Company Analysis - Ipremier Case Study - Term Paper Example

? Company Analysis- Ipremier Case Study How well did the Ipremier company perform during the seventy-five minuteattack? If you were Bob Turley, what might you have done differently during the attack? Ipremier did not perform any better concerning the attack, if the hacker had any ill intentions with the company they would have enacted it and gone in time (Austine, Leibrock, & Murray, 2007). It is very clear that the company was not prepared for the attack by the hackers in terms of their infrastructure, employees and their operational procedures proved to be too weak. Turley is in a hotel room during the attack, it takes him time to coordinate a team to handle the crisis. The worst is that the team or the employees of the institution do not have proper knowledge of the technical operations of the system or the website hence they have to move all the way to the provider who cannot be reached over the phone at the time. The customers are at stake since their credit cards are in the verge of being stolen at any moment then. Taking into account the short period presented to Bob to handle the crisis as the CIO, we have to commend him for the enormous tasks he had to perform. It is also important to note that one of the obstacles is that the scenario was complicated. The case shows vividly that all the communication line got broken down during the attack prompting stress and panic among all the junior employees (Pendlebury & Groves, 2004). There is no clear division of duties to enhance the operations of the firm effectively and efficiently. Duties and responsibilities have to be assigned during the attack and this is further fueled by the existence of the outdated emergency procedures. We are informed from the case that, Bob during his tenure was to install or renew the system which they had no done up to this far and therefore had to move with speed most so after the occurrence of such vices. Another major problem was with Qdata the computer service provider. The firewall and the infrastructure of the services provided by them were not satisfactory and did not help in blocking or mitigating the attack. Qdata employees did not show enough expertise and experience in dealing with similar situations. The firewall was not able to prevent the attack given the low level of technology that Qdata was still embracing (Axelrod, 2004). Above all, Qdata employees were not willing to help iPremier’s representatives to access the NOC. In addition, this predicted the miscommunication between Ipremier and Qdata was clear in the case given that an employee had to run all the way to the service provider (Fink, 2006). If I were Turley, amidst the crisis I would have engaged several risk management strategies rushing to protect the data systems using my It knowledge before remaining helpless. Secondly, I would have brought in an expert who was readily accessible to help in blocking any form of transactions from the site at least until normalcy returned before I informed the CEO of the technicalities just for a point of information. An urgent meeting of all the employees would then be called immediately to ponder on the way forward from the integration of the views of all the parties (Austine, Leibrock, & Murray, 2007). 2. The Ipremier Company CEO, Jack Samuelson, had already expressed to Bob Turley his concern that the company might eventually suffer from a "deficit in operating procedures." Were the company's operating procedures deficient in responding to this attack? What additional procedures might have been in place to better handle the attack? As earlier pointed out by the CEO of Ipremier, Jack Samuelson of the existence of the operation procedures, actually, there exist several of the deficiencies in terms of the response given to this attack. The deficiencies are in form of the risk response and recovery systems concerning the business that the business is engaged and how they are running the business. First, the firewall of the system does not have a backup system given the low memory that it operates on hence, the employees are not able to run it in case of an emergency. The organization is also at crossroads as there is no clear chain or order in which duties and roles are executed (Fink, 2006). Any employees can pass a communication to the other irrespective of their position, we have witnessed a case where the CEO is called in the middle of the night is as much as he doesn’t have any technical operations knowledge of the system. This shows that there is no order in the communication systems of the organization hence no clear chain of command. This causes a lot of confusion since Turley as the CIO is not able to focus on their roles but instead bothers him of what they would tell their boss who has a lot of expectations about him and his expertise. By the inclusion of other parties like the lawyers and the PR officers, this job would as well have been done by the IT department alone. Qdata as the computing provider of Ipremier provides below par services, services that the operations of Ipremier are already so much above (Austine, Leibrock, & Murray, 2007). This is despite the fact that they are specifically chosen to provide IT solutions to the company. They were not able to communicate in time to arrest the situation hence Ripley had to physically go to the company premises of which still they could not be allowed to see the NOC director. To prepare the company for any future acts of crisis such as this or any other, there are varieties of things, which must be corrected in Ipremier. The relevant employees should focus on the role and performance of their departments; this would only be achieved if a clear organizational structure were established hence dealing with emergencies would be made easier (Pendlebury & Groves, 2004). Therefore, a complete overhaul of the existing procedure needs to be done and adopt completely new procedures such as- a chain of command procedure has to be developed in the company, the company should also always be aware of any risk occurring that would threaten the systems of the company through constant reviews of the system. Ipremier must engage into contracts with computing solution providers who are reliable hence ability to communicate at any time if need be. Not ones like Qdata who cannot be reached through modern forms of communications when the needs arise. A public relations procedure have to be devised to be helping in the salvation of the company image if need arise. Lastly, adequate legal procedures must be put in place to handle any legal dispute in the case where there are scrambling parties (Axelrod, 2004). 