iPremier Case Study. EF. Edward Ferguson. Updated 26 November Transcript. iPremier Denial of Service Attack. Handlers. Zombies. Victim. Attacker. Founded in ; Based in Seattle Washington; Web-based commerce; Sell luxury, rare, and vintage goods; Customers mainly high-income. Develop their own security and facilities for storing data. Upgrade and maintain emergency procedures. Long Term Implementation.

Author: Akile Totilar
Country: Brazil
Language: English (Spanish)
Genre: Business
Published (Last): 13 March 2016
Pages: 25
PDF File Size: 2.35 Mb
ePub File Size: 14.48 Mb
ISBN: 492-6-14775-925-5
Downloads: 86910
Price: Free* [*Free Regsitration Required]
Uploader: Kall

Our Stusy Technology department implemented a full array of emergency procedures to protect our computer systems, website, and customer information. Economical As soon as the company pulled the plug, they would have to give an explanation to customers.

Even though the security breach lasted for only a short time, it provided some valuable lessons. Provide arguments to disclose to customers the potential for a breach.

The network security employee was vacationing in Aruba and QData did not manage to have his back up replacement.

Still, there are several other reasons to disclose to customers the potential for a breach: Without employing security experts, QData was nothing more than a data storage company, which does not prevent intrusion, but also does not assist caase examining the attack.

QData was certainly not the company iPremier would have outsourced their data works to. The company was not prepared and employees had no knowledge of disaster recovery plan in an emergency situation. It is best for customers to hear about company mistakes directly from iPremier, studt than hearing it from third party sources, which could make the situation even more catastrophic.

The IT department employees were not able to fully understand the nature of attack.

Ipremiier there is not a real threat of information being stolen, the argument of moral is not relevant; customers would feel overly threatened by something which is in fact not really dangerous. Moreover, the plan that Joanne had was out of date. Fundraising presentation – Alliance for a Healthier Generation. As a result, iPremier can take credit for the way they address the problems forensics investigations, cooperation with financial institution, etc.


Second, QData was least cooperative in stopping the attack. Technically Qdata is the responsible party in this case. If the attack stidy been more serious and customer credit card cae had been stolen, the course of action would have different. It is critical for a business to develop a business continuity plan and train its employees because the disasters do not come forewarned.

Public relations Inform the press and customers about: By continuing to use this website, you agree to their ipremisr. I personally promise to update you with additional information as it becomes available to me. Legal US law about security breach disclosure is rather vague and leaves significant room for interpretation.

iPremier – Harvard Business School Case | Harvard Business School Cases

However, this particular incident, albeit sophisticated, seems not to have truly threatened the integrity of customer data, as it was only directed at the firewall of the system.

Make it a One-Day Story Communicating with the public early can reduce the chances that ztudy media will leak details of the story in reports or publish critics.

This would ipdemier a loss of customers, because people would lose trust that their data is secure with this company. Management Management at iPremier consisted of young people who had been with the company for some time and a group of experienced managers Well educated technical and business professionals ipremirr high performance reputation Values: In turn, this would threaten the future of the company and is therefore not worth it.

How did Ipremier Perform?

The iPremier Company

You are commenting using ipremied Facebook account. The company faced serious security issues, which led to their immediate downfall. Importance of contingency planning Handling core business operations in a responsible and careful manner make sure the core business is in the right hands Importance of support from senior executives Unconditional collaboration in moments of crisis Importance of a good cultural environment relationships, innovations, entrepreneurship, team collaboration Define protocols and clear channels of communication Regular evaluation of the IT infrastructure vulnerability analysis, update protocols.


Although the interruption to our website lasted less than 75 minutes, we intend to continue the investigation into the source of the intrusion. The profits should have been secondary to customer data security because the business was built on trust and losing customer confidence to shop on the website would prove fatal for the company.

Notify me of new comments via email.

Second, company focused on immediate profits more than data security. Their information could, for instance, be used for identity theft and credit card fraud. Although personal relationships are foundation of most deals made in business, Raj should not have compromised with the customer data security by allowing an unsecure and unreliable data company to host iPremier website and retain customer data.

Leave a Reply Cancel reply Enter your comment here Pull the plug, credit cards can be stolen.

Reacting to client calls, we promptly contacted our data center, Qdata, and worked with them to identify and correct the problem. Having your own security experts helps a company, especially if you are storing data such as in this eCommerce company.

In general, when security has been severely breached and personal data, such as addresses, purchases, or credit card information, has been stolen, a company is required by law to disclose this event. If the plans were in place, it would have been easier for the CIO to stop the attack faster and perhaps backup data centers running the site live while preventing the data from intrusion.