Located in Seattle Washington, the iPremier company is a web-based commerce company founded in 1996 by two students from Swarthmore College. Since its founding, iPremier has registered a success story in e-commerce selling vintage, luxury and rare goods over the internet (Austin, 2007). Customers use their credit cards to transact business online. With impressive sales and profit margins, iPremier is among the few companies that survived the 2000 technical stock recession (Austin, 2007).
Management at iPremier consists of young employees who were its pioneers and a number of experienced managers recruited over time. The company’s working atmosphere is dynamic with strong values of professionalism, discipline, commitment to results delivery and partnership for-profits achievements (Austin, 2007). iPremier’s management orientation is on “do what it takes” to have projects done on schedule.
Being a web-based commerce company, iPremier had contracted Qdata to provide the majority of its computing equipment and internet connectivity (Austin, 2007). Qdata, though not a leading industry in information technology was selected due to its close proximity to iPremier’s company headquarters.
iPremier once suffered a denial of service attack on 12th January 2007 that almost rendered the company’s site nonfunctional (Austin, 2007). A denial of service attack can be defined simply as an attempt to prevent the availability of computer resources to its legitimate users (Encyclopedia Britannica). This is achieved through halting an internet site or service from working efficiently and can be temporarily or permanently. Hackers had launched the denial of service attack on iPremier but luckily it was launched either by a script-kiddie or a competitor trying to interfere with service otherwise it would be worse. The attack lasted for about 75 minutes after which it cleared without any intervention either from Qdata or iPremier.
With this insight, the remaining part of this essay, therefore, seeks to analyze how iPremier addressed this situation in relation to professional ways of addressing the denial of service attacks.
The case excerpt prepared by Robert Austin shows clearly that iPremier was unprepared for the attack. This might have resulted from over trusting Qdata’s ability to control such a situation and the apparent lack of vision regarding any threats that might arise. Everyone reacted in a panic because there was no disaster/crisis management plan in place. The response to the attack was generally poor (Austin, 2007). They were unable to decide whether or not; to disconnect communication lines, rebuild all systems, and involve the FBI or Seattle police. However, some employees like Joanne Ripley are credited for their quick response to the crisis although her efforts did not yield much in averting the attack. It is worth noting that the attack stopped after approximately 75 minutes without any intervention either from Qdata or iPremier. Bob Turley also reacted professionally by contacting relevant parties and listening to their pieces of advice but he should have done much more being the chief information officer.
If I were Bob Turley, I would have convened a teleconference with the company’s technical executives to discuss appropriate risk management measures. I would also include Qdata’s key contact person on the issue to provide possible recovery measures for the situation. I would also ask the legal advisor to listen to the conversation to get a clear picture of the situation and provide legal advice for the plan.
In the aftermath of the attack, it is obvious that one would be worried about the reputation of the business and the company in general (Mirkovic, Dietrich, Dittrich and Reiher, 2005). My main worry would be on the damages to the network and business at large. I would be more than concerned about the possibilities of future attacks. The iPremier company had placed much focus on its profits and coming up with new features for its customer’s benefit at the expense of coming up with technology architecture that would protect its system from viruses and hackers (Austin, 2007). This attack must have served as a wake-up call to the company. To this end, I would propose the following recommendations to iPremier.
First, the company needs to revisit its choice of ‘colocation’ partner. Qdata had completely lost any prospect of leadership in the market and was slow to invest in advanced technology thus would have not been a good choice for a company like iPremier. The company also needs to create an incident management team and ensure that its network management software is made remotely accessible to the security team. Third, I would recommend that the company adopts appropriate security/privacy measures like the use of cryptography for sensitive data, installing a sophisticated firewall, purchasing disk space to enable high logging levels, and updating virus signature files and other security patches (Keri and Carol, 2010). The company also needs to come up with a well-designed and documented recovery plan. Last but not least, the Company needs to educate its staff about security and threats.
References
Austin, R. (2007). The iPremier Company (A): Denial of Service Attack. Boston, Massachusetts: Harvard Business School. Web.
Denial of service attack (DoS attack). (2010). In Encyclopedia Britannica. Web.
Keri E. P. and Carol S. S. (2010). Strategic Management of Information Systems (4th Edition). New York: John Wiley & Sons.
Mirkovic, J., Dietrich, S., Dittrich and Reiher, P (2005). Internet Denial of Service: Attack and Defense Mechanisms. New Jersey: Prentice Hall.