Ipremier and Denial of Service Attack †Case Study Essay

In a recent Information Management lecture we went through the exemplar of iPremier (read the full case) which is a popular case study from Harvard Business School. It was a made up case but the recent high profile hacking stories (such as Gawker) show that companies are non taking security seriously.The background is that iPremier suffered a DOS attack in the middle of the night which caused chaos in the company. aft(prenominal) an hour the attack stopped and the company went back to business as normal. Two weeks later another DOS attack was spawned from the companys boniface directed at a competitor which proved that their server had been compromised. The FBI became involved, the competitor threatened to sue and the city analysts were thinking of downgrading the stock.Our role was to come up with recommendations as to how the processes and plans could be improved for the future. Keeping in mind that the security is about more than just technology we needed to brainstorm around people and processes as well.1. People and processes nonplus a business continuity plan (test it end to end including suppliers and keep it updated) Develop an IT governance framework that includes security in its remitment Develop clear reporting linesBetter training for emergenciesTrust your technical leaders and make sure they have the resources to lead in a crisis irritate security part of strategyHire an independent audit team who report into the boardHire a security and risk expertDevelop a better relationship with your hosting provider2. TechnologyAvoid single points of failure. Separate the server stack so that database, web and file servers are not on the same network Use a reputable hosting provider with a world class infrastructure and support Make sure all in all your software is up to dateUse a combination of hardware and or software firewallsBackup and redundancy planning and testingActive superviseStrong one-way encryption of passwordsUse open auth systems such as F acebook connect