...THE iPREMIER COMPANY (A): Denial of Service Attack By Robert Austin November 19, 2003 DPDN Brian Dyrud Jennifer Paterson Paul Davidson Lindsay Neal BACKGROUND: iPremier, a Seattle based company, was founded in 1994 by two students from Swathmore College. iPremier had become one of the only success stories of web-based commerce, selling luxury, rare, and vintage goods over the Internet. Most of iPremier’s goods sell for under $200 and the customer buys the products online with his or her credit card. iPremier’s competitive advantage is their flexible return policies which allows the customer to thoroughly check out the product and make a decision to keep the product or return it. The majority of iPremier customers are high end and credit limits are not a problem, which also adds to the competitive advantage of utilizing their entire customer base. During 1999 the company reached a profit of $2.1 million on sales of $32 million. Sales had increased by 50% during the last three years and they were in an upward trend. iPremier’s stock nearly tripled after the company’s Initial Public Offering in 1998 and had continued to grow since the IPO, and eventually the stock tripled again. iPremier was one of the few companies to survive the technical stock recession of 2000. Management at iPremier consisted of young people who had been with the company from the start and a group of experienced managers that were brought in over time as the company grew. IPremier’s...
Words: 3910 - Pages: 16
...The iPremier Company: Denial of Service Attack 1. In your opinion, how well did iPremier perform during the 75 minute attack? It is clear that iPremier was not prepared for any sort of cyber attack, and their subpar performance during the 75 minutes was a clear representation of their operational deficiencies, lack of preparedness, and lack of leadership. This led to a complete disregard of any formal procedures and caused many involved to fall for common psychological traps. On page 281, Applegate lists four key emotional obstacles that must be overcome during an incident: 1) Emotional responses, including confusion, denial, fear, and panic, 2) Wishful thinking and groupthink, 3) Political maneuvering, diving for cover, and ducking responsibility, and 4) Leaping to conclusions and blindness to evidence that contradicts current beliefs. From the very beginning of the incident, there was confusion and panic with the people involved. However, amongst the panic, everyone did a decent job of prioritizing the safety of the customer’s information. Without a formal plan, it obviously took longer to diagnose the problem and to determine solutions, but Bob Turley did a good job of keeping everyone focused on the customers. However, he did not offer much support to Joanne Ripley, the one person who was actively trying to identify and fix the problem. For example, Turley didn’t even acknowledge the issue with Qdata when Ripley brought it to his attention during their first conversation...
Words: 1850 - Pages: 8
...Introduction The iPremier Company was founded in 1996 by two students at Swarthmore College and grew to become the second largest web-based retail business selling luxury, rare, and vintage goods. The company's customer base was high-end, with most of the products priced between fifty and a few hundred dollars and a small number of items priced in the thousands of dollars. Its return policy was flexible, which gave customers the opportunity to examine products before deciding whether to keep them. The company went public in 1998, and its stock price experienced rapid growth throughout 1998 and 1999. The stock price was hit hard during the DotCom Crash of 2000, but, unlike many of its competitors in the business-to-consumer segment, the company was able to survive by streamlining and focusing its business to achieve profitability. In January 2007, iPremier experienced a denial of service ("DoS") attack, which prevented access to the website and the internal web server. It was unclear at the time whether this was a DoS attack, or something deliberate. Though the attack appeared to be harmless in the end, the incident brought to light the fact that iPremier was ill-equipped to deal with breaches of network security. The incident highlighted three major shortcomings of the company's existing network security infrastructure: (1) a third party was responsible for the company's internal network security, (2) iPremier's information technology was outdated, and (3) iPremier's standards...
Words: 2896 - Pages: 12
...Question 1 The employees at iPremier all performed well except for Bob Turley, CIO. In this case, even having one employee not perform well, meant that the company overall performed poorly. The overnight or third shift had an immediate response to the attack by taking the initiative to call the CIO at 4:30 am to inform him about the malicious incident and to drive down to the data center because no one on the Qdata phone was being helpful. Bob Turley should have pulled the plug much sooner. He had been working at iPremier for nearly three months and should have been aware of the company’s limited hacker defense capabilities. That awareness would have meant that iPremier was very vulnerable to anything beyond the most basic cyber-attacks. There was suspicion that the hackers could be stealing credit card information, yet he left the system up and running. The plug was only pulled after the legal counsel advised him to do so. Every second waiting to pull the plug could have been more and more damaging to the company, customers, and employees. A worst case scenario must be assumed in such a vulnerable situation. Another mishap was when Bob told an employee not to call the police because it could hurt the stock price. The stock price should not have been Bob’s most pressing concern considering law enforcement has resources available to assist iPremier in identifying or defending against the attack. There was also precious time wasted by waiting for his boss to call before Bob...
