Presentation is loading. Please wait.

Presentation is loading. Please wait.

The iPremier Company Qing Cao Team #4 Dalal Ahmad, Sayed Almohri

Published byCeline Eidson Modified over 9 years ago

Similar presentations

Presentation on theme: "The iPremier Company Qing Cao Team #4 Dalal Ahmad, Sayed Almohri"— Presentation transcript:

1 The iPremier Company Qing Cao Team #4 Dalal Ahmad, Sayed Almohri
Aliza Levinsky Andy Rupp Avinash Sikenpore ISQS 5231-IT for Managers Qing Cao

2 Advantage: flexible return policies.
Background Background The company iPremier, a Seattle based company, was founded in 1994 by two students from Swathmore College.  Web-based commerce, selling luxury, rare, and vintage goods over the Internet. iPremier was one of the few companies to survive the technical stock recession of (B2C Market) Advantage: flexible return policies.

3 Management Background
Management at iPremier consisted of young people who had been with the company for some time and a group of experienced managers Well educated technical and business professionals with high performance reputation Values: professionalism, commitment to delivering results, and partnership for achieving profits. The company had a strong orientation to “do whatever it takes” to get projects done on schedule.  

4 Hierarchical Structure
Characters Name Position Bob Turley Chief Information Officer Jack Samuelson CEO Joanne Ripley Head of IT operations Warren Spangler Vice president of business development Tim Mandel Chief Technology Officer Leon Ledbetter Operations assistant Peter Stewart Legal consultant Hierarchical Structure Jack Samuelson Bob Turley Joanne Ripley Leon Ledbetter Tim Mandel Peter Stewart Warren Spangler

5 Stakeholders Stakeholder Role Degree of impact Customers
The most important asset for the company. Build up the company’s reputation and develop and drive its business future. High iPremier Chief Officers Determine administrative policy and procedures. Address management issues company culture, outsourcing, management relationships, risk management. Very high iPremier Operation Managers Develop alternatives to quickly recover from an attack mitigating the system’s downtime. Implement high standards for security and back up systems to ensure business continuity. Qdata-Outsourcer Forms the backbone for the company. Administrative and Technical  Employees Capability to develop and invest in advanced technology. Administrative and Technical  Employees Responsible for administering, operating, and maintaining the company’s systems.

6 Architecture Background Qdata Facility iPremier Co. Case
Qdata Private Network VPN Cust A Router Cust A Ethernet switch To public Internet DNS Servers VPN Cust B Router Cust B VPN Cust… Internet Router Router Cust… Network Management VPN iPremier Company iPremier Co. Case Router Firewall Web Accelerator Router to HQ Ethernet Switches TI Web Server Cluster SMTP/POP Server Network Management Database Server

7 Governance and Ownership
Community Alliance Corporation Ipremier Market Hierarchy Partnership Governance Since it consisted of a legally defined organization with different departments like legal, marketing, IT etc, we categorize it as a CORPORATION. A formal contract is not formed in a B2C relationship which places iPremier in the MARKET section of the matrix as it provides goods, processes payments and maintains customer profiles.

8 Product / Market positioning
Broad Narrow Ipremier Low Cost Value-Added Product positioning Since it currently serves a niche market(mostly affluent) we categorized it as NARROW , but with it’s plans for growth it is moving up to reach BROAD . Since it sells luxury-rare items we recognize it as VALUE ADDED.

9 Impact on business operations
IT Impact Impact on business operations High low Ipremier Low High Impact on strategy At the early beginnings of the company it’s IT placed it in a HIGH strategic impact position . Later on when competitors entered the market the IT strategic impact became LOW . Since it’s an online business IT impact on operations is HIGH.

10 Coupling-Interaction
Tight Loose Ipremier Linear Complex Interactions Since all the operations of an e-commerce are mostly online iPremier is reasonably COMPLEX. It is also reasonably tight COUPLING because its operations are interdependent

11 Timeline Timeline Founded by two students at Swarthmore College Initial public offering Stocks fell in the NASDAQ crash but then stabilized iPremier had $32 million in sales and $2.1 million in profits January 12th DoS attack 1996 1998 2000 2006 2007

12 Before 4:31 a.m Before 4:31 a.m 4:31 a.m 4:31 a.m 4:39 a.m 4:39 a.m
Timeline of events Before 4:31 Before 4:31 a.m Before 4:31 a.m 4:31 a.m 4:31 a.m Call Turley!!! We have a problem with the website 4:31 Web Site is locked up!! Customers can’t access it Someone might have hacked us Leon Ledbetter Joanne Ripley Leon Ledbetter Bob Turley 4:39 4:39 a.m 4:39 a.m Between 4:39 and 5:27 a.m 4:39 -5:27 Between 4:39 and 5:27 a.m How long until we are back and running? Did someone hack us? Is it a DoS attack? Should we pull the plug? Is credit card information being stolen? Do we have emergency procedures? Bob Turley . I think it is deliberate Most of our customer are asleep I’ll restart the server I’ll call you back We have a binder. I can’t find Joanne Ripley Joanne is in the way to Qdata

