The iPremier Company: Denial of Service Attack

1. How well did the iPremier Company perform during the seventy-five-minute attack? If you were Bob Turley, what might you have done differently during the attack?

The Denial of Service (DOS) attack is a situation whereby the users of a specific piece of hardware for instance network resource are not able to access it because of crowded information packets that block the network resources or disrupting the services of a host connected to the internet thus making them unavailable (Jamal, 2018). In this case, iPremier Company did not seem prepared for the seventy-five-minute attack.  The company obtained most of their computer equipment and an internet connection, among other services from Qdata, which was an internet hosting company (Austin et al., 2001).  They preferred sourcing those services from Qdata because its location had proximity to their corporate headquarters. Again, the employees in the IT department highlighted that they were not okay with services provided by Qdata by they had not many any move to address the situation or outsource from another company because they had other things that needed to be prioritized (Austin et al., 2001). In addition, they still had faith in it because one of the iPremier founders knew the founders of Qdata Company. 

However, during the attack, I can commend the manner in which they tried to address the situation with professionalism since they had no previous experience with security breaches, but there was a need to do more. For instance, they ought to have  crisi9s management team that ought to have formulated strategies that would be impl3emented to ensure the company does not experience such attacks as well be able to deal with one if it occurs. Again, IPremier Company should have individuals with expertise in the IT departments to ensure they are always hands-on with the operations within the company because in this case, they were not even sure if their system had been hacked and whether the hackers would access the credit card information of their customers (Austin et al., 2001). In addition, I can say that they were lucky that the attack did not last long because it could have caused adverse effects to iPremier Company.

Therefore, if I was Bob Turley, I would have considered shutting down the system with immediate effect to prevent hackers from accessing customers information such as the social security numbers and credit cards. From the case study, it is evident that Bob did not take this measure because he was afraid the company would lose information that would help them to trace what had happened, but that is less important compared to putting the information their customers at risk.

References

Austin, R. D., Leibrock, L., Murray, A., & Harvard University. Graduate School of Business Administration. (2001). The IPremier Company (A): Denial of Service Attack.

Jamal, T. (2018). Denial of Service Attack in Cooperative Networks. https://doi.org/10.31224/osf.io/smdax

2. The iPremier Company CEO, Jack Samuelson, had already expressed to Bob Turley his concern that the company might eventually suffer from a “deficit in operating procedures.” Were the company’s operating procedures deficient in responding to this attack? What additional procedures might have been in place to better handle the attack?

Indeed the company’s procedures were deficient in dealing with the DOS attack. The main rationale is that they had not upgraded their emergency manual and the outdated one that they depended on during the attack could not be found, and it took time before Joane could access the data center. Therefore, iPremier would have ensured that they revised the emergency procedure and also have all the employees in the IT department understand everything about the improved procedure. During the attack, Bob asks Leon whether they had commenced the emergency procedures, and he replies by saying he is not sure and that Joanne had told him they a have binder which had never set his eyes on (Austin et al., 2001). As such, it is evident that there is a need for effective communication among employees to ensure they are well versed with the procedures and how to respond to such an attack. Additionally, although the employees claim they had other priorities to work on, it is high time they addressed the unsatisfactory services they get from Qdata or source those services from a different company. Qdata ought to have communicated with iPremier to alert them about the attack and maybe advise on what they could have done. As such, IPremier Company should opt for an internet hosting company with effective communication skills to ensure they minimize the probability of having a similar4 attacks and if it happens will have open lines of exchanging information in a bid to manage the attack.

References

Austin, R. D., Leibrock, L., Murray, A., & Harvard University. Graduate School of Business Administration. (2001). The IPremier Company (A): Denial of Service Attack.

6. What information about these events should iPremier Company share with its customers and the public?

Sharing information about these events to their customers, and the public can have both pros and cons. Their customers may lose trust in the company, and the public may not consider transacting with the company because of fear that their credit card information may be at risk. If the company decides not to communicate and the customers or the public in one way or another gets to find out about what happened then, they may perceive the company as not transparent. Therefore, when sharing information regarding the attack, then they ought to provide details of what took place filtering those that would depict them as irresponsible as well as communicate the measures that they will put in place to ensure they will avoid experiencing such an attack and if any happens they will handle it in time. As such, they will also need to highlight their formulated security management framework to ensure they maintain their trust with their customers and the public. Information about how the IT team could not even tell what was happening during the DOS attack should not be provided to customers and the public as they will assume that the company does not have competent employees.

References

Austin, R. D., Leibrock, L., Murray, A., & Harvard University. Graduate School of Business Administration. (2001). The IPremier Company (A): Denial of Service Attack.