Presentation on theme: "The iPremier Company Qing Cao Team #4 Dalal Ahmad, Sayed Almohri"— Presentation transcript:
1 The iPremier Company Qing Cao Team #4 Dalal Ahmad, Sayed Almohri Aliza LevinskyAndy RuppAvinash SikenporeISQS 5231-IT for ManagersQing Cao
2 Advantage: flexible return policies. BackgroundBackgroundThe companyiPremier, a Seattle based company, was founded in 1994 by two students from Swathmore College. Web-based commerce, selling luxury, rare, and vintage goods over the Internet.iPremier was one of the few companies to survive the technical stock recession of (B2C Market)Advantage: flexible return policies.
3 Management Background Management at iPremier consisted of young people who had been with the company for some time and a group of experienced managersWell educated technical and business professionals with high performance reputationValues: professionalism, commitment to delivering results, and partnership for achieving profits.The company had a strong orientation to “do whatever it takes” to get projects done on schedule.
4 Hierarchical Structure CharactersNamePositionBob TurleyChief Information OfficerJack SamuelsonCEOJoanne RipleyHead of IT operationsWarren SpanglerVice president of business developmentTim MandelChief Technology OfficerLeon LedbetterOperations assistantPeter StewartLegal consultantHierarchical StructureJack SamuelsonBob TurleyJoanne RipleyLeon LedbetterTim MandelPeter StewartWarren Spangler
5 Stakeholders Stakeholder Role Degree of impact Customers The most important asset for the company.Build up the company’s reputation and develop and drive its business future.HighiPremier Chief OfficersDetermine administrative policy and procedures.Address management issues company culture, outsourcing, management relationships, risk management.Very highiPremier Operation ManagersDevelop alternatives to quickly recover from an attack mitigating the system’s downtime.Implement high standards for security and back up systems to ensure business continuity.Qdata-OutsourcerForms the backbone for the company.Administrative and Technical EmployeesCapability to develop and invest in advanced technology.Administrative and Technical EmployeesResponsible for administering, operating, and maintaining the company’s systems.
6 Architecture Background Qdata Facility iPremier Co. Case Qdata Private NetworkVPN Cust ARouter Cust AEthernet switchTo public InternetDNS ServersVPN Cust BRouter Cust BVPN Cust…Internet RouterRouter Cust…Network ManagementVPN iPremier CompanyiPremier Co. CaseRouterFirewallWeb AcceleratorRouter to HQEthernet SwitchesTIWeb Server ClusterSMTP/POPServerNetwork ManagementDatabase Server
7 Governance and Ownership CommunityAllianceCorporationIpremierMarket Hierarchy PartnershipGovernanceSince it consisted of a legally defined organization with different departments like legal, marketing, IT etc, we categorize it as a CORPORATION. A formal contract is not formed in a B2C relationship which places iPremier in the MARKET section of the matrix as it provides goods, processes payments and maintains customer profiles.
8 Product / Market positioning BroadNarrowIpremierLow Cost Value-AddedProduct positioningSince it currently serves a niche market(mostly affluent) we categorized it as NARROW , but with it’s plans for growth it is moving up to reach BROAD . Since it sells luxury-rare items we recognize it as VALUE ADDED.
9 Impact on business operations IT ImpactImpact on business operationsHighlowIpremierLow HighImpact on strategyAt the early beginnings of the company it’s IT placed it in a HIGH strategic impact position . Later on when competitors entered the market the IT strategic impact became LOW . Since it’s an online business IT impact on operations is HIGH.
10 Coupling-Interaction TightLooseIpremierLinear ComplexInteractionsSince all the operations of an e-commerce are mostly online iPremier is reasonably COMPLEX. It is also reasonably tight COUPLING because its operations are interdependent
11 TimelineTimelineFounded by two students at Swarthmore CollegeInitial public offeringStocks fell in the NASDAQ crash but then stabilizediPremier had $32 million in sales and $2.1 million in profitsJanuary 12th DoS attack19961998200020062007
12 Before 4:31 a.m Before 4:31 a.m 4:31 a.m 4:31 a.m 4:39 a.m 4:39 a.m Timeline of eventsBefore 4:31Before 4:31 a.mBefore 4:31 a.m4:31 a.m4:31 a.mCall Turley!!!We have a problem with the website4:31Web Site is locked up!!Customers can’t access itSomeone might have hacked usLeon LedbetterJoanne RipleyLeon LedbetterBob Turley4:394:39 a.m4:39 a.mBetween 4:39 and 5:27 a.m4:39 -5:27Between 4:39 and 5:27 a.mHow long until we are back and running?Did someone hack us?Is it a DoS attack?Should we pull the plug?Is credit card information being stolen?Do we have emergency procedures?Bob Turley.I think it is deliberateMost of our customer are asleepI’ll restart the serverI’ll call you backWe have a binder. I can’t findJoanneRipleyJoanne is in the way to Qdata
13 Between 4:39 and 5:27 a.m Between 4:39 and 5:27 a.m Timeline of events4:39-5:27Between 4:39 and 5:27 a.mBetween 4:39 and 5:27 a.mBetween 4:39 and 5:27 a.mBetween 4:39 and 5:27 a.mLeon said something about suspicions mail, should I call FBI?4:39- 5:27We have a problem…..Should we pull the plug?No, we need to preserve evidence… but detailed logging is not enabledWarrenSpanglerBob TurleyWe don’t want the press involvedBob TurleyTim Mandel4:39-5:27Between 4:39 and 5:27 a.mBetween 4:39 and 5:27 a.m4:39-5:27Between 4:39 and 5:27 a.mBetween 4:39 and 5:27 a.mI’m in Qdata, there is no one that knows about the network, the only one went in vacation to Aruba. Do you have an escalation contact?Pull the plug, credit cards can be stolen. This is my legal perspectivePeter Stewart. .Thanks so much for your thoughtsJoanne RipleyBob TurleyBob Turley
14 5:27 a.m 5:27 a.m Between 5:27 and 5:46 a.m Between 5:27 and 5:46 a.m Timeline of events5:275:27 a.m5:27 a.mAre we working a plan?The stock is probably going to be impacted.Focus on getting us back and runningBetween 5:27 and 5:46 a.mBetween 5:27 and 5:46 a.m5:27-5:46Looks like a SYN flood from multiple sitesIt’s a DoS attack, due to a lack of proper firewallThe attack is coming from 30 different sitesEvery time we shoot traffic from an IP, the zombie triggers attack from 2 sitesJoanneRipleyJackSamuelsonCall someone senior at Qdata, and tell them we need immediate supportBob TurleyBob TurleyBetween 5:27 and 5:46 a.mBetween 5:27 and 5:46 a.m5:27-5:465:465:46 a.m5:46 a.mAttack is over, it stopped at 5:46 a.m., the website is running, and we can resume business as usualJoanneRipleySummarize what you think we should doWhatever you recommend will impact our customersI got to figure out what to tell SamuelsonBob Turley. .For a moment everything was quietBob Turley
