Slide 1

The iPremier Company Team #4 Dalal Ahmad, Sayed Almohri Aliza Levinsky Andy Rupp Avinash Sikenpore ISQS 5231-IT for Managers Qing Cao Slide 2 The company iPremier, a Seattle based company, was founded in 1994 by two students from Swathmore College. Web-based commerce, selling luxury, rare, and vintage goods over the Internet. iPremier was one of the few companies to survive the technical stock recession of 2000. (B2C Market) Advantage: flexible return policies. Slide 3 Management Management at iPremier consisted of young people who had been with the company for some time and a group of experienced managers Well educated technical and business professionals with high performance reputation Values: professionalism, commitment to delivering results, and partnership for achieving profits. The company had a strong orientation to do whatever it takes to get projects done on schedule. Slide 4 NamePosition Bob Turley Chief Information Officer Jack Samuelson CEO Joanne Ripley Head of IT operations Warren Spangler Vice president of business development Tim Mandel Chief Technology Officer Leon Ledbetter Operations assistant Peter Stewart Legal consultant Jack Samuelson Bob Turley Joanne Ripley Leon Ledbetter Tim Mandel Peter Stewart Warren Spangler Slide 5 StakeholderRole Degree of impact Customers The most important asset for the company. Build up the companys reputation and develop and drive its business future. High iPremier Chief Officers Determine administrative policy and procedures. Address management issues company culture, outsourcing, management relationships, risk management. Very high iPremier Operation Managers Develop alternatives to quickly recover from an attack mitigating the systems downtime. Implement high standards for security and back up systems to ensure business continuity. Very high Qdata-Outsourcer Forms the backbone for the company. Administrative and Technical Employees Capability to develop and invest in advanced technology. High Administrative and Technical Employees Responsible for administering, operating, and maintaining the companys systems. High Slide 6 Architecture Router Cust Router Cust B Router Cust A Qdata Private Network VPN Cust A VPN Cust B VPN Cust VPN iPremier Company Internet Router To public Internet Qdata Facility iPremier Co. Case Ethernet switch DNS Servers Network Management Web Server Cluster Web Accelerator Router to HQ TI Ethernet Switches Router Firewall Network Management Database Server SMTP/POP Server Slide 7 Ownership Governance Community Alliance Corporation Market Hierarchy Partnership Since it consisted of a legally defined organization with different departments like legal, marketing, IT etc, we categorize it as a CORPORATION. A formal contract is not formed in a B2C relationship which places iPremier in the MARKET section of the matrix as it provides goods, processes payments and maintains customer profiles. Slide 8 Product positioning Market positioning Broad Narrow Low Cost Value-Added Since it currently serves a niche market(mostly affluent) we categorized it as NARROW, but with its plans for growth it is moving up to reach BROAD. Since it sells luxury-rare items we recognize it as VALUE ADDED. Slide 9 At the early beginnings of the company its IT placed it in a HIGH strategic impact position. Later on when competitors entered the market the IT strategic impact became LOW. Since its an online business IT impact on operations is HIGH. Impact on strategy Impact on business operations High low Low High Slide 10 Since all the operations of an e-commerce are mostly online iPremier is reasonably COMPLEX. It is also reasonably tight COUPLING because its operations are interdependent Interactions Coupling Tight Loose Linear Complex Slide 11 Founded by two students at Swarthmore College Initial public offering Stocks fell in the NASDAQ crash but then stabilized iPremier had $32 million in sales and $2.1 million in profits January 12 th DoS attack Slide 12 I think it is deliberate Most of our customer are asleep Ill restart the server Ill call you back We have a binder. I cant find I think it is deliberate Most of our customer are asleep Ill restart the server Ill call you back We have a binder. I cant find How long until we are back and running? Did someone hack us? Is it a DoS attack? Should we pull the plug? Is credit card information being stolen? Do we have emergency procedures? Web Site is locked up!! Customers cant access it Someone might have hacked us Leon Ledbetter Bob Turley. Leon Ledbetter Joanne Ripley Call Turley!!! We