1)

Premier was unprepared for the 75 minutes attack. This might have come due to too
much faith in the Qdata’s abilities to control these situation and lack of vision with
regards to any threats. Every ones reaction was that of panic because there were no
crisis management strategy or disaster plans in place.

1. There was no chain of command.

2. There was no communication plan and no attempt to “pool knowledge”.
3. The emergency response plan was outdated and unless.

If I was Bob Turley I would have ordered the system to be fully shut even if it meant
using data that would help the company figure out what happened. If the website was
hacked, it means customers information such as credit cards and social security would
have been compromised. I believe shutting it down would have been safer move in
managing potential risk.

2)

IPREMIER HAD THE BAREBONES OF AN OPERATING PROCEDURE

THAT WAS NEITHER ENFORCED NOR FOLLOWED.
1. Conference call bridge with key IT personnel, iPremier executives, and key
Qdata personnel.
2. Contact ISP for additional help.
3. Document everything, all actions taken with details.
4. Establish contact with law enforcement agencies.
5. Check configurations and logs on systems for unusual activities.
 6. Set up and configure a “temporarily unavailable” page in case the attack
continues for a longer period of time.
3)
FOLLOWING STEPS ARE TO BE FOLLOWED TO PREPARE FOR AN
ATTACK IN FUTURE.
1. Develop and maintain Business Continuity & Incident Response Plan
2. Establish when the plan should be put into action
3. Develop clear reporting lines
4. Know your infrastructure
5. Know how to work with your infrastructure
6. Know how to get back to Normal
7. Training and Awareness
8. Testing
9. Revisions
10.Get reputable hosting service

4)

AREAS OF CONCERN
Scope of the Attack:
1. What data was compromised? (credit card information, customer information,
email system)
2. Was intrusion malware was installed onto systems?
3. Was the attack a diversion attempt to mask criminal activity (i.e. fraud)?
4. Will another attack occur in the near future?
Business Impact:
 Public Disclosure Issues
1. SEC guidelines for cyber security risks and events (2011)
 Public Relations Issues
1. Brand
2. Reputation
3. Shareholder Confidence
 Potential Litigation
1. Breach of contract
2. Violation of SLAs
 Direct Revenue Loss
IMMEDIATE ACTIONS TO BE TAKEN
 1. Assemble an incident response team
2. Conduct forensic analysis of attack
3. Document incident details and lessons learned
4. Adjust plans and defenses (address inadequate firewall)
5. Hire independent auditor to identify vulnerabilities of current systems and
processes
6. Communicate with appropriate parties (legal, shareholders, customers, vendor,
general public & media, regulatory agencies)

5) If law enforcement is involved, then the company has the obligation to notify the
consumer . Still, there are several other reasons to disclose to customers the potential
for a breach. The story being spread via other mediums will bring more issues to the
company so its better to disclose this making it a one-day story. The Company has
assure and make customers believe that such incidents won’t be repeated again.

6)

January 17, 2009

Dear Loyal iPremier Consumer:

On January 12, several callers informed our technology department that they were
unable to access our website. I sincerely regret any inconvenience you may have
experienced as a result of an unauthorized intrusion to our website. Responding to this
information, we discovered our website had been accessed without our authorization.
Reacting to client calls, we promptly contacted our data center, Qdata, and worked
with them to identify and correct the problem. Our Information Technology
department implemented a full array of emergency procedures to protect our computer
systems, website, and customer information.

Although the interruption to our website lasted less than 75 minutes, we intend to
continue the investigation into the source of the intrusion. You can be confident that
our computer security experts continue to address the situation and have already taken
steps to strengthen our data-related security. iPremier guarantees the safety of our
website and encourages you to continue business as usual. For your benefit, and to
ensure the long-term security of our system and of customer information, I have
decided to make data security iPremier’s number one priority.

I personally promise to update you with additional information as it becomes available

to me. In keeping with the best industry security practices, please remember that
iPremier will never ask you to provide or confirm information including credit card
numbers. I regret this event took place, but please know that I take your privacy very
seriously, and I will do everything in my power to protect your personal information.

Sincerely,

Bob Turley

Robert Turley
Chief Information Officer
iPremier

7)They could have done many things during the crisis but they were not prepared for
this. All now they can do is to make it public about the attack without making the
customers panic. After the crisis they can do following things to avoid such crisis in
future

FOLLOWING STEPS ARE TO BE FOLLOWED TO PREPARE FOR AN

ATTACK IN FUTURE.

1. Develop and maintain Business Continuity & Incident Response Plan

2. Establish when the plan should be put into action
3. Develop clear reporting lines
4. Know your infrastructure
5. Know how to work with your infrastructure
6. Know how to get back to Normal
 7. Training and Awareness
8. Testing
9. Revisions
10.Get reputable hosting service

8) The first fault is that they were not prepared for such an attack. This might have
come due to too much faith in the Qdata’s abilities to control these situation and lack of
vision with regards to any threats. Every ones reaction was that of panic because there
were no crisis management strategy or disaster plans in place. Such a threat had to
recognized and acted quickly to avoid it so everyone responsible for this is in fault.

Anujeeth Gopal
2K20/BBA/23
Section -C