The Incident of the Distributed Denial of Service Attack

Posted on | by Laureen
Do you need this or any other assignment done for you from scratch?
We have qualified writers to help you.
We assure you a quality paper that is 100% free from plagiarism and AI.
You can choose either format of your choice ( Apa, Mla, Havard, Chicago, or any other)

NB: We do not resell your papers. Upon ordering, we do an original paper exclusively for you.

NB: All your data is kept safe from the public.

Click Here To Order Now!

Following the Distributed Denial of Service attack on the website of the iPremier Company, the companys Chief Information Officer (CIO) requested an evaluation report on the incident. The present paper analyzes and reports the incident along with the provided response.

The IT management of iPremier has managed fairly well against the attack that occurred on the webserver of the company. The IT HR of the company was utilized, and at the same time, the main response to the attack was not left to QData to handle. The attack was responded to in a timely manner, utilizing the fact that it was nighttime, and thus, the issue could be solved prior to customers awakening, without substantial interruption to the service. The identification of what information was at stake, and at the same time evaluating several solutions was a good managerial decision. In that regard, Turley had the option of pulling the plug, but nevertheless, he evaluated such a decision between the risks at stake and the identification of the type and the source of the attack, favoring the latter. Accordingly, Turley played his role as the CIO of the company, namely planning and implementing strategies to limit the impact of natural and human-made disasters on information technology and, consequently, the conduct of business (Pearlson & Saunders, 2010, p. 221).

If taking the role of Turley, one difference can be seen through is forming a team right away that would handle the situation in this case. Accordingly, critical services should be determined right away, with priorities being put on what actions should follow once the threat is identified (Vries, 2004). Additionally, immediate direct communication should have occurred with the service provider, in which the scale of the threat should have been communicated, and accordingly, no delays in access would have occurred. When evaluating the decision of pulling the plug, shutting down the power might have been optimal, considering the benefit for all stakeholders involved in this case.

The steps that should be followed after the attack can be seen through three dimensions, assessing the impact, mitigating the impact, and performing all the necessary steps that shall minimize the possibility of such threat occurring in the future. In terms of assessment, the main aspect that should be focused on is customers confidential data stored on the companys servers. The issue whether it was a distributed denial of service (DDoS) attack or it was an intrusion. The response that should follow will depend on the nature of the attack that occurred. If there was an intrusion as well, the company will be ethically obliged to inform the customers of such an incident. The attack should be evaluated, in order to identify the weaknesses in the companys infrastructure, in addition, t those weaknesses that were known and/or identified before and during the attack. Considering the weaknesses identified, the most appropriate steps, including those identified in the case would involve the following aspects:

  • Purchasing additional hard disks massive for leading detailed logging.
  • Changing the Internet Service Provider (ISP) provider, following the theory of benefitting the stakeholders involved when choosing an ISP, rather than moral obligation.
  • Providing sufficient focus to security issues, including such aspects as firewalls, which are capable of identifying such types of attacks, and distinguishing between normal and unwanted artificial responses, both at the gateway and with traffic going through the service provider.
  • Developing strict procedures for response in such cases, identifying the roles and assigning responsibilities to those who should be responsible. CIO should not manage regular tasks and day-by-day responsibilities. CIO should be concerned with long-term strategies instead.

Accordingly, an audit might be recommended to be conducted in the company, in which the CIO of the company should work with the auditors to assess the internal controls in the company. In that regard, an assessment framework might be needed to be established in order to assess the impact of such incidents in the future.

The translation of the companys architecture mentioned in the case, into infrastructure can be conducted as follows:

Component Goals Architecture Infrastructure
Hardware Receiving benefits through selling good son the internet. Providing access to internet Router
Being available for purchase 24 hours a day. Providing access to the companys webpage. Web servers
Are capable of sharing knowledge internally and externally, between customers, employees, and suppliers. Connecting the internal network of the company Switches
Providing appropriate means to monitor the infrastructure of the company. Storing log data in the network Hard disk clusters providing storage.
Software Managing the confidentiality and the privacy of the customers data. Maintaining the reputation as a reliable company. Protecting the companys network from intrusion Hardware and software firewall
Data Holding accountability of the customers confidentiality. Storage of customers information Database

It can be concluded that despite the timely response of the company to the attack, there are many aspects that should be managed and many steps that should be taken afterward.

References

Pearlson, K., & Saunders, C. S. (2010). Managing and using information systems: a strategic approach (4th ed.). Hoboken, N.J.: Wiley.

Vries, S. D. (2004). Surviving Distributed Denial of Service (DDoS) Attacks. Corsair Limited. Web.

Do you need this or any other assignment done for you from scratch?
We have qualified writers to help you.
We assure you a quality paper that is 100% free from plagiarism and AI.
You can choose either format of your choice ( Apa, Mla, Havard, Chicago, or any other)

NB: We do not resell your papers. Upon ordering, we do an original paper exclusively for you.

NB: All your data is kept safe from the public.

Click Here To Order Now!