Words: 663 - Pages: 3
...iPremier Case Study Abstract In Seattle, Washington in 1996 two students at Swarthmore College, start iPremier Company, which is a web-based commerce. The company sells luxury, rare and vintage goods over the internet. The selling range of the items is between 50- a couple of hundred. Since everything is done, online credit cards are used for purchases. One of the advantage of iPremier is the flexible return policies, it gives the customer an opportunity to decide if they want the products or not. iPremier Company iPremier is one of the top retail business that sell the luxury items, profiting $2.1 million on sales $32millions in 2006. Since then sale has grown over 20% annually. There was a decrease, but everything works itself out. Upper management describes working at iPremier as intense. .Qdata is the company that host iPremier computer equipment and provided connectivity to the internet (Austin and Murray, 2007). Although Qdata offers monitoring of website for customer and network operation, they had not invested in advanced technology and was not able to keep staff. During 75-minute attack how well did they iPremier perform. What would you have done differently if you was Bob Turley Bob Turley is new Chief Information Officer and is currently in New York on business. AT 4.31 am he received a call, from the network been hack and wired email received with just the word “Ha”. The site was a DoS attack coming from about 30 locations...
Words: 967 - Pages: 4
...The first reason for the deficient attention to security exhibited by the management of iPremier is the focus on short term gains which is deeply imbedded in the company's culture. Many times in this case concern was expressed about what the stock price would be the following morning. There is too much attention on the stock price, which in turn plays back into the short-term focus. Companies that focus on a short-term "earnings game" often lose focus of their long term strategy, and thus causes more harm than good. Another reason for the lack of focus on security within the management ranks is the fact that the ownership of the company’s incentive package encouraged that behavior. A number of employee’s compensation incentives should have been tied to security so that those numbers were pursued as aggressively as a climbing stock price. The company’s governing values, does not even include any reference to any value delivered to the customer; it only references the internal needs and wants of the management. A revised corporate mission and value statement should be considered and more resources directed to the IT department and other operational departments with focus on long term effectiveness. A third area to study is the high turn-over rate in the management ranks. It appears most employees are fearful of losing their jobs, “unsuccessful managers did not last long”, and they appear interested in only boosting their stock option plan. Individuals are forced to perform almost...
Words: 386 - Pages: 2
...Case Analysis The iPremier Company (A): Denial of service Attack Case 2—2 MIS 606- Management Information Systems 4 December 2012 Summary of the problem The case presents a specific problem that has taken place in iPremier, a Seattle based company that was founded in 1996 by two students from Swathmore College and had become one of a few success web-based commerce, selling luxury, rare, and vintage goods over the Internet. It was exactly on January 12, 2007, when iPremier Web servers were brought to a standstill. The Web site of the company was locked up; neither employees nor customers can access the site due to a distrusted denial-of-service (DDoS) hacker attack. At that time, the company CIO, Bob Turley, who was recently hired, was out of the town on a mission, and that made the situation even worse. The problem was soon spread reaching the CEO! The shocking finding was the outdated emergency procedures. Eventually after 75 minutes the problem was solved and the main champion in my opinion was luck! Unstructured actions were taken to overcome this attack. The corrective action was taken but still iPremier will need to come up with preventive action for similar situations because this might threaten its existence. The technology The case discussed different technologies: distributed denial of service (DDoS) attack, firewall, and information security mainly in case of crisis. DDoS is a type of web attack that seeks to disrupt the normal function...
