iPremier Company GSB 522 Information Security The iPremier Company, Inc.
iPremier Company • What is it like to be awakened the way Bob Turley is in the case? What are his impressions and experiences during the first few minutes after the telphone rings? • What advice might you give for dealing with crisis situations like this one? What principles or recommendations might we follow during a crisis to avoid some of the problems inherent in such situations?
iPremier Company 3. What are Bob Turley’s and iPremier’s priorities? 4. How did iPremier perform during the crisis? What might you have done differently during the crisis? How might they have been better prepared?
iPremier Company 5. What information about these events should iPremier share with its customer and the public?
iPremier Company Case B A few hours after the attack, iPremier disclosed publicly that it had been the victim of a distributed denial of service attack (DDoS) Spokesperson emphasized that the event lasted only 75 minutes and only a few customers had been inconvenienced The company instituted new security measures but was not able to determine whether the firewall had been penetrated. Joanne Ripley recommended what some regarded as an extreme recommendation: disconnect all production computers from the Internet and rebuild the software systems from scratch. Shut down business for 24 to 36 hours to complete the comprehensive rebuild.
iPremier Company Case C The senior management of iPremier decided not to shut down the business for a rebuild of all production platforms. Two weeks later the FBI called Turley to inform him that MarketTop, iPremier’s biggest competitor, had been experiencing a DoS attack – the source of the attack was inside iPremier’s production computing installation. A file that had spawned some of the processes resided on a database server. What did this prove? (Speculation that the DoS attack against iPremier might have been a misdirection tactic to divert attention from hacking). Senior Team faced 3 issues: • Whether to implement Ripley’s rebuild recommendation. • How to handle the situation between iPremier and competitor MarketTop. • The DB server that had been compromised contained credit card numbers.