...Analysis: The iPremier Company - Denial of Service Attack Matthew M. Lambert Introduction: The e-commerce landscape is littered with the remnants of companies that didn’t survive the meteoric dot com boom and subsequent bust that began in the late 1990s. iPremiere Company, however, was the exception to the rule. Created by two college students in 1996, the web-based company had solidified its business position as a top online retailer of high-end, luxury goods with $32 million in sales and $2.1 million in profit for 2006. Consumers bought directly from iPremiere using credit cards, which were then stored on the company’s servers. In 2007, computer hackers launched a Denial of Service (DoS) attack on iPremiere’s website, temporarily shutting down the website and taunting iPremiere with emails. The possibility of hackers breaching its security firewall is extremely troubling because it puts customer financial information at risk and the loss of this public trust would be disastrous for iPremiere. The purpose of this paper is to assess why iPremiere was vulnerable to attack, examine their approach to both IT risk management and crisis communications and offer recommendations that foster customer trust and company profitability in the future. SWOT Analysis A brief SWOT analysis shows that iPremier’s strengths include good placement in the e-commerce marketplace and a highly experienced and productive team of managers and software developers dedicated to meeting company expectations...
Words: 1167 - Pages: 5
...Question 1 The employees at iPremier all performed well except for Bob Turley, CIO. In this case, even having one employee not perform well, meant that the company overall performed poorly. The overnight or third shift had an immediate response to the attack by taking the initiative to call the CIO at 4:30 am to inform him about the malicious incident and to drive down to the data center because no one on the Qdata phone was being helpful. Bob Turley should have pulled the plug much sooner. He had been working at iPremier for nearly three months and should have been aware of the company’s limited hacker defense capabilities. That awareness would have meant that iPremier was very vulnerable to anything beyond the most basic cyber-attacks. There was suspicion that the hackers could be stealing credit card information, yet he left the system up and running. The plug was only pulled after the legal counsel advised him to do so. Every second waiting to pull the plug could have been more and more damaging to the company, customers, and employees. A worst case scenario must be assumed in such a vulnerable situation. Another mishap was when Bob told an employee not to call the police because it could hurt the stock price. The stock price should not have been Bob’s most pressing concern considering law enforcement has resources available to assist iPremier in identifying or defending against the attack. There was also precious time wasted by waiting for his boss to call before Bob...
Words: 663 - Pages: 3
...THE iPREMIER COMPANY (A): Denial of Service Attack By Robert Austin November 19, 2003 DPDN Brian Dyrud Jennifer Paterson Paul Davidson Lindsay Neal BACKGROUND: iPremier, a Seattle based company, was founded in 1994 by two students from Swathmore College. iPremier had become one of the only success stories of web-based commerce, selling luxury, rare, and vintage goods over the Internet. Most of iPremier’s goods sell for under $200 and the customer buys the products online with his or her credit card. iPremier’s competitive advantage is their flexible return policies which allows the customer to thoroughly check out the product and make a decision to keep the product or return it. The majority of iPremier customers are high end and credit limits are not a problem, which also adds to the competitive advantage of utilizing their entire customer base. During 1999 the company reached a profit of $2.1 million on sales of $32 million. Sales had increased by 50% during the last three years and they were in an upward trend. iPremier’s stock nearly tripled after the company’s Initial Public Offering in 1998 and had continued to grow since the IPO, and eventually the stock tripled again. iPremier was one of the few companies to survive the technical stock recession of 2000. Management at iPremier consisted of young people who had been with the company from the start and a group of experienced managers that were brought in over time as the company grew. IPremier’s...
Words: 3910 - Pages: 16
...iPremier Case Study Abstract In Seattle, Washington in 1996 two students at Swarthmore College, start iPremier Company, which is a web-based commerce. The company sells luxury, rare and vintage goods over the internet. The selling range of the items is between 50- a couple of hundred. Since everything is done, online credit cards are used for purchases. One of the advantage of iPremier is the flexible return policies, it gives the customer an opportunity to decide if they want the products or not. iPremier Company iPremier is one of the top retail business that sell the luxury items, profiting $2.1 million on sales $32millions in 2006. Since then sale has grown over 20% annually. There was a decrease, but everything works itself out. Upper management describes working at iPremier as intense. .Qdata is the company that host iPremier computer equipment and provided connectivity to the internet (Austin and Murray, 2007). Although Qdata offers monitoring of website for customer and network operation, they had not invested in advanced technology and was not able to keep staff. During 75-minute attack how well did they iPremier perform. What would you have done differently if you was Bob Turley Bob Turley is new Chief Information Officer and is currently in New York on business. AT 4.31 am he received a call, from the network been hack and wired email received with just the word “Ha”. The site was a DoS attack coming from about 30 locations...
Words: 967 - Pages: 4
...The iPremier Company: Denial of Service Attack 1. In your opinion, how well did iPremier perform during the 75 minute attack? It is clear that iPremier was not prepared for any sort of cyber attack, and their subpar performance during the 75 minutes was a clear representation of their operational deficiencies, lack of preparedness, and lack of leadership. This led to a complete disregard of any formal procedures and caused many involved to fall for common psychological traps. On page 281, Applegate lists four key emotional obstacles that must be overcome during an incident: 1) Emotional responses, including confusion, denial, fear, and panic, 2) Wishful thinking and groupthink, 3) Political maneuvering, diving for cover, and ducking responsibility, and 4) Leaping to conclusions and blindness to evidence that contradicts current beliefs. From the very beginning of the incident, there was confusion and panic with the people involved. However, amongst the panic, everyone did a decent job of prioritizing the safety of the customer’s information. Without a formal plan, it obviously took longer to diagnose the problem and to determine solutions, but Bob Turley did a good job of keeping everyone focused on the customers. However, he did not offer much support to Joanne Ripley, the one person who was actively trying to identify and fix the problem. For example, Turley didn’t even acknowledge the issue with Qdata when Ripley brought it to his attention during their first conversation...
