Microsoft Security Response Center (MSRC) is a key component of the security infrastructure for Microsoft, the large, internationally known software manufacturer. The program manager of the center has been informed by a hacker of a potentially damaging security vulnerability in a piece of Microsoft's Internet server software. Neither the hacker nor MSRC knows for sure if systems using the software have been compromised, but they do know that the vulnerability has been discussed in hacker news groups. The program manager must determine who should be told, what needs to be done and when. This case and the accompanying Microsoft Security Response Center (B) and (C) cases (products 9B01E020 and 9B01E021) look at the strategy to solve the problems and deal with any possible public relations issues that arise from it.
Microsoft Security Response Center (MSRC) is a key component of the security infrastructure for Microsoft--the large, internationally known software manufacturer. A hacker has informed the program manager of the center of potentially damaging security vulnerability in a piece of Microsoft's Internet server software. Neither the hacker nor MSRC knows for sure whether systems using the software have been compromised, but they do know that the vulnerability has been discussed in hacker news groups. The program manager must determine who should be told, what needs to be done, and when. This case looks at the strategy to solve the problems and deal with any possible public relations issues that arise from it.
Shortly after the Microsoft Security Response Center found out about a security vulnerability in a part of their Internet server software, the Internet Information Server development team was brought in to find a solution. The team determined that a patch developed months before would fix the problem. They needed to notify the world's Internet users immediately to prevent them from being attacked by hackers. The team had to figure out how to keep the security vulnerability quiet, and then suddenly tell the whole world about it. This supplement to Microsoft Security Response Center (A) 9B01E019 extends the situation as new information surfaces about the vulnerability.
The program manager and his team at the Microsoft Security Response Center decide to keep the security vulnerability and its solution quiet over the weekend. They contact the Microsoft Premier Support Organization, which provides high level service to large companies, to get the solution to as many of their customers as possible, since large companies would be hackers' first targets. The bulletin was ready for release and as far as the program manager could tell, the problem had remained quiet. He had to decide whether to release the patch the following morning or wait until they could prepare the patch in many languages. This is a supplement to Microsoft Security Response Center (A) and (B), products 9B01E019 and 9B01E020.
The director of business development of the electronic banking division of the Canadian Imperial Bank of Commerce (CIBC) had just won a long-fought battle to implement a wireless banking initiative for customers with mobile devices such as cell phones and personal digital assistants. Now he had to make a number of key decisions relating to the strategy. These decisions included which services to offer (banking as well as non-related services), which devices and standards to support and whether to partner with a third-party content supplier. An extensive glossary of wireless technology terminology is included with this case.
The Canadian Imperial Bank of Commerce (CIBC) had implemented word recognition software, Assentor, in its U.S. brokerage arm to ensure its employees were not acting inappropriately in their dealings with customers and to protect company systems from viruses. This software scanned e-mails for flagged business words and archived the e-mails in a central database. The manager of compliance at CIBC's head office in Toronto, found that the decision to implement the Assentor software was much easier than deciding what to do in the event the software found something improper. Issues related to company ethics and employee privacy were raised. Acknowledging that occasional personal e-mails would be sent and received, he wondered what the legal ramifications would be if a manager found out about a private situation because Assentor had found a flagged word in a personal e-mail. He felt that clear communication with and upfront understanding from employees would help prevent negative impressions of this process so he had to determine the best way to inform employees about the e-mail scanning while enforcing CIBC's e-mail policy.
The Euro-Arab Management School is an academic institution established by the European Union and the Arab League. The school is a "virtual organization": it does not operate bricks and mortar classrooms. Instead, programs are offered in an innovative manner that combines web-based learning with local tutoring. The case deals with the concept of management of a virtual organization, and introduces some of the benefits and challenges of virtual organizations. Also deals with issues of the future of education in the age of the Internet.
