Cengage - Darden Business School Case Study Analysis
Descripción: milford
Descripción: Wintel Case
CASE WRITE UPFull description
A story about managing security and trust in the Internet world.Full description
case write up
dasdasFull description
clinical case write upof appendicitis. clerked at muar gh
Some example of case write-up for medical student for my friends reference
SURGERY CASE WRITE UP mbbs
Case write up of general mills case
Full description
AmTran Technology Case Write Up - International Corporate Strategy. Partnerships with Vizio & TV technology industryFull description
for nephroticFull description
case write up (not complete)Full description
Case Analysis IPremier
Clarkson Lumber Part 1
1. What is a denial denial of servi service ce attack attack? ? Denial of service (DOS) attack is an attempt to make a piece of hardware like a machine or network resource resource unavailable to its intended users. This attack is performed by sending out a ood of information packets that gridlocks the networks resources rendering rendering them unavailable. unavailabl e. !ikipedia provides the following information about the federal governing of the crime" #Denial$of$service attacks are considered violations of the %nternet &rchitecture 'oards %nternet proper use policy and also violate the acceptable use policies of virtually all %nternet service providers. They also commonly constitute violations of the laws of individual nations. (!ikipedia (!ikipedia *+,-)
How well did iPremier perform during the seventy-ve minute attack? If you were o! "urley# what# if anything# might you have done di$erently during the crisis? %remier was unprepared unprepared for the /- minutes attack. This might have come due to too much faith in the 0datas abilities to control these situation and lack of vision with regards to any threats. %remier had contracted contracte d with 0data an %nternet hosting business that provided them with most of their computer e1uipment and internet connection. 0data was not viewed as an industry leader and was selected because it was located close to iremiers corporate head1uarters. 2owever despite being unprepared % do believe iremier did perform well enough during the /- minutes attack3 the situation was handled professionall professionally y by all parties involved. 4et even though they handled the matter professionally professionally there is a point that the 5%O didn6t handle too well. 2e is responsible for whatever happens to the companys reputation reputation be it good or bad. &t the moment they were not sure if their systems had been intruded or if there was some sort of distributed DOS attack. This was because there was not a crisis management management strategy in place. 7vidently the company company also did not have e1uipment such as proper 8rewall 8rewall to help subdue the problem. %f the attack had not ended as soon as it did and coupled with a possible intrusion the conse1uences on iremier would have been much more severe. %f % was 'ob Turley % would have ordered the system to be fully shut down even if it meant losing the data that that would help the company company 8gure out what what had happened. %f the website was hacked it means customers information such as credit cards and social security numbers would have been compromised. % believe shutting it down would have been the safer safer move in managing the potential potential risk. Dealing with the the stolen data and e9pense of the fallout of people6s personal information information leaking is far more detrimental to the company than losing information about how the DOS occurred.
%. What information information a!out these events should should iPremier iPremier share share with its customers and the pu!lic? &ustify your answer. % am not sure that a disaster such as this intrusion should be regarded as public relations relation s unless people6s identities identities were stolen. %f it is shared % believe they may have to share more information about what further steps to secure the infrastructure are planned and are taken to prevent it from happening again. These steps include integrating a well formulated formulated framework for security security management. %f shared with the public rehearsing the response is crucial to communicate the proper information to ensure the public can still trust iremier. !ell thought and planned out response (pre$ crises) to ma:or incidents makes managers more con8dent and e;ective during real crises. 7ven if the incident occurs in a di;erent form from which was practiced practice makes a crisis situation more familiar and better prepares managers to improvise solutions. This point could be applied to 1uestion < as well.
'. In the aftermath aftermath of the attack# what what would you !e worried a!out? What What actions would you recommend? %n the shadow of the attack % would would be worried about about another DOS. 2owever what would be more detrimental is if the attack took place at a high tra=c time of the day rather than <"++ am when it is not as productive or where network tra=c on the website is not at a peak. %n the aftermath managers of iremier6s infrastructure will need to rebuild parts of it. %n order to restore the infrastructure to it pre$incident moment they will be re1uired to erase and rebuild everything. %f con8guration and procedures have been carefully documented in advance recovery can happen immediately immediate ly.. %f not this could be be a cumbersome and lengthy endeavor. endeavor. % recommend that actions will need to be taken to investigate to understand what e9actly happened during during the attack. This will reveal the actions actions that need to be taken to prevent this from happening in the future. >ost importantly the company owes its clients and business partner6s detailed information about what happened so that all involved can determine determine the conse1uences conse1uences of the attack. %n crises management and and in formulating actions after a crisis it is important to communicate with all parties involved. % would then recommend moving forward with integrating crisis incident procedures and a well formulated security management framework for protecting the company in the future.
(. )ow that the the attack has has ended# ended# what can iPremier do do to prepare prepare for another another such attack? *ecommend a plan that will help iPremier avoid another such incident. ?isk management is necessary. necessary. % stated in 1uestion * the importance of having a crises plan in place in case case a breech may occur is e9tremely e9tremely important. important. This crises plan plan needs to have well documented emergency procedures. & pre$crisis pre$crisis plan of practices in place makes incidents more manageable. The following plan needs to include" sound infrastructure design careful documentation disciplined e9ecution of operating procedures and an established crisis management manageme nt plan. & sound infrastructure infrastructu re design is infrastructure that has been designed with a contingency of sound recoverability and tolerance for failures. 'y this design the losses associated with a Dos or a breech are are more likely likely to be contained and easier easier to manage. %remier will will need to 8nd a better internet service provider if 0data fails to update its infrastructure and technology. 5areful Documentation ensures that crisis management is precise with the most important critical details3 reliable accurate and careful documentation documentation saves time costs and increases con8dence when dealing with a crisis. roper documentation maintains a baseline of knowledge about infrastructure infrastructu re con8gurations. con8gurati ons. Disciplined e9ecution of operating procedures is only as good as a plan and can only be followed if it is documented documente d well. These procedures when e9ecuted properly make the diagnosis of problems problems more e;ective. Scheduled infrastructure audits uncover lurking problems problems or vulnerabilities and must be performed often. @inally established crisis management procedures are are procedures for managing incidents. They e;ectively guide the diagnosis of problems help manager6s decision$making e;orts more e=cient and specify who should be involved in problem$solving activities.