The iPremier Company

advertisement
The iPremier
Company
Team #4
Dalal Ahmad,
Sayed Almohri
Aliza Levinsky
Andy Rupp
Avinash Sikenpore
ISQS 5231-IT for Managers
Qing Cao
The company
iPremier, a
iPremier was
Web-based
Seattle based
one of the few
commerce,
company, was
companies to
selling luxury,
founded in
survive the
rare, and
1994 by two
technical
vintage goods
students from
stock recession
over the
Swathmore
of 2000. (B2C
Internet.
College.
Market)
Advantage:
flexible return
policies.
Management
Management
at iPremier
consisted of
young people
who had been
with the
company for
some time and
a group of
experienced
managers
Well educated
technical and
business
professionals
with high
performance
reputation
Values:
The company
professionalism,
had a strong
commitment to
orientation to
delivering
“do whatever it
results, and
takes” to get
partnership for
projects done
achieving
on schedule.
profits.
Name
Bob Turley
Position
Chief Information
Officer
Jack Samuelson CEO
Joanne Ripley
Head of IT operations
Vice president of
Warren Spangler business
development
Chief Technology
Tim Mandel
Officer
Leon Ledbetter
Operations assistant
Peter Stewart
Legal consultant
Jack
Samuelson
Warren
Spangler
Bob Turley
Joanne
Ripley
Leon
Ledbetter
Tim
Mandel
Peter
Stewart
Stakeholder
Customers
iPremier Chief Officers
iPremier Operation
Managers
Qdata-Outsourcer
Administrative and
Technical Employees
Role

The most important asset for the company.

Build up the company’s reputation and develop and drive its
business future.

Determine administrative policy and procedures.

Address management issues company culture, outsourcing,
management relationships, risk management.

Develop alternatives to quickly recover from an attack
mitigating the system’s downtime.

Implement high standards for security and back up systems to
ensure business continuity.

Forms the backbone for the company.

Administrative and Technical Employees

Capability to develop and invest in advanced technology.

