1. How well did the iPremier Company perform during the seventy-five-minute attack?

If you were Bob

Turley, what might you have done differently during the attack?
2. Now that the attack has ended, what can the iPremier Company do to prepare for another such
attack?

Question 1

iPremier was unprepared for the 75 minutes attack. This might have come due to too much faith
in the Qdata’s abilities to control these situations and lack of vision with regards to any
threats. iPremier had contracted with Qdata, an internet hosting business that provided them with
most of their computer equipment and internet connection. Qdata was not viewed as an industry
leader and was selected because it was located close to iPremier’s corporate headquarters. It was
essential for them to have ensured beforehand that their security systems were in place and that
they could have blocked the website form operation at that time. At the moment they were
not sure if their systems had been intruded or if there was some sort of distributed DOS
attack. This was because there was not a crisis management strategy in place. Evidently, the
company also did not have equipment such as proper firewall to help subdue the problem. If the
attack had not ended as soon as it did, and coupled with a possible intrusion, the consequences
on iPremier would have been much more severe. Hence, it can be said that the iPremier
Company performed quite ineffectively and in a completely confused manner during 75 minutes
attack.

If I were Bob Turley, I would have called the website service provider and informed him
that the firewall had been broken into and I need the website to be inactivated or de-
functionalized immediately. This would help save customer information and credit card
information as it would lead to inability to access information from the website for
everybody including company operators and the hackers.

iPremier was unprepared for the 75 minutes attack. This might have come due to too
much faith in the Qdata’s abilities to control these situations and lack of vision with
regards to any threats. iPremier had contracted with Qdata, an internet hosting
business that provided them with most of their computer equipment and internet
connection. Qdata was not viewed as an industry leader and was selected because it was
located close to iPremier’s corporate headquarters. However, despite being unprepared,
I do believe iPremier did perform well enough during the 75 minutes attack and the
situation was handled professionally by all parties involved.  Yet, even though they
handled the matter professionally, there is a point that the CIO didn’t handle too well.
He is responsible for whatever happens to the company’s reputation, be it good or bad.
At the moment they were not sure if their systems had been intruded or if there was
some sort of distributed DOS attack. This was because there was not a crisis
management strategy in place. Evidently, the company also did not have equipment
such as proper firewall to help subdue the problem. If the attack had not ended as soon
as it did, and coupled with a possible intrusion, the consequences on iPremier would
have been much more severe.

If I was Bob Turley, I would have ordered the system to be fully shut down even if it
meant losing the data that would help the company figure out what had happened. If the
website was hacked, it means customers information such as credit cards and social
security numbers would have been compromised. I believe shutting it down would have
been the safer move in managing the potential risk. Dealing with the stolen data and
expense of the fallout of people’s personal information leaking is far more detrimental to
the company than losing information about how the DOS occurred.

Question 2

Yes, the company’s operations were deficit in responding to this attack as there
were high levels of incapability in doing anything at all about the attack. There was no
information or idea available to anybody in the staff including the technical team.

Additional procedures that might have been in place to better handle the attack
include the formation of a contingent or backup plan which can help them not only
disable the website immediately but also help them to track the hacker and take
appropriate actions. Along with this it is essential that they should strengthen the
firewalls and security system.

Question 3

iPremier should first and foremost trace the hacker so that the credit card
information and information about the customers is not misused. This forms their basic
social responsibility. It is important for them to now strengthen their security system for
which additional procedures need to be formed and put in place.

As already mentioned, a contingent or backup plan which can help them not only
disable the website immediately but also help them to track the hacker and take
appropriate actions should be formed and used in case to trace nay other such attacks
on immediate basis. Along with this it is essential that they should strengthen the
firewalls and security system.

Question 4
 The first thing that I would be worried about in the aftermath of the attack includes
the information of the customers and the credit cards that might have been accessed by
the hacker and can be misused.

 I recommend legal actions against the hacker for the purpose of ensuring that
there is no misuse of this information. This requires technical assistance for the purpose
of tracing the hacker. Apart from this I would also be worried about the future prospects
of the website and ensure that its security is strengthened.