IPremier Case Write Up

1. What is a denial denial of servi service ce attack attack? ? Denial of service (DOS) attack is an attempt to make a piece of hardware like a machine or network resource resource unavailable to its intended users. This attack is performed by sending out a ood of information packets that gridlocks the networks resources rendering rendering them unavailable. unavailabl e. !ikipedia provides the following information about the federal governing of the crime" #Denial$of$service attacks are considered violations of the %nternet &rchitecture 'oards %nternet proper use policy and also violate the acceptable use policies of virtually all %nternet service providers. They also commonly constitute violations of the laws of individual nations. (!ikipedia (!ikipedia *+,-)

How well did iPremier perform during the seventy-ve minute attack? If you were o! "urley# what# if anything# might you have done di$erently during the crisis? %remier was unprepared unprepared for the /- minutes attack. This might have come due to too much faith in the 0datas abilities to control these situation and lack of vision with regards to any threats. %remier had contracted contracte d with 0data an %nternet hosting business that provided them with most of their computer e1uipment and internet connection. 0data was not viewed as an industry leader and was selected because it was located close to iremiers corporate head1uarters. 2owever despite being unprepared % do believe iremier did perform well enough during the /- minutes attack3 the situation was handled professionall professionally y by all parties involved. 4et even though they handled the matter professionally professionally there is a point that the 5%O didn6t handle too well. 2e is responsible for whatever happens to the companys reputation reputation be it good or bad. &t the moment they were not sure if their systems had been intruded or if there was some sort of distributed DOS attack. This was because there was not a crisis management management strategy in place. 7vidently the company company also did not have e1uipment such as proper 8rewall 8rewall to help subdue the problem. %f the attack had not ended as soon as it did and coupled with a possible intrusion the conse1uences on iremier would have been much more severe. %f % was 'ob Turley % would have ordered the system to be fully shut down even if it meant losing the data that that would help the company company 8gure out what what had happened. %f the website was hacked it means customers information such as credit cards and social security numbers would have been compromised. % believe shutting it down would have been the safer safer move in managing the potential potential risk. Dealing with the the stolen data and e9pense of the fallout of people6s personal information information leaking is far more detrimental to the company than losing information about how the DOS occurred.

%. What information information a!out these events should should iPremier iPremier share share with its customers and the pu!lic? &ustify your answer. % am not sure that a disaster such as this intrusion should be regarded as public relations relation s unless people6s identities identities were stolen. %f it is shared % believe they may have to share more information about what further steps to secure the infrastructure are planned and are taken to prevent it from happening again. These steps include integrating a well formulated formulated framework for security security management. %f shared with the public rehearsing the response is crucial to communicate the proper information to ensure the public can still trust iremier. !ell thought and planned out response (pre$ crises) to ma:or incidents makes managers more con8dent and e;ective during real crises. 7ven if the incident occurs in a di;erent form from which was practiced practice makes a crisis situation more familiar and better prepares managers to improvise solutions. This point could be applied to 1uestion < as well.

'. In the aftermath aftermath of the attack# what what would you !e worried a!out? What What actions would you recommend? %n the shadow of the attack % would would be worried about about another DOS. 2owever what would be more detrimental is if the attack took place at a high tra=c time of the day rather than