Professional Documents
Culture Documents
3. In the aftermath of the attack, what would you be worried about? What
actions would you recommend?
In the shadow of the attack I would be worried about another DOS. However, what
would be more detrimental is if the attack took place at a high traffic time of the day
rather than 4:00 am when it is not as productive or where network traffic on the
website is not at a peak. In the aftermath, managers of iPremiers infrastructure will
need to rebuild parts of it. In order to restore the infrastructure to it pre-incident
moment, they will be required to erase and rebuild everything. If configuration and
procedures have been carefully documented in advance, recovery can happen
immediately. If not this could be a cumbersome and lengthy endeavor.
I recommend that actions will need to be taken to investigate to understand what
exactly happened during the attack. This will reveal the actions that need to be taken
to prevent this from happening in the future. Most importantly, the company owes its
clients and business partners detailed information about what happened so that all
involved can determine the consequences of the attack. In crises management and in
formulating actions after a crisis, it is important to communicate with all parties
involved. I would then recommend moving forward with integrating crisis incident
procedures and a well formulated security management framework for protecting the
company in the future.
4. Now that the attack has ended, what can iPremier do to prepare for another
such attack? Recommend a plan that will help iPremier avoid another such
incident.
Risk management is necessary. I stated in question 2 the importance of having a crises
plan in place in case a breech may occur is extremely important. This crises plan
needs to have well documented emergency procedures. A pre-crisis plan of practices
in place makes incidents more manageable. The following plan needs to include:
sound infrastructure design, careful documentation, disciplined execution of operating
procedures, and an established crisis management plan. A sound infrastructure design
is infrastructure that has been designed with a contingency of sound recoverability and
tolerance for failures. By this design the losses associated with a Dos or a breech are
more likely to be contained and easier to manage. IPremier will need to find a better
internet service provider if Qdata fails to update its infrastructure and technology.
Careful Documentation ensures that crisis management is precise with the most
important critical details; reliable, accurate, and careful documentation saves time,
costs, and increases confidence when dealing with a crisis. Proper documentation
maintains a baseline of knowledge about infrastructure configurations. Disciplined
execution of operating procedures is only as good as a plan and can only be followed if
it is documented well. These procedures, when executed properly make the diagnosis
of problems more effective. Scheduled infrastructure audits uncover lurking problems
or vulnerabilities and must be performed often. Finally, established crisis management
procedures are procedures for managing incidents. They effectively guide the
diagnosis of problems, help managers decision-making efforts more efficient, and
specify who should be involved in problem-solving activities.