Words: 1850 - Pages: 8
...Introduction The iPremier Company was founded in 1996 by two students at Swarthmore College and grew to become the second largest web-based retail business selling luxury, rare, and vintage goods. The company's customer base was high-end, with most of the products priced between fifty and a few hundred dollars and a small number of items priced in the thousands of dollars. Its return policy was flexible, which gave customers the opportunity to examine products before deciding whether to keep them. The company went public in 1998, and its stock price experienced rapid growth throughout 1998 and 1999. The stock price was hit hard during the DotCom Crash of 2000, but, unlike many of its competitors in the business-to-consumer segment, the company was able to survive by streamlining and focusing its business to achieve profitability. In January 2007, iPremier experienced a denial of service ("DoS") attack, which prevented access to the website and the internal web server. It was unclear at the time whether this was a DoS attack, or something deliberate. Though the attack appeared to be harmless in the end, the incident brought to light the fact that iPremier was ill-equipped to deal with breaches of network security. The incident highlighted three major shortcomings of the company's existing network security infrastructure: (1) a third party was responsible for the company's internal network security, (2) iPremier's information technology was outdated, and (3) iPremier's standards...
Words: 2896 - Pages: 12
...Ipremier Denial Of Service Case 1. Premier was unprepared for the 75 minutes attack. This might have come due to too much faith in the Qdata’s abilities to control these situation and lack of vision with regards to any threats. Every ones reaction was that of panic because there were no crisis management strategy or disaster plans in place. As the communication lines got crossed and broke down, the sense of panic at iPremier grew higher with no defined plan on how to get out of it. 2. We would have had a teleconference with all the Technical Executives to discuss their risk assessment measures, then we would also included the Qdata key point of contact on the issue at hand to discuss possible recovery plan for this situation. The legal advisor will be asked to listen in on this conversation so he can better understand the situation and provide legal advice for the plan. 3. Despite the sense of professionalism maintained by Turley and Ripley it was clear that the company has no procedures in place to deal with infrastructure risk at any level. Needless to say that if this or any similar attack occurred during high traffic time the consequences might be excessive to the infrastructure, business and the reputation of the company. It was clear in the case that Jack hired Bob to create and implement proper policies and procedures for the infrastructure risk management. To do this, iPremier has to assess all known threats to the infrastructure risk matrix...
Words: 287 - Pages: 2
...Brief 1. Advance Operations * 90 % behavior and 10% what you know, that’s why the teacher tells us that in businesses, machines are very easy to learn inside out but when the people comes in the picture is when we have a problem. Behavior has a massive content in respect to success. * A sense of leadership combined with strong authority causes people to lift their spirit up and wakes up a sense of fellowship. * In Shackleton’s time there wasn't a lot of knowledge on those technologies being used. That combined with the pressure of the countries competing with each other to discover places around the world. * These competition kind of resembles todays fight in the automobile industry.Efficient use of time , as explained and used in operations is a very important way to find improvement. * Gravity waves: These waves are generated in a fluid medium or at the interface between two media when the force of gravity. An example of such an interface is that between the atmosphere and the ocean, which gives rise to wind waves. * Examples of leadership in Shackleton’s: He Invented the power bar ( found the right logistics for food), as a leader you have to seek informal contact at times which is more important at times that formal contact. * As a leader you can never extinguish HOPE . Is a vital element to lift up the spirit. * Competitiveness in...
Words: 10653 - Pages: 43
...provides an enterprise-wide perspective on the management of information technologies (IT), software applications and the operational processes they support, and the data and knowledge that inform business processes and decisions. The course focuses on how IT professionals and non-technical managers work together to ensure that applications and data are aligned with organizational strategy and business processes. The cases and readings examine how companies in various industries use IT to serve customers well, manage operations efficiently, coordinate with business partners, and make better business decisions. A key theme -- IT as a double-edged sword -- reflects a central challenge: how to maximize the strategic benefits of investments in hardware and software, while minimizing accompanying technical and business risks. The course places equal weight on technical and managerial skills. Our primary objective is to help students prepare to be effective contributors to IT initiatives in partnership with IT professionals, including external service providers here and abroad. Course Learning Objectives: · Understand how information systems – comprised of hardware, software, databases and knowledge repositories, networks and people -- support intra- and inter-organizational transaction processing,...
Words: 7908 - Pages: 32
...TEXAS STATE UNIVERSITY McCoy College of Business Administration Department of CIS & QM – Spring 2015 CIS 5318 – Information Technology in Digital Economy Monday/Wednesday 6:30 – 9:15 pm Instructor: Dr. Vivek Shah Office: McCoy 457 Office hours: Wen: 4:30 – 6:00 (Round Rock Campus); TTH: 3:30 to 4:30; M: 4:30 to 6:00 (San Marcos Campus) or by appointment Phone: 512.245.2049 (My office) 512.245.2291 (Dept. office) 512.413.5419 (Cell) Email: vs01@txstate.edu COURSE DESCRIPTION This course is directly concerned with the management issues surrounding information and telecommunications systems. It presents the ingredients of management knowledge necessary for success in the management of information technology. This course views information technology from the perspective of managers at several levels--from the CEO to the first line manager. It provides frameworks and management principles that current or aspiring managers can employ to cope with the challenges inherent in the implementation of rapidly advancing technology. The course presents fundamental knowledge essential to managing an information technology successfully within a larger organization. It considers strategic and operational issues, the significance of rapidly advancing technology, and human and organizational issues related to technology introduction and use. The course describes management systems and models of successful behavior that capitalize on opportunities...
Words: 4760 - Pages: 20