKGROUND: iPremier, a Seattle based company, was founded in 1994 by two students from Swathmore College. iPremier had become one of the only success stories of web-based commerce, selling luxury, rare, and vintage goods over the Internet. Most of iPremier’s goods sell for under $200 and the customer buys the products online with his or her credit card. iPremier’s competitive advantage is their flexible return policies which allows the customer to thoroughly check out the product and make a decision to keep the product or return it. The majority of iPremier customers are high end and credit limits are not a problem, which also adds to the competitive advantage of utilizing their entire customer base. During 1999 the company reached a profit of $2.1 million on sales of $32 million. Sales had increased by 50% during the last three years and they were in an upward trend. iPremier’s stock nearly tripled after the company’s Initial Public Offering in 1998 and had continued to grow since the IPO, and eventually the stock tripled again. iPremier was one of the few companies to survive the technical stock recession of 2000. Management at iPremier consisted of young people who had been with the company from the start and a group of experienced managers that were brought in over time as the company grew.......

Words: 3910 - Pages: 16

Ipremier Case

...Introduction The iPremier Company was founded in 1996 by two students at Swarthmore College and grew to become the second largest web-based retail business selling luxury, rare, and vintage goods. The company's customer base was high-end, with most of the products priced between fifty and a few hundred dollars and a small number of items priced in the thousands of dollars. Its return policy was flexible, which gave customers the opportunity to examine products before deciding whether to keep them. The company went public in 1998, and its stock price experienced rapid growth throughout 1998 and 1999. The stock price was hit hard during the DotCom Crash of 2000, but, unlike many of its competitors in the business-to-consumer segment, the company was able to survive by streamlining and focusing its business to achieve profitability. In January 2007, iPremier experienced a denial of service ("DoS") attack, which prevented access to the website and the internal web server. It was unclear at the time whether this was a DoS attack, or something deliberate. Though the attack appeared to be harmless in the end, the incident brought to light the fact that iPremier was ill-equipped to deal with breaches of network security. The incident highlighted three major shortcomings of the company's existing network security infrastructure: (1) a third party was responsible for the company's internal network security, (2) iPremier's information technology was outdated, and (3) iPremier's......

Words: 2896 - Pages: 12


...The iPremier Company: Denial of Service Attack 1. In your opinion, how well did iPremier perform during the 75 minute attack? It is clear that iPremier was not prepared for any sort of cyber attack, and their subpar performance during the 75 minutes was a clear representation of their operational deficiencies, lack of preparedness, and lack of leadership. This led to a complete disregard of any formal procedures and caused many involved to fall for common psychological traps. On page 281, Applegate lists four key emotional obstacles that must be overcome during an incident: 1) Emotional responses, including confusion, denial, fear, and panic, 2) Wishful thinking and groupthink, 3) Political maneuvering, diving for cover, and ducking responsibility, and 4) Leaping to conclusions and blindness to evidence that contradicts current beliefs. From the very beginning of the incident, there was confusion and panic with the people involved. However, amongst the panic, everyone did a decent job of prioritizing the safety of the customer’s information. Without a formal plan, it obviously took longer to diagnose the problem and to determine solutions, but Bob Turley did a good job of keeping everyone focused on the customers. However, he did not offer much support to Joanne Ripley, the one person who was actively trying to identify and fix the problem. For example, Turley didn’t even acknowledge the issue with Qdata when Ripley brought it to his attention during their first......

Words: 1850 - Pages: 8

Case Analysis: the Ipremier Company - Denial of Service Attack

...Case Analysis: The iPremier Company - Denial of Service Attack Matthew M. Lambert Introduction: The e-commerce landscape is littered with the remnants of companies that didn’t survive the meteoric dot com boom and subsequent bust that began in the late 1990s. iPremiere Company, however, was the exception to the rule. Created by two college students in 1996, the web-based company had solidified its business position as a top online retailer of high-end, luxury goods with $32 million in sales and $2.1 million in profit for 2006. Consumers bought directly from iPremiere using credit cards, which were then stored on the company’s servers. In 2007, computer hackers launched a Denial of Service (DoS) attack on iPremiere’s website, temporarily shutting down the website and taunting iPremiere with emails. The possibility of hackers breaching its security firewall is extremely troubling because it puts customer financial information at risk and the loss of this public trust would be disastrous for iPremiere. The purpose of this paper is to assess why iPremiere was vulnerable to attack, examine their approach to both IT risk management and crisis communications and offer recommendations that foster customer trust and company profitability in the future. SWOT Analysis A brief SWOT analysis shows that iPremier’s strengths include good placement in the e-commerce marketplace and a highly experienced and productive team of managers and software developers dedicated to meeting......

Words: 1167 - Pages: 5

Ipremier Case Study

...iPremier Case Study Abstract In Seattle, Washington in 1996 two students at Swarthmore College, start iPremier Company, which is a web-based commerce. The company sells luxury, rare and vintage goods over the internet. The selling range of the items is between 50- a couple of hundred. Since everything is done, online credit cards are used for purchases. One of the advantage of iPremier is the flexible return policies, it gives the customer an opportunity to decide if they want the products or not. iPremier Company iPremier is one of the top retail business that sell the luxury items, profiting $2.1 million on sales $32millions in 2006. Since then sale has grown over 20% annually. There was a decrease, but everything works itself out. Upper management describes working at iPremier as intense. .Qdata is the company that host iPremier computer equipment and provided connectivity to the internet (Austin and Murray, 2007). Although Qdata offers monitoring of website for customer and network operation, they had not invested in advanced technology and was not able to keep staff. During 75-minute attack how well did they iPremier perform. What would you have done differently if you was Bob Turley Bob Turley is new Chief Information Officer and is currently in New York on business. AT 4.31 am he received a call, from the network been hack and wired email received with just the word “Ha”. The site was a DoS attack coming from about 30......