18 Internet Security 5 layers of internet security Your Business Unfortunately there is no single solution to protect your computer system. The best solution is to layer levels of protection on top of one another. This concept is not new. It is called defense in depth and has been practiced for hundreds if not thousands of years. An easy way to visualize defense in depth is the way ancient kings employed it. First, they surrounded themselves with an army. Next they built a castle to protect the army. Finally, they dug a moat to make attacking the castle more difficult. None of the layers offered perfect protection, but each one made the others stronger and together they provided the best possible defense. The layered approach to computer security works the same way. The critical layers of computer system protection are:Physical Security – Keeping unauthorized people away from your computers and data connections eliminates many opportunities for attack.Internet Firewall – This can be hardware or software that filters incoming internet traffic and automatically prevents many types of attacks. Hardware firewalls also hide your computer network from the internet so they are usually a far better solution than software firewalls. However, for a stand alone computer, a software firewall can be effective and it cost significantly less than the hardware based alternatives.Operating System – Basic operating system security limits which computers can connect one another, what information can be shared, and who can log on to a computer or network.Antivirus Protection – Filters out harmful viruses and worms before they can do damage.Business Practices – Ensure that users have strong passwords, that computers are monitored for unnatural events and regular back ups take place.Today’s Biggest ThreatWorms are the most common threat at the moment. They typically spread when a worm gets into a computer and then gathers all the addresses on the hard disk. The worm then secretly starts ing itself to everyone on the list. Anyone on the list who is not properly protected will then have the worm do the same thing on their computer. Along the way, the worm usually opens up security holes to allow hackers to enter every computer it infects.The image below shows how the layered approach protects your computer. This worm is most likely riding in on an infected . Physical security is immediately bypassed. It does not matter how many doors and locks it takes to get to your computer, since the worm surfs in on the wires that connect you to the internet. The internet firewall is not an obstacle either, because it must let through. Fortunately, the antivirus software catches the worm before it can reach its target. Had the worm reached the operating system it would have opened security holes that would then allow a hacker to bypass all levels of security and get to the computer data or use the computer to launch an attack on someone else. This type of attack has caused more than one unsuspecting person to have the F.B.I. knock on their door.
19 Alternatives Stay with Qdata Outsource to another provider Develop own IT infrastructure
20 SWOT Analysis Strengths: Weaknesses: Opportunities: Threats: Leaders in the e-commerceResourceful pool of employees (talented young people, experienced managers) with reputations of high performance.iPremier targeted at high-end customers and had flexible return policies. Credit limits on charge cards are rarely an issue.Weaknesses:Problem in internal communication and escalation deficiencies.iPremier does not have detailed transaction logs as it involves a trade off with speedBuilding all of their systems on poor performance IT services provider.Opportunities:iPremier is one of the few success stories of e-commerce businessGiven that iPremier established a very strong high-end customer base, it now has the opportunity of extending and tapping into the mid-class consumerThreats:Security issues that can harm the overall performance and success of iPremierDue to the lack of detailed transaction logs, possibility of repeated attack.IT operations outsourced to Qdata, (don’t have required immediate access and control over their data center and network).Qdata was not investing in advanced technology and upgrades.
22 Recommendations Management ActionsAllocate appropriate resources towards IT securityCreate a standard protocol assigning roles and responsibilities and escalation of communication in such situationsImplementation of a disaster recovery and business continuity plan (alternate website)Use external vulnerability assessment services to periodically check the security level maintained by the IT department.Review management culture orientation of end-result which leads to managers taking shortcuts to expedite delivery of software systems and ignore the controls.Appoint an external audit committee for risk assessment and management
23 Recommendations Technical Actions Implement a robust firewall. Enable logging and regularly monitor them.Install Network-based intrusion detection software.Train and educate all staff on basic systems security.Encrypt sensitive information on the serversProvide guidelines and information regarding people to contact when issues ariseSwitch the IT services to IBM or HP.
24 Recommendations Public relations Inform the press and customers about: Investment in state of the art network security systems.Performing an in-depth analysis and evaluation of the collocation facility and switch if neededEncryption of all customer data on its servers..
25 Lessons Learned Importance of contingency planning Handling core business operations in a responsible and careful manner (make sure the core business is in the right hands)Importance of support from senior executivesUnconditional collaboration in moments of crisisImportance of a good cultural environment (relationships, innovations, entrepreneurship, team collaboration)Define protocols and clear channels of communicationRegular evaluation of the IT infrastructure (vulnerability analysis, update protocols)