Based in Seattle, Washington, iPremier a leader in online retail sales became a successful company in the internet-based commerce industry. The company retailed luxury, rare, and vintage goods online. In 2008, the company hired Mr. Bob Turley as their CIO to take their operations management to the next level. Six months into his reign, the company’s website experienced a denial of service (DoS) attack that caused chaos and confusion in the company as no contingency or disaster recovery plan existed. During this incident, it was discovered that there were no standard operating procedures to follow which lead to confusion upon the employees. Furthermore, they failed to get any form of support from the Qdata, an outsourcing hosting company that was in charge of providing internet security services, which led to a cascading of unsuccessful events in dealing with the attack. Many of the existing processes were unproductive including the escalation of the problem. This attack temporarily crippled the company’s online retail website triggering customers to contact the helpdesk. In reviewing this security breach, it is recommended that iPremier revaluate its governing values of “discipline, professionalism, commitment and partnership for achieving profits” and the corrections that ought to be implemented to prevent another occurrence of the problem that was experienced.
Main Issues/Challenges:
Although the attack only lasted 75 minutes, it had the potential to cause serious
However, some people trying to fix the attack did an adequate job considering the problems the company had. Joanne and Leon Ledbetter did everything in their power to restore the website and protect the customer data, which even included running red lights. Leon was so new that he didn’t know exactly what to do. Training for an emergency would have proven useful. The CIO, Bob Turley, knew of the emergency protocol and out of date manuals, but never did anything to alleviate these problems. This put the company in a significant disadvantage, and created a bigger problem than what was necessary. Faced with this problem, Turley was able to facilitate direction for the company as best as he could, which ended with the security breach stopping.
As we have seen throughout the county, if the proper “tone from the top” is not emphasized or proper policies/procedures implemented and adhered to throughout, the company’s reputation, assets, stock values could be harmed tremendously. Some smaller enterprises might not be able to sustain a cyberattack and
This presentation discusses an incident known as a denial of service (DoS) as well as an intrusion of the clinic’s network systems. A denial of service (DoS) attack is designed to shut down services which a business needs to operate. This incident caused widespread slowness and outages to internet services and affected the clinic’s capability to properly treat its patients. In this presentation, the incident is examined. The processes to detect, analyze, contain, eradicate and recover from the incident are the focus of the presentation. Once the incident investigation was complete, special consideration was made as to what was learned and how clinic staff can help protect the clinic’s ability to properly serve its patients.
It is not clear in the article if iPremier did any risk assessment, and if they did, they didn’t anticipate that they could be victims of a DDoS attack. iPremier should have used a Contingency Planning standard like NIST SP 800-34 to identify risks and develop policies and procedures to deal with attacks like the one they faced. If they had these, they could have responded in a more orderly and affectively fashion and they could have alternatives to overcome the negative impact
Just like every other organization, Adius, LLC relies on information technology to manage their information, processes, and assets in order to thrive, conduct their business efficiently, and deliver their services effectively. However, no organization is immune from cyber-attacks and threats. In fact, cyber-attacks and threats have been increasing exponentially during the past few years. Having outdated and irrelevant cybersecurity procedures, policies and practices places organizations in greater vulnerabilities and risks. For this reason, cybersecurity procedures, policies and practices in place must be in line and be more relevant to the security needs of Adius, LLC.
The company also created a barrier to entry by being the first large online bookseller.