13 Between 4:39 and 5:27 a.m Between 4:39 and 5:27 a.m
Timeline of events 4:39-5:27 Between 4:39 and 5:27 a.m Between 4:39 and 5:27 a.m Between 4:39 and 5:27 a.m Between 4:39 and 5:27 a.m Leon said something about suspicions mail, should I call FBI? 4:39- 5:27 We have a problem…..Should we pull the plug? No, we need to preserve evidence… but detailed logging is not enabled Warren Spangler Bob Turley We don’t want the press involved Bob Turley Tim Mandel 4:39-5:27 Between 4:39 and 5:27 a.m Between 4:39 and 5:27 a.m 4:39-5:27 Between 4:39 and 5:27 a.m Between 4:39 and 5:27 a.m I’m in Qdata, there is no one that knows about the network, the only one went in vacation to Aruba. Do you have an escalation contact? Pull the plug, credit cards can be stolen. This is my legal perspective Peter Stewart . . Thanks so much for your thoughts Joanne Ripley Bob Turley Bob Turley

14 5:27 a.m 5:27 a.m Between 5:27 and 5:46 a.m Between 5:27 and 5:46 a.m
Timeline of events 5:27 5:27 a.m 5:27 a.m Are we working a plan? The stock is probably going to be impacted. Focus on getting us back and running Between 5:27 and 5:46 a.m Between 5:27 and 5:46 a.m 5:27-5:46 Looks like a SYN flood from multiple sites It’s a DoS attack, due to a lack of proper firewall The attack is coming from 30 different sites Every time we shoot traffic from an IP, the zombie triggers attack from 2 sites Joanne Ripley Jack Samuelson Call someone senior at Qdata, and tell them we need immediate support Bob Turley Bob Turley Between 5:27 and 5:46 a.m Between 5:27 and 5:46 a.m 5:27-5:46 5:46 5:46 a.m 5:46 a.m Attack is over, it stopped at 5:46 a.m., the website is running, and we can resume business as usual Joanne Ripley Summarize what you think we should do Whatever you recommend will impact our customers I got to figure out what to tell Samuelson Bob Turley . . For a moment everything was quiet Bob Turley

15 VIDEO DoS VIDEO DoS

16 DoS Attack DoS (Denial of Service) is simply rendering a service incapable of responding to requests in a timely manner.

17 SYN Flood Attack

18 Internet Security 5 layers of internet security Your Business
Unfortunately there is no single solution to protect your computer system.  The best solution is to layer levels of protection on top of one another.  This concept is not new.  It is called defense in depth and has been practiced for hundreds if not thousands of years.  An easy way to visualize defense in depth is the way ancient kings employed it.  First, they surrounded themselves with an army.  Next they built a castle to protect the army. Finally, they dug a moat to make attacking the castle more difficult.  None of the layers offered perfect protection, but each one made the others stronger and together they provided the best possible defense.  The layered approach to computer security works the same way.  The critical layers of computer system protection are: Physical Security – Keeping unauthorized people away from your computers and data connections eliminates many opportunities for attack. Internet Firewall – This can be hardware or software that filters incoming internet traffic and automatically prevents many types of attacks.  Hardware firewalls also hide your computer network from the internet so they are usually a far better solution than software firewalls. However, for a stand alone computer, a software firewall can be effective and it cost significantly less than the hardware based alternatives. Operating System – Basic operating system security limits which computers can connect one another, what information can be shared, and who can log on to a computer or network. Antivirus Protection – Filters out harmful viruses and worms before they can do damage. Business Practices – Ensure that users have strong passwords, that computers are monitored for unnatural events and regular back ups take place. Today’s Biggest Threat Worms are the most common threat at the moment.  They typically spread when a worm gets into a computer and then gathers all the addresses on the hard disk.  The worm then secretly starts ing itself to everyone on the list.  Anyone on the list who is not properly protected will then have the worm do the same thing on their computer.  Along the way, the worm usually opens up security holes to allow hackers to enter every computer it infects. The image below shows how the layered approach protects your computer.  This worm is most likely riding in on an infected . Physical security is immediately bypassed. It does not matter how many doors and locks it takes to get to your computer, since the worm surfs in on the wires that connect you to the internet.  The internet firewall is not an obstacle either, because it must let through.  Fortunately, the antivirus software catches the worm before it can reach its target.   Had the worm reached the operating system it would have opened security holes that would then allow a hacker to bypass all levels of security and get to the computer data or use the computer to launch an attack on someone else.  This type of attack has caused more than one unsuspecting person to have the F.B.I. knock on their door.

