Ethics Case Analysis
BINS 7350-01
Information Systems Management
Ethics Case Analysis – Spring 2015
Due: March 30, 2015 at 6:00 p.m.
(Total Points: 50)
Read the following case description of an IT crisis and answer the questions posed at the end of the description.
A Denial of Service (DoS) attack on the corporate IT system at IVK Corporation. (Adapted from the book The Adventures of an IT Leader, 2009, Harvard Business School Publishing). After reading the case description, answer the questions that follow.
IVK Corporation experienced a sudden shutdown of the customer relationship management (CRM) enterprise information system. The information system shutdown was caused by extensive traffic entering IVK’s network of CRM servers from many locations—an organized attack designed to prevent IVK’s security systems from identifying the attempted intrusion into its corporate network. As a result of the attack, the CRM system will not reboot; customer records cannot be accessed; the CRM system is jammed.
Immediately after the attack, top management asks if these symptoms mean that an actual intrusion into its customer database has occurred; has someone exploited a security hole in the CRM system? Is the customer database corrupted? Have customer records been compromised?
Comments made by various members of the management team included the following:
“There’s danger in overreacting as well as underreacting.”
“John thinks it’s malicious.”
“The attack is under control and the CRM system is backed up.”
“Is there any way to tell if bad guys were involved?”
“It depends on how careful they were, if they were there at all. We’re checking on that.”
“No smoking gun yet.” “If it’s bad guys, they’re very, very good.”
“If it was intruders, they had been deep enough into IVK’s CRM production servers to rename database files, which meant they could have also stolen customer data or corrupted it subtly. Unfortunately, the company’s CRM database does retain Social Security numbers and other
Information Systems Management
Ethics Case Analysis – Spring 2015
Due: March 30, 2015 at 6:00 p.m.
(Total Points: 50)
Read the following case description of an IT crisis and answer the questions posed at the end of the description.
A Denial of Service (DoS) attack on the corporate IT system at IVK Corporation. (Adapted from the book The Adventures of an IT Leader, 2009, Harvard Business School Publishing). After reading the case description, answer the questions that follow.
IVK Corporation experienced a sudden shutdown of the customer relationship management (CRM) enterprise information system. The information system shutdown was caused by extensive traffic entering IVK’s network of CRM servers from many locations—an organized attack designed to prevent IVK’s security systems from identifying the attempted intrusion into its corporate network. As a result of the attack, the CRM system will not reboot; customer records cannot be accessed; the CRM system is jammed.
Immediately after the attack, top management asks if these symptoms mean that an actual intrusion into its customer database has occurred; has someone exploited a security hole in the CRM system? Is the customer database corrupted? Have customer records been compromised?
Comments made by various members of the management team included the following:
“There’s danger in overreacting as well as underreacting.”
“John thinks it’s malicious.”
“The attack is under control and the CRM system is backed up.”
“Is there any way to tell if bad guys were involved?”
“It depends on how careful they were, if they were there at all. We’re checking on that.”
“No smoking gun yet.” “If it’s bad guys, they’re very, very good.”
“If it was intruders, they had been deep enough into IVK’s CRM production servers to rename database files, which meant they could have also stolen customer data or corrupted it subtly. Unfortunately, the company’s CRM database does retain Social Security numbers and other