iPremier Case Study. EF. Edward Ferguson. Updated 26 November Transcript. iPremier Denial of Service Attack. Handlers. Zombies. Victim. Attacker. Founded in ; Based in Seattle Washington; Web-based commerce; Sell luxury, rare, and vintage goods; Customers mainly high-income. Develop their own security and facilities for storing data. Upgrade and maintain emergency procedures. Long Term Implementation.
|Published (Last):||8 April 2018|
|PDF File Size:||15.91 Mb|
|ePub File Size:||14.80 Mb|
|Price:||Free* [*Free Regsitration Required]|
The network security employee was vacationing in Aruba and QData did not manage to have his back up replacement. This would cause a loss of customers, because people would lose trust that their data is secure with this company.
Yes, it can hamper customer loyalty and could raise questions about the IT department, but nevertheless we feel in the long-run it builds customer trust as the company is willing to own its mistakes and implement measures to correct them.
iPremier and Denial Of Service Attack — Case Study
However, the negative side of informing the customers about this particular event is that customers would get nervous and would worry. How did Ipremier Perform? However, regardless of the severity of the attack, iPremier still has a moral obligation to let their customers know about the security breach.
On January 12, several callers informed our technology department that they were unable to access our website.
Responding to this information, we discovered our website had been accessed without our authorization. Luckily for iPremier, the attack was upremier a denial of service attack DoS possibly launched by a competitor or a script kiddie Austin, January 17, Dear Loyal iPremier Consumer: In this jpremier, when the network was hacked, the employees did not know the guiding procedure to follow.
The profits should have been secondary to customer data security because the business was built on trust and losing customer confidence to shop on the website would prove fatal for the company.
Fourth, the management of QData was reckless enough to allow intrusion by failing to implement basic mechanism such as employing security experts and building better network intrusion prevention tools.
Our Information Technology department implemented a full array of emergency procedures to protect our computer systems, website, and customer information. Warren Spangler We have a problem…. Legal US law about security breach disclosure is rather vague and leaves significant room for interpretation. Based on the arguments in 2 and 3 we settled on an in-between solution.
I regret this event took place, but please know that I take your privacy very seriously, and I will do everything in my power to protect your personal information.
Technically Qdata is the responsible party in this case. This breach, though very damaging, can provide a great platform to communicate to constituents the changes iPremier intends to make to strengthen security and make it their number one priority. It is critical for a business to develop a business continuity plan and train its employees because the disasters do not come forewarned.
These penalizations can be amplified by class action lawsuit, potentially initiated with victims of the security breach.
iPremier – Harvard Business School Case
A formal contract is not formed in a B2C relationship which places iPremier in the MARKET section of the matrix as it provides goods, processes payments and maintains customer profiles. QData was certainly not the company iPremier would have outsourced their data works to.
In turn, this would threaten the future of the company and is therefore not worth it. Should we pull the plug? Publically disclosing the security breach might cripple the iPremier stock, but this is a chance they need to take if they want to maintain their customer loyalty.
iPremier and Denial Of Service Attack — Case Study – Digital CIO
Having your own security experts helps a company, especially if you stury storing data ipemier as in this eCommerce company. Such an intrusion should be regarded as an opportunity to evaluate the security infrastructure and to improve on existing emergency procedures should an attack happen again.
Leave a Reply Cancel iprekier Enter your comment here However, three constraints were blocking the way to have a new data company to replace QData. Whether or not you recommend disclosure of some kind to customers, please adopt that position for this question only.
This is my legal perspective Peter Stewart. As a result, iPremier can take credit for the way they address the problems forensics investigations, cooperation with financial institution, etc. Avoid Customer Discomfort No customers want to feel that they or their information was at risk for too long before being notified. Moreover, stdy plan that Joanne had was out of date. As no data has been stolen, there is no economical reason to disclose the event.
In keeping with the best industry security practices, please remember that iPremier will never ask you to provide or confirm information including credit card numbers.
Second, QData was least cooperative in stopping the attack. Documents Flashcards Grammar checker. However, this particular incident, albeit sophisticated, seems not to have truly threatened the integrity of customer data, as it was only irpemier at the firewall of the system. Because there is not a real threat of information being stolen, the argument of moral is not relevant; customers would feel overly threatened by something which is in fact not really dangerous.
You are commenting using your WordPress. Make it a One-Day Story Communicating with atudy public early can reduce the chances that the media will leak details of the story in reports or publish critics.
Fundraising presentation – Alliance for a Healthier Generation. Or did you settle on something in between? You can be confident that our computer security experts continue to address the situation and ipre,ier already taken steps to strengthen our data-related security.
The IT department employees were not able to fully understand the nature of attack.
iPremier Case Study by Stefan Leonhardt on Prezi
No Proper Disaster Recovery Plan: The company was not prepared and employees had no knowledge of disaster recovery plan in an emergency situation. There are three main reasons to disclose this situation to the legislators and the public; legal, economical, and moral. Reacting to client calls, we promptly contacted our data center, Qdata, and worked with them to identify and correct the problem.
Public relations Inform the press and customers about: Combined, it can be concluded that there is no legal reason at this stydy to disclose the incident. Not only Casee, iPremier did not employ security experts either in the IT team who could well understand and recommend procedures for the company to keep its data safe.
Third, QData had no procedures to prevent the intrusion or stop the intrusion. The situation will be evaluated according to these three reasons to understand if the company should disclose the event.