Words: 1713 - Pages: 7
...Zara & IPremier: Strategic Information Systems 1 (a): Zara, at the time of the case had a low-cost, robust and reliable POS system. If the system broke down, the solution was simply to reboot it or reinstall the software. It is evident that Zara when considering Nolan & McFarlan's (2005) ‘IT Impact Grid’, is in support mode and is not highly dependable on IT. Also, Zara is not concerned with innovation in terms of technology, the key element of it’s strategy is to grow and increase the number of it’s stores. This puts into question the need for a new POS system, as it’s existing system is strategically aligned to low-cost and easy to implement replication across new stores. The implementation of a new POS system at Zara would create a number of risks, three of which are discussed below: operational risks due to IT dependency, overspending and disruption to business processes and knowledge. As Carr (2003) discusses, implementing a new POS system would introduce a number of operational risks such as technical glitches, obsolescence, service outages, unreliable vendors or partners, security breaches etc. With a new system, disruption or outages could paralyse Zara’s operating systems and processes such as: the ordering and delivery process; the flow of information sharing with headquarters (and possibly other stores); the POS transactional process; the customer experience; and in turn the customer satisfaction. Also, with the existing system, each store is hard wired back...
Words: 1463 - Pages: 6
...Case Analysis: The iPremier Company - Denial of Service Attack Matthew M. Lambert Introduction: The e-commerce landscape is littered with the remnants of companies that didn’t survive the meteoric dot com boom and subsequent bust that began in the late 1990s. iPremiere Company, however, was the exception to the rule. Created by two college students in 1996, the web-based company had solidified its business position as a top online retailer of high-end, luxury goods with $32 million in sales and $2.1 million in profit for 2006. Consumers bought directly from iPremiere using credit cards, which were then stored on the company’s servers. In 2007, computer hackers launched a Denial of Service (DoS) attack on iPremiere’s website, temporarily shutting down the website and taunting iPremiere with emails. The possibility of hackers breaching its security firewall is extremely troubling because it puts customer financial information at risk and the loss of this public trust would be disastrous for iPremiere. The purpose of this paper is to assess why iPremiere was vulnerable to attack, examine their approach to both IT risk management and crisis communications and offer recommendations that foster customer trust and company profitability in the future. SWOT Analysis A brief SWOT analysis shows that iPremier’s strengths include good placement in the e-commerce marketplace and a highly experienced and productive team of managers and software developers dedicated to meeting company...
Words: 1167 - Pages: 5
...Assignment #3: iPremier BADM 350 1. How well did the iPremier Company perform during the seventy-five-minute attack? If you were Bob Turley, what might you have done differently during the attack? Normally, a company would follow emergency procedures while dealing with crises, but in iPremier’s case, there was no emergency procedure available. Under these circumstances, and with no prior experience with security breaches, I believe the company performed well. Bob Turley communicated well with the other members of the company, but if I were in his shoes, I would have been more conservative and acted faster. In responding to the crisis, there were two main issues that iPremier faced – understanding the attack, and restoring order. First, regarding understanding the nature of the attack, I believe Leon performed poorly. He did not come up with any hypotheses for what had happened, nor did he fully explain the enemies that his company might have created through World of Warcraft. On the other hand, Joanne made the correct decision to go to Qdata in person to look at the traffic going in to iPremier’s site, and figure out the details of the attack from there. As for restoring order, both Tim and Stewart gave Bob their professional opinion, and explained to him their views on pulling the plug. If I were in Bob Turley’s shoes, I would have decided to pull the plug as soon as I heard both sides of the plug-pulling argument. Tim said that pulling the plug would destroy the log...
Words: 592 - Pages: 3
...Contingency Planning Policy Statement iPremier has chosen to adopt the Contingency Planning principles established in NIST SP 800-34 “Contingency Planning Guide for Information Technology (IT) Systems,” as the official policy for the risk management, incident response for DDoS attacks. The following subsections outline the Contingency Planning standards that constitute iPremier’s policy. Each iPremier Business System, including third-party service providers, is then bound to this policy, and must develop or adhere to a program plan which demonstrates compliance with the policy related the standards documented. Business Impact Analysis Preliminary System Information Organization: iPremier Date BIA Completed: System Name: Customer’s Web...