Words: 967 - Pages: 4

Brief on Advanced Operations

...depth of the attack. You cant know that. * iPremier had planned on moving their computing services to another location; however, they had not ranked that as their top priority. * In fact, iPremier had even turned off their logging capabilities because running it would result in a 20% drop in performance. * iPremier needs to realize the importance of security, especially in the e-commerce world where there is unlimited access through the Internet to valuable customer information. Security needs to be a top priority. * Without executive support, it is unlikely the security problem will be solved. Some changes need to be undertaken to effectively solve their security problem. Their existing contract with Qdata needs to be renegotiated. * This will allow employees at iPremier to act as consultants for Qdata and help them upgrade their existing system. The consulting time will be an added cost, however it is far less expensive to consult rather than hiring another outsourcing client. * Another key recommendation is for iPremier to separate its webserver from its critical system, this will help to eliminate access to Dyrud, Davidson, Neal, Paterson important information by a hacker. No system is totally safe from an attack but the segregation of systems will help to deter amateur hackers. * iPremier needs to develop a plan of attack if they under go a......

Words: 10653 - Pages: 43


...How well did this company perform during the attack? iPremier, like most, performed at a high level during the attack. What I mean by that is that it appears from the reading that the entire company, or those responsible, took the approach of “all hands on deck”. It is in moments like this where people are generally thinking quickly, and sometimes out of the box. This helped to managed a correlated effort to resolve the issues. This is not to say that they didn’t have places for improvement. From the design of the article, there were traces that alluded to the fact that this was something that wasn’t planned on or prepared for. Almost as if security was a second tier concern of the company. For the CIO to be sitting on the ground when the bad news came, sends a message that there was a “surprise” that this type of thing could happen. This “it can’t happen to me” syndrome is the outcome of, either, an unprepared company or one in denial; no pun intended. Overall the outcome was good, so the performance must be measured on the outcome. What should they have done differently, before or during the event? After reviewing the Technical Architecture, it was clear that there was no DMZ established to help with such an attack. Whether this was just missing from the diagram or actually missing isn’t clear, but assuming the diagram to be correct, it is clear that there were very few cautions taken to protect the company/customer information from attacks. To have the......

Words: 493 - Pages: 2

How to Write a Teaching Case

...this case and showing me how to teach it.) The case is excellent because it starts with the company (strategic level), proceeds to describe a new situation and a new process (organizational or business logic level) and then introduces the problem (operational level.) Analyzing the operational details leads to one conclusions, which can then be discussed in terms the organization and its business logic, which can then be placed into a strategic context. The case is excellent because it allows links between these levels – and also teaches the students that the devil indeed resides in the details, and that you as a manager better be very close to how the business you are leading works and makes money. iPremier-front-pageA second case which shows quality and innovation is iPremier, written by Robert D. Austin and Jeremy C. Short, the first and only graphic novel (cartoon) case I am aware of. The story is about a small online gift company being attacked by hackers, exposing glaring gaps in their security procedures and forcing managers at various levels to make some really hard decisions. The graphic format is excellent in making the various characters real (though they, on average, tend to be way too good-looking for a normal business situation), illustrates technical issues in a way that is very understandable even by non-technology students, and has a cracking good storyline with a B and a C case. I like to introduce a few technical cases in my courses because, well, I don’t......

Words: 1469 - Pages: 6

Badm 350

...Assignment #3: iPremier BADM 350 1. How well did the iPremier Company perform during the seventy-five-minute attack? If you were Bob Turley, what might you have done differently during the attack? Normally, a company would follow emergency procedures while dealing with crises, but in iPremier’s case, there was no emergency procedure available. Under these circumstances, and with no prior experience with security breaches, I believe the company performed well. Bob Turley communicated well with the other members of the company, but if I were in his shoes, I would have been more conservative and acted faster. In responding to the crisis, there were two main issues that iPremier faced – understanding the attack, and restoring order. First, regarding understanding the nature of the attack, I believe Leon performed poorly. He did not come up with any hypotheses for what had happened, nor did he fully explain the enemies that his company might have created through World of Warcraft. On the other hand, Joanne made the correct decision to go to Qdata in person to look at the traffic going in to iPremier’s site, and figure out the details of the attack from there. As for restoring order, both Tim and Stewart gave Bob their professional opinion, and explained to him their views on pulling the plug. If I were in Bob Turley’s shoes, I would have decided to pull the plug as soon as I heard both sides of the plug-pulling argument. Tim said that pulling the plug would destroy the......

Words: 592 - Pages: 3

Ipremer Company

...Question 4: What, if anything should they say to customers, investors, and the public about what has happened? Wow, this is a very tough question to answer. I sort of feel like the case study ended up abruptly without very much information about what actually happened. My initial response would be to not say anything until further investigation could be done on what actually happened. The case didn’t say if any customers had been alarmed to the fact that the website was under attack. Reporting a possible attack would only ruin the reputation of the company as a whole, decrease the stock price therefore causing investors to panic and the general public would have an overall bad taste in their mouth when ipremier was mentioned. The only real reason a company would report the attack to customers was if there credit information or identities had been compromised. Unfortunately the case didn’t state whether their credit or identity information had actually been compromised. The investors would only need to be notified if they actually had hard evidence of an actual problem occurring. The good news is that the attack only lasted 75 minutes and most people were sleeping during the attack. So the company has some time before they decide if a statement should be released. My recommendations would be for this company would be to do the investigation to determine what if anything was compromised. Additionally to go full force into...

Words: 279 - Pages: 2