iPremier(A) Denial of Service Attack – Case Study Presentation

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

Incident Response Managing Security at Microsoft Published: April 2004.
Business Continuity Training & Awareness by Sulia Toutai (ANZ)
The iPremier Company Qing Cao Team #4 Dalal Ahmad, Sayed Almohri
Chapter 14 Fraud Risk Assessment.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
Project Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.
Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.
The iPremier Company, Inc.
Information Security Policies and Standards
Password District Data Breach Exercise [District Name] [Date] [Logo]
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
The iPremier Company: Denial of Service Attack
(Geneva, Switzerland, September 2014)
Computer Security: Principles and Practice
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Fox & Sons Company: IT Change Management Policy Presentation Britt Bouknight Caitlyn Carney Xiaoyue Jiu Abey P John David Lanter Leonardo Serrano.
Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Incident Response Updated 03/20/2015
Internal Auditing and Outsourcing
October The Insider Financial Crime and Identity Theft Hacktivists Piracy Cyber Espionage and Sabotage.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Module 3 Develop the Plan Planning for Emergencies – For Small Business –
Nuclear Power Plant/Electric Grid Regulatory Coordination and Cooperation - ERO Perspective David R. Nevius and Michael J. Assante 2009 NRC Regulatory.
Navigating a Corporate Crisis © 2012 Fox Rothschild LLP Navigating a Corporate Crisis Pre-Crisis Phase September 20, 2012 Presented by Dori K. Stibolt.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.
INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Pro-active Security Measures
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.
IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.
Friday, October 23, Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.
Preparedness Project Lessons NC AWWA / WEA 2015 Annual Conference Jack Moyer.
SAFEGUARDING YOUR ASSETS AND PREVENTING FRAUD
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc
New EU General Data Protection Regulation Conference 2016 Managing a Data Breach Prevention-Detection-Mitigation By Gerard Joyce Dun Laoghaire Feb 24 th.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Incident Response Christian Seifert IMT st October 2007.
1 Outline of this module By the end of this module, you will be able to: – Understand what is meant by “identity crime”; – Name the different types of.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
2 United States Department of Education, Privacy Technical Assistance Center 1 Western Suffolk BOCES Data Breach Exercise.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
DaSy Conference Data Breach Exercise August 2016 [Logo]
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
Follow chain of command
Fusion Center ITS security and Privacy Operations Joe Thomas
Cybersecurity - What’s Next? June 2017
Team 1 – Incident Response
Protection of CONSUMER information
Responding to Intrusions
Data Compromises: A Tax Practitioners “Nightmare”
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
The iPremier Company: Denial of Service Attack
Neil Kirton and Zoë Newman
Incident response and intrusion detection
Risk Mitigation & Incident Response Week 12
IS-907 – Active Shooter: What You Can Do
Anatomy of a Common Cyber Attack
Presentation transcript:

iPremier(A) Denial of Service Attack – Case Study Presentation Based on: Austin, R.D. and Short, J.C. (2009) “iPremier (A): Denial of Service Attack (Graphic Novel Version), Harvard School of Business, 9-609-092 Xiaoyue Jiu, David Lanter, Seonardo Serrano, Abey John, Britt Bouknight, Caitlyn Carney

iPremier – Background iPremier- high-end online sales company (mostly credit card transactions) October 2008- Bob Turley hired as new Chief Information Officer January 2009- Denial of service attack occurs

iPremier Organization Chart Jack Samuelson (CEO) Bob Turley(CIO) Warren Spangler Peter Stewart Joanne Ripley Tim Mandel Leon Ledbetter

How well did Ipremier Perform?

What they did wrong Because of poor preparation iPremier could only react There was no chain of command There was no communication plan and no attempt to “pool knowledge” The emergency response “plan” was outdated and useless No one escalated the issue with Qdata until it was too late Analysis paralysis

What would you have done?

What they should have done Take control of communications Create a conference call with all of the key decision makers to select a course of action ( this includes legal counsel) Disconnect from the Network/ Contact ISP/Shut the down system Escalate to a Qdata manager Analyze the attack in a more detailed manner Take action!

Were the company’s operating procedure deficient in responding to this attack? The iPremier Company CEO, Jack Samuelson, had already expressed to Bob Turley his concern that the company might eventually suffer from a ‘deficit in operating procedures’.

iPremier’s Current Operating Procedures Follow emergency procedure Although an emergency procedure plan existed it was outdated and the plan was not tested recently. Contact data center for real-time monitoring, physical access, and procedures for remediation Although contact was made, physical access to ops center was initially denied. Qdata’s network monitoring staff were incompetent and their key staff was on vacation. Identify status of critical assets Unsure about the status of customer and credit card information data.

iPremier’s Current Operating Procedures Contact key IT personnel and the processes they should follow Although key IT personnel were contacted it was not followed through a reporting structure and senior management were contacted without having enough understanding of the situation Identify and prioritize critical services Understand the nature of the attack Unsure if it was a DDoS or a hack / intrusion or both Summarize events Provide summary about current status and next steps.

What additional procedures might have been in place to better handle the attack? iPremier had the barebones of an operating procedure that was not enforced nor followed.

Additional Procedures Conference call bridge with key IT personnel, iPremier executives, and key Qdata personnel Contact ISP for additional help Document everything, all actions taken with details Establish contact with law enforcement agencies Check configurations and logs on systems for unusual activities. Set up and configure a “temporarily unavailable” page in case the attack continues for a longer period of time

Now that the attack has ended, what can the iPremier Company do to prepare for another such attack?

How to prepare for the Future Develop and maintain Business Continuity & Incident Response Plan Establish when the plan should be put into action Develop clear reporting lines Know your infrastructure Know how to work with your infrastructure Know how to get back to Normal Training and Awareness Testing Revisions Get reputable hosting service

in the aftermath of the attack, what would you be worried about? What actions would you recommend?

key Areas of Concern Scope of the Attack: Business Impact: What data was compromised? (credit card information, customer information, email system) Was intrusion malware was installed onto systems? Was the attack a diversion attempt to mask criminal activity (i.e. fraud)? Will another attack occur in the near future? Business Impact: Public Disclosure Issues SEC guidelines for cyber-security risks and events (2011) Public Relations Issues Brand Reputation Shareholder Confidence   Potential Litigation Breach of contract Violation of SLAs Direct Revenue Loss

Immediate Recommended Actions Assemble an incident response team Conduct forensic analysis of attack Document incident details and lessons learned Adjust plans and defenses (address inadequate firewall) Hire independent auditor to identify vulnerabilities of current systems and processes Communicate with appropriate parties (legal, shareholders, customers, vendor, general public & media, regulatory agencies)

Conclusions No IT Governance resulted in… Evidence indicating no IS policies, enforcement, support nor protection: IT infrastructure outsourced to Qdata, paying for “24/7 support” getting no 24/7 support on January 12, 2009 IT staff expressed poor impression of quality of Qdata service to Bob on October 16, 2008, yet the firm remained outsourced 3 months later IT staff indicate senior management of firm not interested in spending on improving IT infrastructure IT staff using company resources for online gaming…

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.