iPremier and Denial Of Service Attack Case Study

Monday, January 10th, 2011 at 1:31 pm

\In a recent Information Management lecture we went through the case of iPremier (read the full case) which is a
popular case study from Harvard Business School. It was a made up case but the recent high profile hacking stories
(such as Gawker) show that companies are not taking security seriously.
The background is that iPremier suffered a DOS attack in the middle of the night which caused chaos in the
company. After an hour the attack stopped and the company went back to business as normal. Two weeks later
another DOS attack was spawned from the companys server directed at a competitor which proved that their server
had been compromised. The FBI became involved, the competitor threatened to sue and the city analysts were
thinking of downgrading the stock.
Our role was to come up with recommendations as to how the processes and plans could be improved for the future.
Keeping in mind that the security is about more than just technology we needed to brainstorm around people and
processes as well.

1. People and processes

Develop a business continuity plan (test it end to end including suppliers and keep it updated)

Develop an IT governance framework that includes security in its remit

Develop clear reporting lines

Better training for emergencies

Trust your technical leaders and make sure they have the resources to lead in a crisis

Make security part of strategy

Hire an independent audit team who report into the board

Hire a security and risk expert

Develop a better relationship with your hosting provider

2. Technology

Avoid single points of failure. Separate the server stack so that database, web and file servers are not on the
same network

Use a reputable hosting provider with a world class infrastructure and support

Make sure all your software is up to date

Use a combination of hardware and or software firewalls

Backup and redundancy planning and testing

Active monitoring

Strong one-way encryption of passwords

Use open auth systems such as Facebook connect

I know there are lots and lots of other things you can do but this was the result of a very quick group collaboration.

Bombardier Case Prep (Successfully Navigating the

Turbulent Skies of a Large-Scale ERP Implementation)

Problem/Issue Statement
What is the problem?
The problem that Bombardier is facing is the ability to find out how to
implement an ERP system that will contribute to the large inherited data and
processes from other sectors of the company. At this point Bombardier is facing
compatibility issues with their systems. An answer was needed to enable and
establish a better way of communication between systems or establish an
alternative to become a better centralized system and find a solution to the lack
of integration of their legacy systems.
What is the Scope of the problem?
Bombardier needs to regain momentum after an already failed attempt with the
centralized system (ERP) before. Since Bombardier is a large company with
many divisions, ERP seemed to be the alternative to try again but with the
ability to be fully functional. Tasks such as managing better inventory for
mechanical parts, body parts, frames, engine pieces, and also to become a
better communicating enterprise, were why an ERP was needed. Management
were concerned on problems such as process delays, sequential activities, low
inventory turns, price inconsistency, and multiple bills of material.
Situation Assessment
What is the context of the problem/ Decision Criteria
The context sits at the knowledge that the ERP system has to be implemented a
second time after a previous failure attempt. In order to have the right decisions
made, costs of implementing this new system would need to be made and if all
the problems would be solved. The managers would need to establish a way to
try to test out the ERP system previous to implementation to see if their
problems can truly be fixed.
List of Plausible Alternative Courses of Action with Evaluation
The alternative course of action would be to implement the ERP which would
bring Bombardier to their vision of becoming a One Company organization

where employees would have the ability to share common data across divisions
and products while using a single unified system accompanied by a unified
process. Making it a business transformation rather than a technology one is
where the company should focus on so they will avoid another failure.
Remembering to stay active with the process would be essential by having
upper management available at all times during the project. Employees should
also be present when it comes to training before the implementation and after.
Lastly, communication should be a priority along with the implementation.
Recommendation
While viewing the quality and logical recommendation, it is right to say that
Bombardier should allow the ERP process to take place once more and finish
what was once started. With the BMIS team created, training and support would
be available to be present during future implementations which would create a
positive influence on all the employees who are new to it all. Having training
before and after the implementation would allow those who were never working
on the same systems integrate and have familiarity working together. During
the implementations, the upper management should always be present along
with the BMIS team. The presence with upper management influences not only
the employees but the consultants also. Also, the divisions would also need
support while the entire company is being implemented because they are also
in the loop . With ERP, Bombardier would allow their vision to become One
Company and allow all their divisions to share and become centralized as a
whole.

Presentation
For presentations, the consultant group should have power points showing the
ideal ways to work as a team. A cost matrix should also be set in place to show
training costs and the result of the implementation of the ERP. This would show
if it would work if thinking of investments. I would also present any real life
implementations from other companies or even Bombardier themselves and
show proof of any advancements post-implementation.