Scribd Logo
Upload

Welcome to Scribd!

  • IPremier Case PowerPoint Final

    Uploaded by

    Enrica Melissa Panjaitan
    486 views19 pages
    repost

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    repost

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    486 views19 pages

    IPremier Case PowerPoint Final

    Uploaded by

    Enrica Melissa Panjaitan
    repost

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 19

    IPREMIER(A) DENIAL OF SERVICE

    ATTACK CASE STUDY


    PRESENTATION
    Based on: Austin, R.D. and Short, J.C. (2009) iPremier (A): Denial of Service
    Attack (Graphic Novel Version), Harvard School of Business, 9-609-092

    XIAOYUE JIU, DAVID LANTER, SEONARDO SERRANO, ABEY JOHN,


    BRITT BOUKNIGHT, CAITLYN CARNEY

    IPREMIER BACKGROUND
    iPremier- high-end online sales company (mostly credit card
    transactions)

    October 2008- Bob Turley hired as new Chief Information Officer


    January 2009- Denial of service attack occurs

    IPREMIER ORGANIZATION CHART


    Jack
    Samuels
    on (CEO)

    Bob
    Turley(CI
    O)

    Joanne
    Ripley

    Leon
    Ledbette
    r

    Tim
    Mandel

    Warren
    Spangler

    Peter
    Stewart

    HOW WELL DID IPREMIER


    PERFORM?

    WHAT THEY DID WRONG


    Because of poor preparation iPremier could only react
    There was no chain of command
    There was no communication plan and no attempt to pool
    knowledge

    The emergency response plan was outdated and useless


    No one escalated the issue with Qdata until it was too late
    Analysis paralysis

    WHAT WOULD YOU HAVE DONE?

    WHAT THEY SHOULD HAVE DONE


    Take control of communications
    Create a conference call with all of the key decision makers to
    select a course of action ( this includes legal counsel)

    Disconnect from the Network/ Contact ISP/Shut the down system


    Escalate to a Qdata manager
    Analyze the attack in a more detailed manner
    Take action!

    WERE THE COMPANYS OPERATING


    PROCEDURE DEFICIENT IN RESPONDING
    TO THIS ATTACK?
    THE IPREMIER COMPANY CEO, JACK SAMUELSON, HAD ALREADY EXPRESSED TO BOB
    TURLEY HIS CONCERN THAT THE COMPANY MIGHT EVENTUALLY SUFFER FROM A
    DEFICIT IN OPERATING PROCEDURES.

    IPREMIERS CURRENT OPERATING


    PROCEDURES

    Follow emergency procedure


    Although an emergency procedure plan existed it was outdated
    and the plan was not tested recently.
    Contact data center for real-time monitoring, physical access,
    and procedures for remediation
    Although contact was made, physical access to ops center was
    initially denied. Qdatas network monitoring staff were
    incompetent and their key staff was on vacation.
    Identify status of critical assets
    Unsure about the status of customer and credit card information
    data.

    IPREMIERS CURRENT OPERATING


    PROCEDURES

    Contact key IT personnel and the processes they should follow

    Although key IT personnel were contacted it was not followed


    through a reporting structure and senior management were
    contacted without having enough understanding of the situation
    Identify and prioritize critical services
    Understand the nature of the attack

    Unsure if it was a DDoS or a hack / intrusion or both


    Summarize events
    Provide summary about current status and next steps.

    WHAT ADDITIONAL PROCEDURES MIGHT


    HAVE BEEN IN PLACE TO BETTER HANDLE
    THE ATTACK?
    IPREMIER HAD THE BAREBONES OF AN OPERATING PROCEDURE THAT WAS NOT
    ENFORCED NOR FOLLOWED.

    ADDITIONAL PROCEDURES
    Conference call bridge with key IT personnel, iPremier
    executives, and key Qdata personnel

    Contact ISP for additional help


    Document everything, all actions taken with details
    Establish contact with law enforcement agencies
    Check configurations and logs on systems for unusual activities.
    Set up and configure a temporarily unavailable page in case
    the attack continues for a longer period of time

    NOW THAT THE ATTACK HAS ENDED,


    WHAT CAN THE IPREMIER COMPANY DO
    TO PREPARE FOR ANOTHER SUCH
    ATTACK?

    HOW TO PREPARE FOR THE FUTURE

    Develop and maintain Business Continuity & Incident Response Plan


    Establish when the plan should be put into action
    Develop clear reporting lines
    Know your infrastructure
    Know how to work with your infrastructure
    Know how to get back to Normal

    Training and Awareness

    Testing

    Revisions

    Get reputable hosting service

    IN THE AFTERMATH OF THE ATTACK, WHAT WOULD


    YOU BE WORRIED ABOUT?

    WHAT ACTIONS WOULD YOU


    RECOMMEND?

    KEY AREAS OF CONCERN


    Scope of the Attack:
    What data was compromised? (credit card information, customer information, email

    system)
    Was intrusion malware was installed onto systems?
    Was the attack a diversion attempt to mask criminal activity (i.e. fraud)?
    Will another attack occur in the near future?

    Business Impact:
    Public Disclosure Issues

    SEC guidelines for cyber-security risks and events (2011)

    Public Relations Issues

    Brand
    Reputation
    Shareholder Confidence

    Potential Litigation

    Breach of contract
    Violation of SLAs

    Direct Revenue Loss

    IMMEDIATE RECOMMENDED ACTIONS


    Assemble an incident response team
    Conduct forensic analysis of attack
    Document incident details and lessons learned
    Adjust plans and defenses (address inadequate firewall)
    Hire independent auditor to identify vulnerabilities of current
    systems and processes

    Communicate with appropriate parties (legal, shareholders,


    customers, vendor, general public & media, regulatory
    agencies)

    CONCLUSIONS
    NO IT GOVERNANCE RESULTED IN
    Evidence indicating no IS policies, enforcement,
    support nor protection:
    IT infrastructure outsourced to Qdata, paying for 24/7

    support getting no 24/7 support on January 12, 2009


    IT staff expressed poor impression of quality of Qdata
    service to Bob on October 16, 2008, yet the firm remained
    outsourced 3 months later
    IT staff indicate senior management of firm not interested
    in spending on improving IT infrastructure
    IT staff using company resources for online gaming

    19

    You might also like