The security perspective of an e-commerce company varies based on its business model. iPremier follows a Business-to-consumer (B2C) model and the entire sales come directly through web sales i.e. online B2C transactions. Hence the IT security of iPremier should center on the protection of the customer information and needs. The Federal Reserve includes six types of risks a company could face because of an Information Technology (IT) breach, which are credit, market, liquidity, operational, legal, and reputational in nature (FFIEC, 2006). iPremier faces operational, reputational, legal and market risks in the current situation following the Denial of Service (DoS) attack.
COSTS OF A BREACH
No customer will buy a product from a website that cannot guarantee privacy of his/her credit card or bank account information. The customers of iPremier expect that their financial data remains safe from theft and fraud, and linkage to the iPremier website will not infect their computers with viruses
or hostile code. High end customers in particular do not want their personal information, shopping habits and preferences to be released to outside parties. Customers do not want any cookies or other privacy compromising code unknowingly planted on their machine. The worst problem iPremier could face is the high corporate liability if it fails to protect the customer data stored internally.
Companies that suffer theft of customer information incur significant direct and indirect expenses. According to ‘Fourth Annual US Cost of Data Breach Study 2008-2009’ conducted by the Ponemon Institute, the cost of a data breach and response could be identified by four cost centers: Detection and Discovery, Escalation, Notification and Ex-Post Response. The study also says that “In addition to the these four process related activities, most companies experience opportunity costs associated with the breach incident, which results from diminished trust or confidence by present and future…