Cybercrime and Information Systems Controls: The Case of iPremier

Overview of the Assignment Task

A lot of experts argue that cybersecurity is a must for businesses. In fact, data loss and breaches can cost businesses plenty in terms of lost productivity, lost revenue, damage to the brand, and expensive recovery efforts. Problems inherent to computer security will likely persist so security issues are increasingly relevant to general managers, whether they like it or not.
iPremier is a successful high-end web-based retailer. This company was shut down by a Distributed Denial of Service (DDoS) attack in 2009. The case presents a series of events before, during, and after the cyberattack (few minutes after it ended). Although the case does not describe actual events and iPremier is not a real company, everything that happens in the case has happened to real companies.
You are required to write a report about cybercrime and information systems controls. Your report should be guided by the specific questions documented in the section below titled ‘Requirements for the Report.’

Learning objectives and outcomes expected to be achieved by this assignment

This business case is aimed to illustrate a number of critical points about cybersecurity, internal controls and the COBIT framework. Specific objectives addressed by this assignment include:

Objective 1: Examine the role of business processes and the use of accounting information systems in capturing and managing information that support the needs of stakeholders.
Objective 2: Analyse and evaluate the design of business processes and accounting information systems.
Objective 3: Explain the importance of internal controls and recommend internal controls that cover key business processes and support the achievement of goals.
Objective 4: Apply critical thinking, problem solving and communication skills to analyse, evaluate and interpret business processes and the accounting data that is generated.

Requirements for the Report

After reading the iPremier case study, you need to write a report that will cover the issues of Cybercrime and Information Systems Controls. The report should answer the following questions:
1a. Based on the information provided, critically evaluate the role of iPremier management in relation to information security [Hint: In your evaluation, use two (2) activities of Table 14.1 Romney et al. (2013 p. 423) which are related to COBIT security control objective DS 5.1].
1b. Do you think that security was a priority for iPremier management? Justify your position.
2a. Did the risk reduction measures put in place by iPremier work appropriately during the cyberattack? [Hint: Explain three (3) measures adopted and also whether they failed or not].

2b. Assume iPremier wishes to insource their data centre. Under this new scenario, recommend three (3) internal controls that iPremier should implement to either prevent, detect or correct future cyber-attacks [Hint: Classify each control as either Preventive, Detective or Corrective, explain and justify its importance].

3a. At some point during the crisis, Bob asks Joanne whether they have emergency procedures such as a Business Continuity Plan (BCP). Discuss three (3) benefits and three (3) challenges of BCPs.
3b. Would you recommend iPremier adopting a Business Continuity Plan (BCP) or a Disaster Recovery Plan (DRP)? Justify your recommendation.
4. The iPremier case was written in 2009. Investigate two (2) major data breaches within organisations over the last 3 years (since 2015). Explain what happened, what the cause was, what internal controls were absent or failed, and what the implications were.

Report Structure and Presentation:

• Title page that lists all the authors (Name, Surname, Student ID, tutorial times, and the name of the tutor),
• Table of contents,
• Introduction
• Main body,
• Conclusion
• Reference List (all references listed must be cited somewhere in the text),
• Appendices (in case if any supplementary information needs to be reported).