Professional Documents
Culture Documents
E Commerce Assignment
E Commerce Assignment
Premier was unprepared for the 75 minutes attack. This might have come due to too
much faith in the Qdata’s abilities to control these situation and lack of vision with
regards to any threats. Every ones reaction was that of panic because there were no
crisis management strategy or disaster plans in place.
If I was Bob Turley I would have ordered the system to be fully shut even if it meant
using data that would help the company figure out what happened. If the website was
hacked, it means customers information such as credit cards and social security would
have been compromised. I believe shutting it down would have been safer move in
managing potential risk.
2)
4)
AREAS OF CONCERN
Scope of the Attack:
1. What data was compromised? (credit card information, customer information,
email system)
2. Was intrusion malware was installed onto systems?
3. Was the attack a diversion attempt to mask criminal activity (i.e. fraud)?
4. Will another attack occur in the near future?
Business Impact:
Public Disclosure Issues
1. SEC guidelines for cyber security risks and events (2011)
Public Relations Issues
1. Brand
2. Reputation
3. Shareholder Confidence
Potential Litigation
1. Breach of contract
2. Violation of SLAs
Direct Revenue Loss
IMMEDIATE ACTIONS TO BE TAKEN
1. Assemble an incident response team
2. Conduct forensic analysis of attack
3. Document incident details and lessons learned
4. Adjust plans and defenses (address inadequate firewall)
5. Hire independent auditor to identify vulnerabilities of current systems and
processes
6. Communicate with appropriate parties (legal, shareholders, customers, vendor,
general public & media, regulatory agencies)
5) If law enforcement is involved, then the company has the obligation to notify the
consumer . Still, there are several other reasons to disclose to customers the potential
for a breach. The story being spread via other mediums will bring more issues to the
company so its better to disclose this making it a one-day story. The Company has
assure and make customers believe that such incidents won’t be repeated again.
6)
On January 12, several callers informed our technology department that they were
unable to access our website. I sincerely regret any inconvenience you may have
experienced as a result of an unauthorized intrusion to our website. Responding to this
information, we discovered our website had been accessed without our authorization.
Reacting to client calls, we promptly contacted our data center, Qdata, and worked
with them to identify and correct the problem. Our Information Technology
department implemented a full array of emergency procedures to protect our computer
systems, website, and customer information.
Although the interruption to our website lasted less than 75 minutes, we intend to
continue the investigation into the source of the intrusion. You can be confident that
our computer security experts continue to address the situation and have already taken
steps to strengthen our data-related security. iPremier guarantees the safety of our
website and encourages you to continue business as usual. For your benefit, and to
ensure the long-term security of our system and of customer information, I have
decided to make data security iPremier’s number one priority.
Sincerely,
Bob Turley
Robert Turley
Chief Information Officer
iPremier
7)They could have done many things during the crisis but they were not prepared for
this. All now they can do is to make it public about the attack without making the
customers panic. After the crisis they can do following things to avoid such crisis in
future
8) The first fault is that they were not prepared for such an attack. This might have
come due to too much faith in the Qdata’s abilities to control these situation and lack of
vision with regards to any threats. Every ones reaction was that of panic because there
were no crisis management strategy or disaster plans in place. Such a threat had to
recognized and acted quickly to avoid it so everyone responsible for this is in fault.
Anujeeth Gopal
2K20/BBA/23
Section -C