The iPremier Company was founded in 1996 and had evolved into one of thefew success stories of web-based commerce. It also sells luxury, rare, and vintage goods on the web. In the treacherous business-to-business segment, iPremier was one of a few survivors.
Although the company was a really successful company in business field, during the 75 minute attack, iPremier performed very ineffectively and acted negatively, which would tell customers that it is lack of ability to solve the problem. When picking up the phone to know the website is locked up, Turley, the CIO of the iPremier Company, did not have the plan and strategy to solve the problem. He just waited for the outsourced company, Qdata, giving the solution. What is worse, the company could not make sure if the credit cards and customer data are safe. All the managers in the company just waited until the attack stopped.
Of course the company’s operating procedures were deficient. Actually, there was totally no procedure for solving the attacks according to the case. The staffs, including the CIO and the technology team, could not come up with a complete strategy before the attack happening. When the company’s website was attacked, there was no plan to solve the problem. The CIO even did not sure about what the threat is. If the attack happened in the work time instead of early morning, the company would lose not only the information of the customers and the profits, but also the reputation from the customers.
The iPremier Company should make sure that there is the security system to make sure that when facing attacks, the company can stop it as soon as possible. The employees, especially the technology team, should take the responsibilities of protecting the information of the customers. Also not just the IT department, they have to connect the public relation department to explain what happened to the press and the customers.
After attack ended, iPremier Company should reconsider the procedures of the security system and find out how the hackers targeted the firewall. Because that the company remains the “intense” environment and focused only the growth, the company need to move its infrastructural system to the model that is more modern in order to prepare for the safety of customer’s information.
After knowing the website was attacked, Turley’s goal is to stop the attack and rebuild the procedures of security system. Turley received the phone calls and gather information about the attack and then asked the suggestions from other people to develop alternatives. However, the process of the decision making is very ineffective, after gathering data, Turley knew the cause of the attack, but he cannot find the proper method to stop the attack. He did not make the decision successfully and take action neither.
IT Doesn’t Matter
Information system is the complementary networks of hardware and software that people and organizations use to collect, filter, process, create, and distribute data. Information technology is the application of computers and telecommunications equipment to store, retrieve, transmit and manipulate data, often in the context of a business or other enterprise. According to the definition of the IT and IS, it is clear that information system is the integration that is composed of many tools and transfer data by the tools, on the contrary, information technology is the hardware that works as a tool in the information system to support the data transformation. In the article, the author mentions that the information technology is becoming the commodity and decreasing the costs, which means that the information technology cannot offer competitive advantages as before. Therefore, the managers should control the investment on information technology. However, the information system is different from information technology. The managers can reduce the investment on IT or do not pursue the most advanced technology, but they should create new procedures of transfer information efficiently.
Courtney from Study Moose