Preview

Ipremier and Denial of Service Attack – Case Study

Satisfactory Essays
Open Document
Open Document
333 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Ipremier and Denial of Service Attack – Case Study
In a recent Information Management lecture we went through the case of iPremier (read the full case) which is a popular case study from Harvard Business School. It was a made up case but the recent high profile hacking stories (such as Gawker) show that companies are not taking security seriously.

The background is that iPremier suffered a DOS attack in the middle of the night which caused chaos in the company. After an hour the attack stopped and the company went back to business as normal. Two weeks later another DOS attack was spawned from the company’s server directed at a competitor which proved that their server had been compromised. The FBI became involved, the competitor threatened to sue and the city analysts were thinking of downgrading the stock.

Our role was to come up with recommendations as to how the processes and plans could be improved for the future. Keeping in mind that the security is about more than just technology we needed to brainstorm around people and processes as well.

1. People and processes

Develop a business continuity plan (test it end to end including suppliers and keep it updated) Develop an IT governance framework that includes security in its remit Develop clear reporting lines Better training for emergencies Trust your technical leaders and make sure they have the resources to lead in a crisis Make security part of strategy Hire an independent audit team who report into the board Hire a security and risk expert Develop a better relationship with your hosting provider

2. Technology

Avoid single points of failure. Separate the server stack so that database, web and file servers are not on the same network Use a reputable hosting provider with a world class infrastructure and support Make sure all your software is up to date Use a combination of hardware and or software firewalls Backup and redundancy planning and testing Active monitoring

You May Also Find These Documents Helpful

  • Satisfactory Essays

    Unit 10 Assignment 1

    • 344 Words
    • 2 Pages

    * The company should back up all online users profiles and gaming applications. I would also suggest redundant servers.…

    • 344 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Sunica Music

    • 697 Words
    • 3 Pages

    Due in Week One: Give an overview of the company and the security goals to be achieved.…

    • 697 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    Imagine that you are working for a startup technology organization that has had overnight success. The organization’s immediate growth requires for it to formulate a corporate strategy for information security. You have been recruited to serve as part of a team that will develop this strategy.…

    • 514 Words
    • 3 Pages
    Satisfactory Essays
  • Satisfactory Essays

    FXT2 Task 1

    • 1206 Words
    • 7 Pages

    -- Work with Operations team to define policies and procedures. They will also define essential personnel…

    • 1206 Words
    • 7 Pages
    Satisfactory Essays
  • Powerful Essays

    nt2580 lab 6

    • 1092 Words
    • 5 Pages

    a business continuity plan starting with a risk analysis, business impact analysis, and alignment of critical…

    • 1092 Words
    • 5 Pages
    Powerful Essays
  • Good Essays

    Never allow any type of attack, successful or otherwise to go undocumented or wasted. “If you experience an attack, learn from it,” For example, let us analyze an information security breach case of a financial corporation that caught an employee trying to steal very private company trading algorithms. Accountability and authenticity must immediately be exercised to ensure…

    • 639 Words
    • 3 Pages
    Good Essays
  • Better Essays

    Supply Disruption  Customer Disruption  Employee Disruption Communication Utilities Contingency Planning Process High Level Contingency and Disaster Recovery Planning Strategy • Develop the Business Contingency Planning • • • • • • • Policy and Business Process Priorities Conduct a Risk Assessment Conduct the Business Impact Analysis (BIA) Develop Business Continuity and Recovery Strategies Develop Business Continuity Plans Conduct awareness, testing, and training of the DRP Conduct Disaster Recovery Plan maintenance and exercise Identify business processes Industry Standards ISO 27001 : Requirements for Information Security Management Systems. Section 14 addresses business continuity management.…

    • 1114 Words
    • 10 Pages
    Better Essays
  • Satisfactory Essays

    It 244 Ap C

    • 466 Words
    • 2 Pages

    Due in Week One: Give an overview of the company and the security goals to be achieved.…

    • 466 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Supply Chain Power Tool T3

    • 6294 Words
    • 26 Pages

    In order to operate at maximum profit levels, a business must have lower operational costs than the competition. The means to satisfying lower operational costs is Supply Chain Management. Supply Chain Management is a cross-industry wide philosophy to improve operational efficiency by integrating activities of obtaining goods and services to create a product. When implementing a supply chain strategy, consideration must be given to the approach given to suppliers, metrics to measure success of the plan, risk and risk mitigation. In this paper we will discuss the best supply chain management strategy for a newly formed company called Tyson Tools. The organization plans to manufacture electric drills, saws and sanders. Tyson’s business mission is to be the number one provider of power hand tools and deliver superior customer service to its defined market segmentation.…

    • 6294 Words
    • 26 Pages
    Good Essays
  • Powerful Essays

    The Rookie Chief Iso

    • 3874 Words
    • 16 Pages

    Work with other executives to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology.…

    • 3874 Words
    • 16 Pages
    Powerful Essays
  • Satisfactory Essays

    The original task team at First World Bank Savings and Loan has concerns about the…

    • 849 Words
    • 4 Pages
    Satisfactory Essays
  • Better Essays

    7. Maintain contingency plans. Update and add new factors to them to show the changes in the factors that influence them.…

    • 805 Words
    • 4 Pages
    Better Essays
  • Powerful Essays

    What needs to be identified are ways that the project team and organization will establish a plan of procedure to resolve any issues that may arise or as soon as possible as to not cause a loss in availability and reliability. During any unplanned outages, you risk the obligations you have established with your clients and also stated in an SLA (Service Level Agreement) that defines the percentage of the amount of time that the systems and services must be available. One way for our organizations risk mitigation strategy, we will implement a hot site. A hot site is defined as a central location that has all systems with matching back up configurations to the current operational system so there will be no down time for the clients and the services. If the main system was to fail, the hot site will kick in to operation and take over all services until the main system is properly resolved. To help and prevent any possible down time for the main system, the organization could apply weekly patches that are configured to identify and react to any known and potential attacks that will cause the system to fail. These patches can be schedule and coordinated with the clients so we may decide on the least active time that the services are being used that we offer to the client so we can have planned and scheduled down time to apply the patches and…

    • 3705 Words
    • 15 Pages
    Powerful Essays
  • Good Essays

    Operation Get Rich or Die Tryin' is just one example in a sea of inadequate security measures that is far too common in today corporations. The fact that TJX failed not only to notice the breach, but also to implement basic security measures is concerning enough. However, this inevitably leads us to ask if such a large corporation had this level of neglect, how pervasive is the lack of security in the industry? To answer the question, all we need to do is take a look at last couple of years in the news. We can see from a quick Google search that we've had hacks on Experian, Yahoo (in which I was personally affected), Sony and Uber, just to name a few. These are companies with which we are all familiar. and with vast amounts of capitol at their disposal. Yet somehow they still failed in their responsibility to safeguard some of our most…

    • 724 Words
    • 3 Pages
    Good Essays
  • Better Essays

    Attacks from the Insiders

    • 1029 Words
    • 5 Pages

    The article I read online through the website InformationWeek.com was written about this very subject and how a company can help secure their network and information from the inside out. The article was written by Matthew Swartz on May 13, 2012. Although the article is just over one year old, I found that all the points in Mr. Swartz’s article are still valid and can be applied today without having to adapt for the year’s time.…

    • 1029 Words
    • 5 Pages
    Better Essays