Ipremier Denial of Service Case
1. Premier was unprepared for the 75 minutes attack. This might have come due to too much faith in the Qdata’s abilities to control these situation and lack of vision with regards to any threats. Every ones reaction was that of panic because there were no crisis management strategy or disaster plans in place. As the communication lines got crossed and broke down, the sense of panic at iPremier grew higher with no defined plan on how to get out of it.
2. We would have had a teleconference with all the Technical Executives to discuss their risk assessment measures, then we would also included the Qdata key point of contact on the issue at hand to discuss possible recovery plan for this situation. The legal advisor will be asked to listen in on this conversation so he can better understand the situation and provide legal advice for the plan.
3. Despite the sense of professionalism maintained by Turley and Ripley it was clear that the company has no procedures in place to deal with infrastructure risk at any level. Needless to say that if this or any similar attack occurred during high traffic time the consequences might be excessive to the infrastructure, business and the reputation of the company. It was clear in the case that Jack hired Bob to create and implement proper policies and procedures for the infrastructure risk management. To do this, iPremier has to assess all known threats to the infrastructure risk matrix and develop procedures to immediately identify the type and risk. These threats would need to be continually assessed as new ones emerge and identification would determine the proper procedures defending against them. Additionally, the incident team manager must have a flawless understanding of the infrastructure design in order to identify where the highest risk of consequences from the attack will be. The case clearly illustrates that an important component of any procedure, regardless of the threat, is a chain of command. Incident
2. We would have had a teleconference with all the Technical Executives to discuss their risk assessment measures, then we would also included the Qdata key point of contact on the issue at hand to discuss possible recovery plan for this situation. The legal advisor will be asked to listen in on this conversation so he can better understand the situation and provide legal advice for the plan.
3. Despite the sense of professionalism maintained by Turley and Ripley it was clear that the company has no procedures in place to deal with infrastructure risk at any level. Needless to say that if this or any similar attack occurred during high traffic time the consequences might be excessive to the infrastructure, business and the reputation of the company. It was clear in the case that Jack hired Bob to create and implement proper policies and procedures for the infrastructure risk management. To do this, iPremier has to assess all known threats to the infrastructure risk matrix and develop procedures to immediately identify the type and risk. These threats would need to be continually assessed as new ones emerge and identification would determine the proper procedures defending against them. Additionally, the incident team manager must have a flawless understanding of the infrastructure design in order to identify where the highest risk of consequences from the attack will be. The case clearly illustrates that an important component of any procedure, regardless of the threat, is a chain of command. Incident