have a problem with the website Joanne Ripley Bob Turley Joanne is in the way to Qdata Slide 13 Pull the plug, credit cards can be stolen. This is my legal perspective Bob Turley.... Warren Spangler Bob Turley We dont want the press involved Leon said something about suspicions mail, should I call FBI? Tim Mandel We have a problem..Should we pull the plug? No, we need to preserve evidence but detailed logging is not enabled Thanks so much for your thoughts Bob Turley Joanne Ripley Im in Qdata, there is no one that knows about the network, the only one went in vacation to Aruba. Do you have an escalation contact? Peter Stewart Slide 14 Bob Turley.... Jack Samuelson Bob Turley Call someone senior at Qdata, and tell them we need immediate support Are we working a plan? The stock is probably going to be impacted. Focus on getting us back and running For a moment everything was quiet Joanne Ripley Looks like a SYN flood from multiple sites Its a DoS attack, due to a lack of proper firewall The attack is coming from 30 different sites Every time we shoot traffic from an IP, the zombie triggers attack from 2 sites Bob Turley Joanne Ripley Attack is over, it stopped at 5:46 a.m., the website is running, and we can resume business as usual Summarize what you think we should do Whatever you recommend will impact our customers I got to figure out what to tell Samuelson Slide 15 VIDEO DoS Slide 16 DoS (Denial of Service) is simply rendering a service incapable of responding to requests in a timely manner. Slide 17 Slide 18 Slide 19 Outsource to another provider Stay with Qdata Develop own IT infrastructure Slide 20 Strengths: Leaders in the e-commerce Resourceful pool of employees (talented young people, experienced managers) with reputations of high performance. iPremier targeted at high-end customers and had flexible return policies. Credit limits on charge cards are rarely an issue. Weaknesses: Problem in internal communication and escalation deficiencies. iPremier does not have detailed transaction logs as it involves a trade off with speed Building all of their systems on poor performance IT services provider. Opportunities: iPremier is one of the few success stories of e- commerce business Given that iPremier established a very strong high-end customer base, it now has the opportunity of extending and tapping into the mid-class consumer Threats: Security issues that can harm the overall performance and success of iPremier Due to the lack of detailed transaction logs, possibility of repeated attack. IT operations outsourced to Qdata, (dont have required immediate access and control over their data center and network). Qdata was not investing in advanced technology and upgrades. Slide 21 Perspectives ManagementTechnical Public relations Slide 22 Actions Allocate appropriate resources towards IT security Create a standard protocol assigning roles and responsibilities and escalation of communication in such situations Implementation of a disaster recovery and business continuity plan (alternate website) Use external vulnerability assessment services to periodically check the security level maintained by the IT department. Review management culture orientation of end-result which leads to managers taking shortcuts to expedite delivery of software systems and ignore the controls. Appoint an external audit committee for risk assessment and management Management Slide 23 Actions Implement a robust firewall. Enable logging and regularly monitor them. Install Network-based intrusion detection software. Train and educate all staff on basic systems security. Encrypt sensitive information on the servers Provide guidelines and information regarding people to contact when issues arise Switch the IT services to IBM or HP. Technical Slide 24 Inform the press and customers about: Investment in state of the art network security systems. Performing an in-depth analysis and evaluation of the collocation facility and switch if needed Encryption of all customer data on its servers.. Public relations Slide 25 Importance of contingency planning Handling core business operations in a responsible and careful manner (make sure the core business is in the right hands) Importance of support from senior executives Unconditional collaboration in moments of crisis Importance of a good cultural environment (relationships, innovations, entrepreneurship, team collaboration) Define protocols and clear channels of communication Regular evaluation of the IT infrastructure (vulnerability analysis, update protocols) Slide 26