Scribd Logo
Upload

Welcome to Scribd!

  • G8The Ipremier Company

    Uploaded by

    Ankit Khetan PGPMX 20-22 Batch1
    93 views5 pages

    Original Title

    G8The iPremier Company.pptx

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    93 views5 pages

    G8The Ipremier Company

    Uploaded by

    Ankit Khetan PGPMX 20-22 Batch1

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    The iPremier Company

    Group – 8 (Subrata and Ankit)


    1) How well did the iPremier Company perform during the seventy-five minute
    attack? If you were Bob Turley, what might you have done differently during the
    attack?

    • There was no crisis management policies in place and there were no proper security tools used to prevent
    such attacks. This shows that Ipremier was not properly prepared for such attacks and there were no proper
    response or attack handling by CIO. There were no proper understanding on type of attack. However,
    situation was handled properly by other key stakeholders otherwise the situation would have been worse
    and more severe. Hence, I believe that ipremier did perform well in the 75 minute attack
    • If I was Bob Turley, I would have asked to completely shut down all the systems to prevent the severity of
    attack even if it costs severe loss of business. As the system unavailability and loss of revenue due to system
    unavailability is better than losing existing customers personal information and eventually facing reputation
    loss and cost of legal actions on firm
    2) The iPremier Company CEO, Jack Samuelson, had already expressed to Bob Turley
    his concern that the company might eventually suffer from a “deficit in operating
    procedures.” Were the company’s operating procedures deficient in responding to this
    attack? What additional procedures might have been in place to better handle the
    attack?
    • iPremier Company did not have appropriate operating procedures in place and policies to respond to these
    attacks operating procedures were deficient in responding to the attack.
    • These procedures should be made familiar to every employee. Every employee should be well-versed with
    the SOP as per the policies as as to take the required action at the time of crisis.
    • Separate disk space can be added to allow the logging of event at the time when ipremier system is down to
    prevent the impact of attack and data theft. Procedures should include the steps to be taken by data center
    as well in case of crisis and data centre should be automatically notified of such incidents and that they
    should be ready to take the preventive / corrective measure.
    3) Now that the attack has ended, what can the iPremier Company do to prepare for another
    such attack?
    • Post the attack, Ipremier should learn and understand that the Risk Mangement is necessary to tackle such
    attacks.
    • Having a strategy in place is of utmost priority to prevent such crisis in preventive, detective and corrective
    manner. This strategy includes maintain policies and procedures in place that can be implemented at the
    time of such crisis.
    • These policies and documents makes such incident manageable with appropriate strategies.
    • These documents should be timely updated and appropriate process should be in place to keep the policies
    updated and to execute these preventive and corrective measures.
    • A well established infrastructure should be designed and adopted with appropriate prevention and recovery
    functions.
    • These functions can lessen the loss associated with suck attacks by enabling the system to prevent or to
    recover timely without impacting the Business.
    • System Audit in timely manner assures that the operating procedures as defined in the policies are duly
    followed and are designed effectively to prevent or lessen the business loss at the time of attacks.
    In the aftermath of the attack, what would you be worried about? What actions would
    you recommend?
    In the aftermath of the attack I would be worried about below -
    1) Data Theft – After the attack the data that has been stolen should have been the top most worry as this
    might impact the future business and customer relation leading to reputation loss and business loss.
    2) Recurrence of such attack – I would be implementing tactical and strategic plans to ensure that such attacks
    can be avoided or can be made less impactful
    3) Possible consequences – Loss of share price, loss of reputation, legal actions.
    Actions –
    i) Collecting and analysing logs to assess the activity performed at the time of breach.
    ii) Ensuring that strategies are in place for such attacks in future
    iii) Maintaining SOP and documents in place to ensure that proper steps are executed in case of such attacks
    iv) Training employees to ensure that they are active in case of recurrence of attack

    You might also like