Ipremier Denial of Service Case

1. Premier was unprepared for the 75 minutes attack. This might have come due to too much faith in the Qdata’s abilities to control these situation and lack of vision with regards to any threats. Every ones reaction was that of panic because there were no crisis management strategy or disaster plans in place. As the communication lines got crossed and broke down, the sense of panic at iPremier grew higher with no defined plan on how to get out of it.

2. We would have had a teleconference with all the Technical Executives to discuss their risk assessment measures, then we would also included the Qdata key point of contact on the issue at hand to discuss possible recovery plan for this situation. The legal advisor will be asked to listen in on this conversation so he can better understand the situation and provide legal advice for the plan.

3. Despite the sense of professionalism maintained by Turley and Ripley it was clear that the company has no procedures in place to deal with infrastructure risk at any level. Needless to say that if this or any similar attack occurred during high traffic time the consequences might be excessive to the infrastructure, business and the reputation of the company. It was clear in the case that Jack hired Bob to create and implement proper policies and procedures for the infrastructure risk management. To do this, iPremier has to assess all known threats to the infrastructure risk matrix and develop procedures to immediately identify the type and risk. These threats would need to be continually assessed as new ones emerge and identification would determine the proper procedures defending against them. Additionally, the incident team manager must have a flawless understanding of the infrastructure design in order to identify where the highest risk of consequences from the attack will be. The case clearly illustrates that an important component of any procedure, regardless of the threat, is a chain of command. Incident team member must have clear of individuals’ role in managing any incident and it should be rehearse to enhance their responses during a real disaster. The command and communications between the supplier and customer should be clearly defined and documented. This documentation would lead to a chain of command and direct communication channels between iPremier and Qdata, whereby each the iPremier incident team principal would have a direct contact at Qdata. This would eliminate the disruption of having to physically go to Qdata to manage the incident or, alternatively, having to deal with a help-line tech. iPremier must define the incident management team, their responsibilities, the chain of command and the Qdata counterparts. The procedures must cross-over and coordinate with Qdata, which must have similar crisis management procedures. Emphasis of the crisis management procedures should first be on identifying the threat and then defending against it. Defense should be based upon prescribed decision tables based on threat levels. Input from parties outside of the incident team should be ignored