Mondex is a "smart card" application that can be used as a payment mechanism--much like cash, or debit/credit cards--to pay for small, everyday items. This case describes the development and implementation of the Mondex stored-value payment system. The Mondex Canada consortium includes the major Canadian financial institutions, led by Royal Bank and Canadian Imperial Bank of Commerce. Mondex has been undergoing a lengthy trial in the city of Guelph, Ontario. The director of marketing for Mondex Canada is faced with a rather large implementation challenge: planning and managing the roll-out of Mondex to the rest of the country.
TSAT A/S is a small, global satellite communications manufacturer based in Oslo, Norway. The company is a niche player, specializing in VSAT (very small aperture terminal) satellite networks for mostly SCADA (supervisory control and data acquisition) applications. The case is written from the perspective of the marketing manager for Southern Europe and Latin America. The company is looking to expand into Latin America--the second fastest growing market in the world for VSAT applications. The marketing manager has identified three possible means by which to do so, and must decide which option is best. This case is useful for introducing satellite communications technology and for discussing channel choices and the diffusion of technological products. As such, it is best suited for undergraduate and graduate courses in data or telecommunications and marketing strategy.
Scandinavia Translations (Scantran) provides translation services between English and the three Scandinavian languages (Danish, Swedish, and Norwegian), as well as Finnish. The business is operated primarily by one person, Heidi Wade, assisted by her husband Mike. The unique thing about Scantran is that it is a purely virtual business: Heidi and Mike never meet with, see, and rarely even speak with any of their clients, nor with any of their individual translators. Almost all the business is done over the Internet, supplemented by faxes and occasionally the telephone. Documents are mainly transferred as file attachments to Internet electronic mail messages. There are no other permanent employees, and all the work is done out of the couple's apartment, with no need for expensive overhead such as office premises or fixed salaries. Scantran's business has grown rapidly since its inception. The Wades are faced with a number of decisions, including whether to try to stay the size they are or "go for growth," which implies adopting a new business model. If the decision is to grow, what should the new business model be? Can the company maintain the great flexibility provided by the Internet and still expand? This case nicely illustrates both pros and cons of virtual small businesses, typical of a great many Internet-dependent startup companies created in recent years.
First Virtual Holdings, Inc. (FVHI) is an Internet payments company based in San Diego, CA. The company developed a technology by which consumers can securely purchase goods and services over the Internet. Each participating consumer is provided with a "VirtualPIN" number, which is used in place of a credit card number to make purchases from participating online vendors. The vendors forward the consumer's VirtualPIN number, along with the amount of the transaction to FVHI. FVHI then sends an e-mail to the consumer asking for confirmation of the transaction. When confirmation is received, FVHI processes the transaction and pays the vendor. The technology ensures that a consumer's credit card number is never sent across the Internet. The system is secure but embodies a certain amount of inconvenience as each purchase required two steps. FVHI is a good example of a company with a good technology whose main challenge is to gain the critical mass of users necessary to make the system viable. The company faces strong competition from established industry players such as software developers, banks, and credit card companies. In addition, continued consumer reluctance to embrace online commerce has hampered the company's progress.
First Virtual Holdings, Inc. (FVHI) is an Internet payments company based in San Diego, CA. FVHI's original offering, an Internet payments system based on consumers' receiving and using a "VirtualPIN" number for online purchases instead of a credit card number, had not been successful. Consumer apathy to the system, coupled with vendor disinterest, have prevented them from attaining the critical mass necessary to make the system viable. In response to the failure of their payments system, FVHI decided to change their focus. The company developed an interactive advertising banner, about the size of a regular web advertising banner. The "VirtualTAG" functions like a mini web page within a page. Users can click through pages in the banner without leaving the page on which the banner was found. The VirtualTAG can have multiple uses such as to provide information or facilitate transactions. FVHI intends to develop and license the VirtualTAG to web page administrators. They also intend to incorporate the VurtualTAG into e-mail messages. VirtualTAGs may be used as a form of "mass" interactive Internet advertising, although the company is quick to point out that the technology will only be used with targeted and consenting consumers. FVHI's ideas and technology regarding Internet advertising provide a useful vehicle for discussing trends in online commerce and Internet privacy issues.