Case Summary: Ipremier Case
Situation
Ipremier was attack by some reason that the website was locked up and customer was not able to access it. The systems seem operated well so the staff did not know what exactly happen and how to solve it. At the time of the attack, Ipremier worried about the security of customer information and the impact of stock price. The employees were tried to solve the problems and minimized the influence of the situations. However, they have problem to access the Qdata headquarter because of the internal policy and they do not know what is the best way to solve the attack for example to pull the plug or not? Finally the attack was over within an hour, fortunately, the privacy of customers was not stolen and their resume business as usual.
Problem Statement
Ipremier, such a well-developed and huge industry company should take risky in to account.
Alternatives
“Now I think of it, preserving the logs may be irrelevant since I’m pretty sure detailed logging is not enabled.” Two men was arguing when the attack occur, they should pull the plug or not. If they do so, it may lose logging data; however, it seems like it is the only way to assure customer data is not being stolen.
“Every time we shut down traffic from an attacker’s address, the zombie we’ve shut down triggers attacks from ten other sites. If it’s a Dos attack, it’s not an intrusion, right?” The executive did not experience the attack before so she does not know how to react at that time.
Recommendations and Next steps
To prevent the attack happens again, Ipremier should arrange a consulting group to define a recovery plan when it occurs. For example, the executive should divide their works into different parts so they can react at the first time when problem happen instead of wasting time on contact each other or ask how to do so. In this case, if they consider the attack happen in advance, the problem that the executive cannot get into Qdata center because of the authority issue would not
Ipremier was attack by some reason that the website was locked up and customer was not able to access it. The systems seem operated well so the staff did not know what exactly happen and how to solve it. At the time of the attack, Ipremier worried about the security of customer information and the impact of stock price. The employees were tried to solve the problems and minimized the influence of the situations. However, they have problem to access the Qdata headquarter because of the internal policy and they do not know what is the best way to solve the attack for example to pull the plug or not? Finally the attack was over within an hour, fortunately, the privacy of customers was not stolen and their resume business as usual.
Problem Statement
Ipremier, such a well-developed and huge industry company should take risky in to account.
Alternatives
“Now I think of it, preserving the logs may be irrelevant since I’m pretty sure detailed logging is not enabled.” Two men was arguing when the attack occur, they should pull the plug or not. If they do so, it may lose logging data; however, it seems like it is the only way to assure customer data is not being stolen.
“Every time we shut down traffic from an attacker’s address, the zombie we’ve shut down triggers attacks from ten other sites. If it’s a Dos attack, it’s not an intrusion, right?” The executive did not experience the attack before so she does not know how to react at that time.
Recommendations and Next steps
To prevent the attack happens again, Ipremier should arrange a consulting group to define a recovery plan when it occurs. For example, the executive should divide their works into different parts so they can react at the first time when problem happen instead of wasting time on contact each other or ask how to do so. In this case, if they consider the attack happen in advance, the problem that the executive cannot get into Qdata center because of the authority issue would not