iPremier Case Study. EF. Edward Ferguson. Updated 26 November Transcript. iPremier Denial of Service Attack. Handlers. Zombies. Victim. Attacker. Founded in ; Based in Seattle Washington; Web-based commerce; Sell luxury, rare, and vintage goods; Customers mainly high-income. Develop their own security and facilities for storing data. Upgrade and maintain emergency procedures. Long Term Implementation.
|Genre:||Health and Food|
|Published (Last):||26 March 2018|
|PDF File Size:||1.2 Mb|
|ePub File Size:||8.43 Mb|
|Price:||Free* [*Free Regsitration Required]|
As no data has been stolen, there is no economical reason to disclose the event. Whether or not you recommend disclosure of some kind to customers, please adopt that position for this question only. Based on the arguments in 2 and 3 we settled on an in-between solution. Leave a Reply Cancel reply Enter your comment here The company faced serious security issues, which led to their immediate downfall.
iPremier – Harvard Business School Case | Harvard Business School Cases
In keeping with the best industry security practices, please remember that iPremier will never ask you to provide or confirm information including credit card numbers. This would cause a loss of customers, because people would lose trust that their data is secure with this company. Having your own security experts helps a company, especially if you are storing data such as in this eCommerce company.
However, three constraints were blocking the way to have a new data company to replace QData.
Combined, it can be concluded that there is no legal reason at this moment to disclose the incident. The economic implications were not too damaging for iPremier because the intrusion took place in the middle of the night when US customer operations activity was at its lowest. I sincerely regret any inconvenience you may have experienced as a result of an unauthorized intrusion to our website. Still, there are several other reasons to disclose to customers the potential for a breach: A formal contract is not formed srudy a B2C relationship which places iPremier in the MARKET section of the matrix as it provides goods, processes payments and maintains customer profiles.
You are commenting using your WordPress. Technically Qdata is the responsible party in this case. On January 12, several callers informed our technology department that they were unable to access our website.
This is my legal perspective Peter Stewart. If iPremier had security experts in its team, they would have been able to understand the attack and stopped it immediately, even though QData did not have the security ipremief. Notify me of new comments via email. What significant errors did iPremier make that led to its troubles?
iPremier and Denial Of Service Attack — Case Study – Digital CIO
By continuing to use this website, you agree to their use. Luckily for iPremier, the attack was only a denial of service attack DoS possibly launched by a competitor or a script ipremmier Austin, Their information could, for ipreemier, be used for identity theft and credit card fraud.
Our Information Technology department implemented a full array of emergency procedures to protect our computer systems, website, and customer information.
Even though the security breach lasted for only a short time, it ipeemier some valuable lessons. However, the negative side of informing the customers about this particular event is that customers would get nervous and would worry. Avoid Customer Discomfort No customers want to feel that they or their information was at risk for too long before being notified. No Proper Disaster Recovery Plan: The harder a journalist has to dig up information about the breach the more value it will place on the story.
Documents Flashcards Grammar checker.
Provide arguments to disclose to customers the potential for a breach. Or did you settle on something in between?
Furthermore, the level of security seems to be high enough, even though there is some room for improvement. Management Management at iPremier consisted of young people who had been with the company for some time and stud group of experienced managers Well educated technical and business professionals with high performance reputation Values: Responding to this information, we discovered our website had been accessed without our authorization.
Even though it is at night, any downtime ipgemier than a few minutes will be noticed by external stuxy and in the current information age, that would sure be communicated through various means. There were no employees to assist Joanne. Did you settle on 2 or 3?
iPremier – Harvard Business School Case
In general, when security has been severely breached and personal data, such as addresses, purchases, or credit card information, has been stolen, a company is required by law to disclose this event. To find out more, including how to control cookies, see here: Because there is not a real threat of information being stolen, the argument of moral is not relevant; customers would feel overly threatened by something which is in fact not really dangerous.
The IT department employees were not able to fully understand the nature of attack. Make it a One-Day Story Communicating with the public early can reduce the chances that the media will leak details of the story in reports or publish critics.
iPremier and Denial Of Service Attack — Case Study
First, QData did not employ security and network breach experts on site twenty four — seven, all year around. Provide a copy of the letter you would write to customers and be prepared to read it aloud in class for us to discuss. Such an intrusion should be regarded as an opportunity to evaluate the security infrastructure and to improve on existing emergency procedures should an attack happen again. Moral One could say that in stud of such an event, a company has a ipremir obligation to inform customers about the potential adverse effects to them.
Although personal relationships are foundation of most deals made in business, Raj should not have compromised with the customer data security by allowing an unsecure and unreliable data company to studyy iPremier website and retain customer data.