Responsible for administering, operating, and maintaining the
company’s systems.
Degree of impact
High
Very high
Very high
High
High
Architecture
Qdata Facility
Qdata Private Network
VPN Cust A
Router Cust A
Ethernet switch
DNS Servers
VPN Cust B
Router Cust B
VPN Cust…
Router Cust…
Internet
Router
Network Management
VPN iPremier
Company
iPremier Co. Case
Firewall
Router
Web Accelerator
Router to HQ
Ethernet Switches
Web Server Cluster
SMTP/POP
Server
Network
Management
Database Server
Ownership
Community
Alliance
Corporation
Market
Hierarchy
Partnership
Governance
Since it consisted of a legally defined organization with different departments
like legal, marketing, IT etc, we categorize it as a CORPORATION. A formal
contract is not formed in a B2C relationship which places iPremier in the
MARKET section of the matrix as it provides goods, processes payments and
maintains customer profiles.
Market positioning
Broad
Narrow
Low Cost
Value-Added
Product positioning
Since it currently serves a niche market(mostly affluent) we categorized it as
NARROW , but with it’s plans for growth it is moving up to reach BROAD . Since
it sells luxury-rare items we recognize it as VALUE ADDED.
Impact on business operations
High
low
Low
High
Impact on strategy
At the early beginnings of the company it’s IT placed it in a HIGH
strategic impact position . Later on when competitors entered the
market the IT strategic impact became LOW . Since it’s an online
business IT impact on operations is HIGH.
Coupling
Tight
Loose
Linear
Complex
Interactions
Since all the operations of an e-commerce are mostly online iPremier
is reasonably COMPLEX. It is also reasonably tight COUPLING
because its operations are interdependent
Founded by
two students
at
Swarthmore
College
Initial public
offering
Stocks fell in
the NASDAQ
crash but then
stabilized
iPremier had
$32 million in
sales and $2.1
million in
profits
January 12th
DoS attack
Call
Turley!!!
We have a
problem
with the
website
Leon Ledbetter
Joanne Ripley
Leon Ledbetter
Bob Turley
Web Site is locked
up!!
Customers can’t
access it
Someone might
have hacked us
Bob Turley
• How long until we are back and
running?
• Did someone hack us?
• Is it a DoS attack?
• Should we pull the plug?
• Is credit card information being
stolen?
• Do we have emergency
procedures?
.
•
•
•
•
•
I think it is deliberate
Most of our customer are asleep
I’ll restart the server
I’ll call you back
We have a binder. I can’t find
Joanne
Ripley
Joanne is in the way to Qdata
Leon said
something about
suspicions mail,
should I call FBI?
Warren
Spangler
We have a
problem…..Should we pull
the plug?
Bob Turley
We don’t want
the press
involved
No, we need
to preserve
evidence…
but detailed
logging is not
enabled
Bob Turley
I’m in Qdata, there is no
one that knows about the
network, the only one
went in vacation to Aruba.
Do you have an
escalation contact?
Pull the plug,
credit cards can
be stolen. This is
my legal
perspective
Peter Stewart
.
Tim Mandel
.
Joanne Ripley
Thanks so much for your thoughts
Bob Turley
Bob Turley
• Are we working a
plan?
• The stock is
probably going to
be impacted.
• Focus on getting us
back and running
Jack
Samuelson
Call someone
senior at Qdata,
and tell them we
need immediate
support
Joanne
Ripley
• Looks like a SYN flood from
multiple sites
• It’s a DoS attack, due to a
lack of proper firewall
• The attack is coming from 30
different sites
• Every time we shoot traffic
from an IP, the zombie
triggers attack from 2 sites
Bob Turley
Bob Turley
Attack is over, it stopped at
5:46 a.m., the website is
running, and we can resume
business as usual
Joanne
Ripley
Bob Turley
.
.
For a moment everything was quiet
• Summarize what you
think we should do
• Whatever you
recommend will
impact our customers
• I got to figure out what
to tell Samuelson
Bob Turley
VIDEO DoS
DoS (Denial of Service) is simply rendering a service incapable
of responding to requests in a timely manner.
Stay with
Qdata
Outsource
to another
provider
Develop own
IT
infrastructure
Strengths:
Weaknesses:
•Leaders in the e-commerce
•Resourceful pool of employees (talented young
people, experienced managers) with
reputations of high performance.
•iPremier targeted at high-end customers and
had flexible return policies.
•Credit limits on charge cards are rarely an issue.
•Problem in internal communication and
escalation deficiencies.
•iPremier does not have detailed transaction
logs as it involves a trade off with speed
•Building all of their systems on poor
performance IT services provider.
Opportunities:
Threats:
•iPremier is one of the few success stories of ecommerce business
•Given that iPremier established a very strong
high-end customer base, it now has the
opportunity of extending and tapping into the
mid-class consumer
•Security issues that can harm the overall
performance and success of iPremier
•Due to the lack of detailed transaction logs,
possibility of repeated attack.
•IT operations outsourced to Qdata, (don’t have
required immediate access and control over
their data center and network).
•Qdata was not investing in advanced
technology and upgrades.
Technical
Public
relations
Management
Perspectives
Management
Actions
• Allocate appropriate resources towards IT security
• Create a standard protocol assigning roles and
responsibilities and escalation of communication in
such situations
• Implementation of a disaster recovery and business
continuity plan (alternate website)
• Use external vulnerability assessment services to
periodically check the security level maintained by the
IT department.
• Review management culture orientation of end-result
which leads to managers taking shortcuts to expedite
delivery of software systems and ignore the controls.
• Appoint an external audit committee for risk assessment
and management
Technical
Actions
• Implement a robust firewall.
• Enable logging and regularly monitor them.
• Install Network-based intrusion detection
software.
• Train and educate all staff on basic systems
security.
• Encrypt sensitive information on the servers
• Provide guidelines and information regarding
people to contact when issues arise
• Switch the IT services to IBM or HP.
Public
relations
Inform the press and customers about:
• Investment in state of the art network
security systems.
• Performing an in-depth analysis and
evaluation of the collocation facility and
switch if needed
• Encryption of all customer data on its
servers..
Importance of contingency planning
Handling core business operations in a responsible and careful manner
(make sure the core business is in the right hands)
Importance of support from senior executives
Unconditional collaboration in moments of crisis
Importance of a good cultural environment (relationships, innovations,
entrepreneurship, team collaboration)
Define protocols and clear channels of communication
Regular evaluation of the IT infrastructure (vulnerability analysis, update
protocols)
Download