Ipremier and Denial of Service Attack †Case Study Essay Example for Free

Ipremier and Denial of Service approach shot Case Study EssayIn a recent Information Management lecture we went done the case of iPremier (read the full case) which is a popular case study from Harvard Business School. It was a made up case but the recent high profile hacking stories (such as Gawker) show that companies are not victorious security seriously.The background is that iPremier suffered a DOS attack in the middle of the night which caused chaos in the company. After an hour the attack stopped and the company went back to melodic phrase as normal. Two weeks afterwards another DOS attack was spawned from the companys horde directed at a enemy which proved that their server had been compromised. The FBI became involved, the competitor threatened to sue and the city analysts were thinking of downgrading the stock.Our role was to come up with recommendations as to how the processes and plans could be improved for the future. Keeping in mind that the security is abo ut more than fitting technology we needed to brainstorm around people and processes as well.1. People and processesDevelop a business continuity plan (test it end to end including suppliers and keep it updated) Develop an IT governance framework that includes security in its remit Develop clear reporting linesBetter training for emergenciesTrust your technical leaders and recognize sure enough they have the resources to lead in a crisisMake security part of strategy hire an independent audit team who report into the boardHire a security and risk skilledDevelop a better relationship with your hosting provider2. TechnologyAvoid single points of failure. Separate the server stack so that database, web and file servers are not on the same network drug abuse a reputable hosting provider with a world class infrastructure and support Make sure all your software program is up to date routine a combination of hardware and or software firewallsBackup and redundancy planning and testingA ctive monitoringStrong one-way encryption of passwordsUse open auth systems such as Facebook connect