By Day 7 Submit a 3- to 4-page paper addresses the following questions: How well
ID: 3677626 • Letter: B
Question
By Day 7 Submit a 3- to 4-page paper addresses the following questions: How well did the iPremier Company perform during the 75-minute attack? If you were Bob Turley, what might you have done differently during the attack? In what ways were the company’s operating procedures deficient in responding to this attack? In what ways were they adequate? What additional procedures might have been in place to better handle the attack? Now that the attack has ended, what can the iPremier Company do to prepare for another such attack? In the aftermath of the attack, what actions would you recommend?
Explanation / Answer
iPremier Company perform during the 75-minute attack
IPremier Company perform during the 75-minute attack. This might have come due to too much faith
to control these situation and lack of vision with regards to any threats.IPremier had contracted with Qdata, an Internet hosting business that provided them with most of their computer equipment and internet connection. Qdata was not viewed as an industry leader and was selected because it was located close to iPremier's corporate headquarters. However, despite being unprepared, I do believe iPremier did perform well enough during the 75 minutes attack; the situation was handled professionally by all parties involved. Yet, even though they handled the
matter professionally, there is a point that the CIO didn’t handle too well. He is responsible for whatever happens to the company's reputation, be it good or bad. At the moment they were not sure if their systems had been intruded or if there was some sort of distributed DOS attack. This was because there was not a crisis management strategy in place. Evidently, the company also did not have equipment such as proper firewall to help subdue the problem. If the attack had not ended as soon as it did, and coupled with a possible intrusion, the consequences on iPremier would have been much more severe.
If you were Bob Turley, what might you have done differently during the attack
If I was Bob Turley I would have ordered the system to be fully shut down even if it meant losing
the data that would help the company figure out what had happened. If the website was hacked, it
means customers information such as credit cards and social security numbers would have been
compromised. I believe shutting it down would have been the safer move in managing the potential
risk. Dealing with the stolen data and expense of the fallout of people’s personal information
leaking is far more detrimental to the company than losing information about how the DOS
occurred.
company’s operating procedures deficient in responding to this attack? In what ways were they
adequate.Additional procedures might have been in place to better handle the attack
if the attack took place at a high traffic time of the day rather than 4:00 am whenit is not as productive or where network traffic on the website is not at a peak. In the aftermath,managers of iPremier’s infrastructure will need to rebuild parts of it. In order to restore the infrastructure to it pre-incident moment, they will be required to erase and rebuild everything. If configuration and procedures have been carefully documented in advance, recovery can happen
immediately. If not this could be a cumbersome and lengthy endeavor. Most importantly, the company owes its clients and business partner’s detailed information about what happened so that all involved can determine the consequences of the attack. In crises management and in formulating actions after a crisis, it is important to
communicate with all parties involved.
Now that the attack has ended, what can the iPremier Company do to prepare for another such attack
Risk management is necessary. I stated in question 2 the importance of having a crises plan in place in case a breech may occur is extremely important. This crises plan needs to have well documented emergency procedures. A pre-crisis plan of practices in place makes incidents more manageable. The following plan needs to include: sound infrastructure design, careful documentation, disciplined execution of operating procedures, and an established crisis management plan. A sound infrastructure design is infrastructure that has been designed with a contingency of sound recoverability and tolerance for failures. By this design the losses associated with a Dos or a breech are more likely to be contained and easier to manage. IPremier will need to find a better internet service provider if Qdata fails to update its infrastructure and technology.Careful Documentation ensures that crisis management is precise with the most important critical details; reliable, accurate, and careful documentation saves time, costs, and increases confidence when dealing with a crisis. Proper documentation maintains a baseline of knowledge about infrastructure configurations. Disciplined execution of operating procedures is only as good as a plan and can only be followed if it is documented well. These procedures, when executed properly make the diagnosis of problems more effective. Scheduled infrastructure audits uncover lurking problems or vulnerabilities and must be performed often. Finally, established crisis management procedures are procedures for managing incidents. They effectively guide the diagnosis of problems, help manager’s decision-making efforts more efficient, and specify who should be involved in problem-solving activities
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.