Following the Distributed Denial of Service attack on the website of the iPremier Company, the company’s Chief Information Officer (CIO) requested an evaluation report on the incident. The present paper analyzes and reports the incident along with the provided response.
The IT management of iPremier has managed fairly well against the attack that occurred on the webserver of the company. The IT HR of the company was utilized, and at the same time, the main response to the attack was not left to QData to handle. The attack was responded to in a timely manner, utilizing the fact that it was nighttime, and thus, the issue could be solved prior to customers’ awakening, without substantial interruption to the service. The identification of what information was at stake, and at the same time evaluating several solutions was a good managerial decision. In that regard, Turley had the option of pulling the plug, but nevertheless, he evaluated such a decision between the risks at stake and the identification of the type and the source of the attack, favoring the latter. Accordingly, Turley played his role as the CIO of the company, namely “planning and implementing strategies to limit the impact of natural and human-made disasters on information technology and, consequently, the conduct of business” (Pearlson & Saunders, 2010, p. 221).
If taking the role of Turley, one difference can be seen through is forming a team right away that would handle the situation in this case. Accordingly, critical services should be determined right away, with priorities being put on what actions should follow once the threat is identified (Vries, 2004). Additionally, immediate direct communication should have occurred with the service provider, in which the scale of the threat should have been communicated, and accordingly, no delays in access would have occurred. When evaluating the decision of pulling the plug, shutting down the power might have been optimal, considering the benefit for all stakeholders involved in this case.
The steps that should be followed after the attack can be seen through three dimensions, assessing the impact, mitigating the impact, and performing all the necessary steps that shall minimize the possibility of such threat occurring in the future. In terms of assessment, the main aspect that should be focused on is customers’ confidential data stored on the company’s servers. The issue whether it was a distributed denial of service (DDoS) attack or it was an intrusion. The response that should follow will depend on the nature of the attack that occurred. If there was an intrusion as well, the company will be ethically obliged to inform the customers of such an incident. The attack should be evaluated, in order to identify the weaknesses in the company’s infrastructure, in addition, t those weaknesses that were known and/or identified before and during the attack. Considering the weaknesses identified, the most appropriate steps, including those identified in the case would involve the following aspects:
- Purchasing additional hard disks massive for leading detailed logging.
- Changing the Internet Service Provider (ISP) provider, following the theory of benefitting the stakeholders involved when choosing an ISP, rather than moral obligation.
- Providing sufficient focus to security issues, including such aspects as firewalls, which are capable of identifying such types of attacks, and distinguishing between normal and unwanted artificial responses, both at the gateway and with traffic going through the service provider.
- Developing strict procedures for response in such cases, identifying the roles and assigning responsibilities to those who should be responsible. CIO should not manage regular tasks and day-by-day responsibilities. CIO should be concerned with long-term strategies instead.
Accordingly, an audit might be recommended to be conducted in the company, in which the CIO of the company should work with the auditors to assess the internal controls in the company. In that regard, an assessment framework might be needed to be established in order to assess the impact of such incidents in the future.
The translation of the company’s architecture mentioned in the case, into infrastructure can be conducted as follows:
It can be concluded that despite the timely response of the company to the attack, there are many aspects that should be managed and many steps that should be taken afterward.
References
Pearlson, K., & Saunders, C. S. (2010). Managing and using information systems: a strategic approach (4th ed.). Hoboken, N.J.: Wiley.
Vries, S. D. (2004). Surviving Distributed Denial of Service (DDoS) Attacks. Corsair Limited. Web.