Words: 1444 - Pages: 6
...How well did this company perform during the attack? iPremier, like most, performed at a high level during the attack. What I mean by that is that it appears from the reading that the entire company, or those responsible, took the approach of “all hands on deck”. It is in moments like this where people are generally thinking quickly, and sometimes out of the box. This helped to managed a correlated effort to resolve the issues. This is not to say that they didn’t have places for improvement. From the design of the article, there were traces that alluded to the fact that this was something that wasn’t planned on or prepared for. Almost as if security was a second tier concern of the company. For the CIO to be sitting on the ground when the bad news came, sends a message that there was a “surprise” that this type of thing could happen. This “it can’t happen to me” syndrome is the outcome of, either, an unprepared company or one in denial; no pun intended. Overall the outcome was good, so the performance must be measured on the outcome. What should they have done differently, before or during the event? After reviewing the Technical Architecture, it was clear that there was no DMZ established to help with such an attack. Whether this was just missing from the diagram or actually missing isn’t clear, but assuming the diagram to be correct, it is clear that there were very few cautions taken to protect the company/customer information from attacks. To have the firewall...
Words: 493 - Pages: 2
...How to write a teaching case I am currently – with colleagues Mikael Lönnborg and Gerhard Schjelderup – editing what we hope to be a book of Scandinavian teaching cases. In a meeting in Stockholm recently, I was asked to explain what it takes to write a teaching case. I gave my opinion, we had a very interesting discussion. Here is my (very rough and off the cuff) opinion about what it takes (in reality, how a teaching case differs from a research case). Why are you writing this case? Cases are written for a teaching purpose – and to write a teaching case, you need to have a teaching objective in mind. It is not enough to have an interesting company. Even the best company story needs to have a pedagogical point, a theory or dilemma to illustrate. So don’t write a teaching case just because you happen to know someone in a really interesting company – it does need to be a good story, but it also need to have a purpose. The standard outline Cases – particularly the standard HBS case – follow an outline that can seem rather trite, but which is very effective. It is something like this: 0.5 page: Intro: The protagonist is introduced, typically pondering a question of some importance. The idea is to tell the students from which perspective the case is written, to set the scene – and that is all there is to it. 1 – 1.5 pages: Description of the company – not the whole history, but the relevant details, explaining what the company is doing, how they make their money. Most...
Words: 1469 - Pages: 6
...Question 4: What, if anything should they say to customers, investors, and the public about what has happened? Wow, this is a very tough question to answer. I sort of feel like the case study ended up abruptly without very much information about what actually happened. My initial response would be to not say anything until further investigation could be done on what actually happened. The case didn’t say if any customers had been alarmed to the fact that the website was under attack. Reporting a possible attack would only ruin the reputation of the company as a whole, decrease the stock price therefore causing investors to panic and the general public would have an overall bad taste in their mouth when ipremier was mentioned. The only real reason a company would report the attack to customers was if there credit information or identities had been compromised. Unfortunately the case didn’t state whether their credit or identity information had actually been compromised. The investors would only need to be notified if they actually had hard evidence of an actual problem occurring. The good news is that the attack only lasted 75 minutes and most people were sleeping during the attack. So the company has some time before they decide if a statement should be released. My recommendations would be for this company would be to do the investigation to determine what if anything was compromised. Additionally to go full force into...
Words: 279 - Pages: 2
...Brief 1. Advance Operations * 90 % behavior and 10% what you know, that’s why the teacher tells us that in businesses, machines are very easy to learn inside out but when the people comes in the picture is when we have a problem. Behavior has a massive content in respect to success. * A sense of leadership combined with strong authority causes people to lift their spirit up and wakes up a sense of fellowship. * In Shackleton’s time there wasn't a lot of knowledge on those technologies being used. That combined with the pressure of the countries competing with each other to discover places around the world. * These competition kind of resembles todays fight in the automobile industry.Efficient use of time , as explained and used in operations is a very important way to find improvement. * Gravity waves: These waves are generated in a fluid medium or at the interface between two media when the force of gravity. An example of such an interface is that between the atmosphere and the ocean, which gives rise to wind waves. * Examples of leadership in Shackleton’s: He Invented the power bar ( found the right logistics for food), as a leader you have to seek informal contact at times which is more important at times that formal contact. * As a leader you can never extinguish HOPE . Is a vital element to lift up the spirit. * Competitiveness in...
Words: 10653 - Pages: 43