Incident response and planning is very critical to a business. It’s important Greiblock Credit Union (GCU) financial firm maintain control of these incidents in a timely manner which could reduce cost, and risks. When responding to incidents one should always minimize the severity of all security incidents. The analyst should have a clear plan to resolving incidents, while containing the damage and reducing risks (Cichonski et al., 2012). According to Cichonski et all, (2012) most departments have a Computer Security Incident Response team, or designated personnel to handle the variety of incident responses related to Cyber Security. Based on the below, the information can be used in a technique to help an organization to determine the threat against the organization and identify if it’s truly a security breach or serious
Information security enabled by technology must include the means of lowering the impact of intentional and unintentional errors entering the system and to prevent unauthorized internally or externally accessing the system actions to reduce risk data validation, pre-numbered forms, and reviews for duplications. It is crucial that the mission plan include the provision of a disaster recovery and business continuity plan. On the other hand, there is much more intrusion activity today than ever before. Obviously, there is an increased concern for attacks through companies’ network in an effort to either commit malice or affect the integrity of an organization’s most valuable resource. Therefore, it is important that companies do not get complacent in their IT infrastructure security. The fact of the matter, there is no perfect system; however, it behooves organizations to protect their information by way of reducing threats and vulnerabilities. Moreover, Whitman and Mattord (2010) said it best, “because of businesses and technology have become more fluid, the concept of computer security has been replaced by the concept of information security. Companies
7. Which domain requires stringent access controls and encryption for connectivity to corporate resources from home?
Provision of services can be disrupted in the event of systems failure, compromised security or other advanced technologies. However, the result in downtime and resources can be minimized following a disaster recovery plan (DRP), effective immediately. To achieve this, policies and procedures must be formally established and reviewed periodically, beginning with the current ‘binder(s)’. The recent compromise, exposed the company to great risk, and furthermore, exploited existing vulnerabilities. Nevertheless, it is recommended, all current documentation be given an update of “no less than once every three years” (GFOA 2010, p. 1). A team or committee should be assembled in the case of emergency. In this manner, iPremier will be able to effectively engage in response to unforeseen circumstances. It is clear no formal communications were established much less responsibility were properly assigned while an attack was underway. The GFOA (2010) suggests as a minimum requirement, a (DRP) should outline the responsibilities of team members who are current and in contact. Ross (2010) agrees with this practice, suggesting the existence of (DRP)’s have proper trained staff with specified roles for emergencies.
TJX was the largest retailer of apparel and fashion in the United States, with over 2400 stores and 125000 associates. It functions on the basis of an internal information system, which is essential for connecting people, places and information and; accessing data that enables quick and timely decisions. The presence of an IT network is imperative to the productivity of any retailer. But this IT network if not secured properly is the most sensitive to a cyber attack, thus making any retailer very vulnerable to attacks. Apart from the internal networks, the CRM technologies and in-store technologies (like bar-code scanners, kiosks, etc.) are also vulnerable to attacks.
The CEO pointed out a notably vital concern to the organization that caused an international cyberspace penetration. As she explained, CyberTech is an organization serving as a cyber-forensics consultant for our organization. They have the responsibility to examine our digital experiences forensically and identify any problems and loopholes present in our systems in a bid to solve cyber-related concerns. Systems should be working at the expectations of all stakeholders, and CyberTech is the contractors who should take the roles of advising and implementing on the best courses of actions when it comes to handling the systems. Also, CyberTech is handling the lawsuit following a hacking incident that was reported by the organization in
A Denial of Service (DoS) attack on the corporate IT system at IVK Corporation. (Adapted from the book The Adventures of an IT Leader, 2009, Harvard Business School Publishing). After reading the case description, answer the questions that follow.
iPremier company was totally unprepared for the seventy-five minute attack. Since there was no efficient emergency response plan in place, the management had to deal with the situation based on their intuition rather than following a well laid out procedure. This is evident from the fact that many of the professional parties involved had conflicting opinions about how to react to the situation. There was no chain of command, no communication plan and no attempt to pool knowledge from various sources. Also, Qdata, the company that hosted most of iPremier's computer equipment and provided internet connectivity, did a poor job in providing the network monitoring services they were paid for. But, no one has escalated the issue with Qdata until
Normally, a company would follow emergency procedures while dealing with crises, but in iPremier’s case, there was no emergency procedure available. Under these circumstances, and with no prior experience with security breaches, I believe the company performed well. Bob Turley communicated well with the other members of the company, but if I were in his shoes, I would have been more conservative and acted faster.