3. Now that the attack has ended, what can the Ipremier Company do to prepare for another such attack? After the attack immediately, Ipremier must call for an urgent meeting to commence operations by appreciating all the efforts made by a party irrespective of the rank in the organization. The causes of the just concluded attack must be located and value the damages it has caused the firm and individuals (Pendlebury & Groves, 2004). Measures to mitigate the happening of the same kind of incident have to be discussed in this forum and suggest a procedure for preparation of such lethal attacks in the future. For a fruitful future operation of Ipremier, the following must be done- Ipremier should move to a better hosting facility with a completely new firm. On the other hand, if they wanted to keep their long-term relationship with Qdata in terms of the IT service provisions, they have to negotiate with them the necessity of them investing in advanced technology to include more sophisticated firewalls, cryptograph to protect sensitive data like the clients credit cards, which are the main business of the Ipremier (Axelrod, 2004). They also should have qualified staff available at all time to fix any problem to avoid the situation where a panic has to engulf when a crisis occurs. It is also necessary for Ipremier to purchase enough disk space to enable detail logging to better document evidence of any future attack. Ipremier needs to concentrate on its employees and provide the necessary training and retraining for them to be effective team members and able to work together under pressure to achieve results and outputs for the organization. During the 75 minutes attack, Ipremier employees showed a lack of innovation and creativity in improvising through very little effective communication, which is not acceptable and could lead to serious consequences in the company’s performances. Ipremier should hire external consultants to periodically evaluate their procedures and systems for weaknesses (Mitroff, 2000). In addition, to determine the best solutions and courses of action, eternal consultants are never biased. 4. In the aftermath of the attack, what would you be worried about? What actions would you recommend? In the aftermath of the attack, I would be worried about several issues (Cusumano & Selby, 2005). One of such issues is the intentions of the hacker, this would be worrying because the hacker managed to go into our systems without the permission of the company, may have made changes that the managers are not in the position of knowing. The hacker may as a result have gone away with valuable company information, which if they share with our competitors would be detrimental to the operations of the company. If the competitors mange to get hold of the swot of the company, they would enhance the weaknesses of our company such as the insufficient operating procedures, weak partners, weak security system and the disorganization due to miscommunication (Jenster & Hussey, 2001). After they enhance such, they would be in a position of rebranding by facilitating the threats to our operations to be the fast entrants in the market that is ever growing amidst technological development. Another point of worry is the damage caused through the destruction of the infrastructure and the network hence the need to replace such which is an added unplanned cost to the company. The worry on how to handle the impact of the attack on all the stakeholders of the company is alarming most so the impacts on their boss who are the customers specifically the effect on prices of the stocks, legal issues that are yet to result due to the compromise on customer data (Mitroff, 2000). Ipremier can therefore take the following measures to salvage the company from the worries:- They should immediately replace the provider of IT solutions from Qdata given that they have proved worthless. This would ensure that confidentiality, which had been lost, is retrieved. The company should immediately start a serious campaign through an intensified public relation exercise to restore the public confidence in the operations of the company. Ipremier must also see to it that they devise a formula to replace all the incompetent employees with those with the relevant experience depending on the job they would do in the organization (Jenster & Hussey, 2001). The company is facing a lot of risk and they must ensure that they employ quick decision makers who can steer the company in times of crisis as opposed to sinking it further. An experienced security officer must be among the new recruits. The new IT provider must be instructed to look into it that all the necessary information is adequately restored and ensured to be in place. (Cusumano & Selby, 2005) 5. What lessons can we learn from this case? From this case, we are able to learn the importance of the company secrets concerning their projected profitability and growth (Bruce & Epstein, 2004). The essence of establishing efficiently functioning operating procedures is also a matter of fact, therefore:- The operating procedures of the company must always be secure and updated regularly as this is one of the ingredients of a company’s growth and survival. We have also learnt the importance of employing highly qualified staff for given jobs in the company to help maintain the performance of the company in times of crisis. IT solution companies should always invest more on IT and security. The security of a firm’s secrets is quite vital because it is the basis upon which a firm acquires it competitive advantage. Firms must frequently perform a disaster recovery test to uncover any issues that could occur during the attack like the one on the IT systems of Ipremier. It is also important to know that the company’s relations with other partners are equally important in either its growth or collapse. “Partners strength has a proportional effect on the company’s strengths.”( Bruce & Epstein, 2004) Ipremier should therefore learn from the mistakes they made and the obstacles/challenges they faced during this attack, as it will help them grow and survive. References Austine, R. D., Leibrock, L., & Murray, A. (2007). The Ipremier Company (A): Denial of Service Attack. In Case Study, 1(1), 339-347. Axelrod, C. W. (2004). Outsourcing information security. Boston: Artech House. Bruce, B. R., & Epstein, C. B. (2004). The handbook of corporate earnings analysis: company performance and stock market valuation. Chicago, Ill.: Probus Pub. Co. Cusumano, M. A., & Selby, R. W. (2005). Microsoft secrets: how the world's most powerful software company creates technology, shapes markets, and manages people. New York: Free Press. Fink, S. (2006). Crisis management: planning for the inevitable. New York, NY: American Management Association. Jenster, P. V., & Hussey, D. E. (2001). Company analysis: determining strategic capability. Chichester: Wiley. Mitroff, I. I. (2000). Managing crises before they happen what every executive and manager needs to know about crisis management. New York: AMACOM. Pendlebury, M. W., & Groves, R. E. (2004). Company accounts: analysis, interpretation, and understanding (3rd ed.). London: Routledge. Read More