19 Alternatives Stay with Qdata Outsource to another provider
Develop own IT infrastructure

20 SWOT Analysis Strengths: Weaknesses: Opportunities: Threats:
Leaders in the e-commerce Resourceful pool of employees (talented young people, experienced managers) with reputations of high performance. iPremier targeted at high-end customers and had flexible return policies.  Credit limits on charge cards are rarely an issue. Weaknesses: Problem in internal communication and escalation deficiencies. iPremier does not have detailed transaction logs as it involves a trade off with speed Building all of their systems on poor performance IT services provider. Opportunities: iPremier is one of the few success stories of e-commerce business Given that iPremier established a very strong high-end customer base, it now has the opportunity of extending and tapping into the mid-class consumer Threats: Security issues that can harm the overall performance and success of iPremier Due to the lack of detailed transaction logs, possibility of repeated attack. IT operations outsourced to Qdata, (don’t have required immediate access and control over their data center and network). Qdata was not investing in advanced technology and upgrades.

21 Recommendations Perspectives Management Technical Public relations

22 Recommendations Management
Actions Allocate appropriate resources towards IT security Create a standard protocol assigning roles and responsibilities and escalation of communication in such situations Implementation of a disaster recovery and business continuity plan (alternate website) Use external vulnerability assessment services to periodically check the security level maintained by the IT department. Review management culture orientation of end-result which leads to managers taking shortcuts to expedite delivery of software systems and ignore the controls. Appoint an external audit committee for risk assessment and management

23 Recommendations Technical Actions Implement a robust firewall.
Enable logging and regularly monitor them. Install Network-based intrusion detection software. Train and educate all staff on basic systems security. Encrypt sensitive information on the servers Provide guidelines and information regarding people to contact when issues arise Switch the IT services to IBM or HP.

24 Recommendations Public relations Inform the press and customers about:
Investment in state of the art network security systems. Performing an in-depth analysis and evaluation of the collocation facility and switch if needed Encryption of all customer data on its servers..

25 Lessons Learned Importance of contingency planning
Handling core business operations in a responsible and careful manner (make sure the core business is in the right hands) Importance of support from senior executives Unconditional collaboration in moments of crisis Importance of a good cultural environment (relationships, innovations, entrepreneurship, team collaboration) Define protocols and clear channels of communication Regular evaluation of the IT infrastructure (vulnerability analysis, update protocols)

26 Questions

Download ppt "The iPremier Company Qing Cao Team #4 Dalal Ahmad, Sayed Almohri"

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Chapter 3 E-Strategy.

Chapter 3 E-Strategy.
Chapter 3 Launching a Business on the Internet. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Introduction of E-Business Life Cycle.

Chapter 3 Launching a Business on the Internet. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Introduction of E-Business Life Cycle.
DaZee Hotels (Management & Allied Services)

DaZee Hotels (Management & Allied Services)
Security and Control Soetam Rizky. Why Systems Are Vulnerable ?

Security and Control Soetam Rizky. Why Systems Are Vulnerable ?
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Life Science Services and Solutions

Life Science Services and Solutions
Ron Rhodes Accelerating Growth and Avoiding “Surprises”

Ron Rhodes Accelerating Growth and Avoiding “Surprises”
Chapter 13: Organizational Innovation and Change

Chapter 13: Organizational Innovation and Change
© Prentice Hall 2002 15.1 CHAPTER 15 Managing the IS Function.

© Prentice Hall CHAPTER 15 Managing the IS Function.
iPremier(A) Denial of Service Attack – Case Study Presentation

iPremier(A) Denial of Service Attack – Case Study Presentation
© Pearson Prentice Hall 2009

© Pearson Prentice Hall 2009
Evolve Marketing Partners Credentials Presentation

Evolve Marketing Partners Credentials Presentation
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Grow Your Business through Contact Centre Outsourcing Fanny Vaz Director, Personal Market Unit, CTM.

Grow Your Business through Contact Centre Outsourcing Fanny Vaz Director, Personal Market Unit, CTM.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
The iPremier Company, Inc.

The iPremier Company, Inc.
Chapter 12: Planning for Electronic Commerce

Chapter 12: Planning for Electronic Commerce

Similar presentations

Ads by Google