- The iPremier company experienced a 75-minute distributed denial of service (DDoS) attack early one morning when traffic to their website was minimal. Few employees were aware of the source or extent of the attacks. - The initial response was considered appropriate as personnel like the CEO and legal counsel avoided rash decisions that could have further harmed the company. However, the company was deficient in several operating procedures for responding to attacks. - To prepare for future attacks, the company should purchase additional storage for logging data, update emergency procedures, employ more security personnel, and improve network defenses and monitoring. Failure to address deficiencies could result in loss of customer data, lawsuits, and major public relations issues for

1. Running head: IPREMIER CASE
1
Ipremier Case
Student’s Name
University/College

2. IPREMIER CASE
Ipremier Case
Question 1
The iPremier company performed very well during the seventy-five-minute attack. The
distributed denial of service (DDos) attack is a major security threat to the company’s operations.
During the attack, few personnel knew the source of the attacks. Furthermore, it was early in the
morning, and few people were available to aid in resolving the attack. The staff was involved in
making decisions that would prove beneficial to the company, considering the source and extent
of the attack were unknown. It was also a time when traffic to the company’s website was
minimal (Austin & Short, 2009). Those involved include the CTO Tim Mandel, the CEO Jack
Samuelson, the company legal counsel Peter Stewart the VP of Business development Warren
Spangler and the operations team leader Joanne Ripley. The response was applicable, as the
personnel involved did not make rash decisions that would have been a risk to the company. For
instance, some employees like Stewart believe that cutting the cords would prevent further harm,
yet they were unaware of what the exactly the attack was doing. In this regard, cutting the cords
would have been risky, as it would mean that more tie would be spent in restoring operations at
the company (Khan, 2015). It would be time-consuming and costly, and this would have been a
bad choice. Some personnel like Warren also believed that the attack should have been reported
to the police. It would have been beneficial, but the police would not have done anything that
would have been of benefit. After all, the hackers made it difficult to trace their location. They
also made it difficult to end the attack, as preventing attacks from one address would lead to the
emergence of attacks from ten more addresses. The company also prevents additional issues if
they reported to the police (Austin & Short, 2009). The attack would have been reported in the
media, and would have led to further issues for the company. For instance, it could result in

3. IPREMIER CASE
lower confidence among the clients, with some suspicious that the attack could have led to the
loss of personal information like credit card numbers. In this regard, the company responded
quite well to the attack and avoided the emergence of further issues that could have been
disastrous for the company.
In the context that I was Bob Turkey, I would have made differing decisions during the
attack. Specifically, I would first get in touch with the public relations department. It would
entail making preparations in case the attack went out of hand, leading to disastrous
consequences for the company. I would ensure that they carry out the necessary decisions in case
the issue went out of control. The PR department should be ready to communicate with the
clients on the extent of the attack, and the strategies the company and put in place to prevent
attacks in future. It would prove beneficial in reassuring the customer that they information is
safe and that they can continue to rely on the company. I would also ensure that the attack has
been reported to the necessary authorities. The current attack could have been a malicious
attempt to test the network defenses, and an attack could occur in future. It would happen if the
malicious attackers gain knowledge on the company’s responses, and would take advantage in
future attacks (Gülpinar, Harrison, & Rustem, 2011). Reporting the incident would make it easier
to solve the issue, such as tracing similar attacks in other companies and deterring future attacks.
Question 2.
The company does have a deficit in operating procedures. It can be seen in regards to
how the company respondent to the attacks. The company does not have emergency procedures.
Not all the personnel in the organization are aware of the emergency procedures, and those in
existence are not updated. In this regard, the emergency procedures should be updated. It will
ensure that all employees are aware of what to do in case of attack, and how to respond

4. IPREMIER CASE
appropriately. The company lacked additional storage that could have been used for storing
access logs (Khan, 2015). The company’s network procedures lacked the requirement for
additional storage to store access logs. It would have been beneficial in handling the attack. It
provides a means to determine the source of the attack quickly, and what the attackers are doing.
Furthermore, it would have prevented the attack in future.
The employees also play online games during working hours. It is the case with the
‘world of warfare’ game. In this regard, Leon attributed the attack to revenge by teammates from
a different company. Essentially, if this were a reason for the attack, then the workplace policies
should be changed to prevent the use of company resources to play video games online. It
created an additional risk for the company, and the organization was hacked due to the urge for
revenge. Furthermore, even though Leon attributed the attack to fellow online ‘WoW’ players,
the company did not respond appropriately to deal with the issue. Specifically, it was not in a
position to respond to the attack, as Turkey was not well informed about the game, and its
members (Austin & Short, 2009). In this regard, if the company made policies that discouraged
or prevented the employees from playing the online game, then they would have been at risk of
attack due to feuds arising from online gaming.
The company has software in place do deal with attacks such as DDos attacks and a
firewall. Despite these standards, the company was still unable to deal with the attacks. It is a
significant deficit that meant that the company was easy prey for hackers. Policies in place would
entail updating the software that acts as the first line of defense in case of attack. It would prove
beneficial in preventing future occurrences of such an attack (Gülpinar, Harrison, & Rustem,
2011).
Leon is also considered as the first personnel that could have responded to the attack, yet

5. IPREMIER CASE
he was unaware of the source and effect of the attack. Furthermore, Tim made differing
recommendations on how to deal with the attack. He suggested pulling the plug, which would
have been risky to the operations of the company considering the attack occurred for only a short
time with minimal impact. In this regard, the company can update its procedures to ensure that
more personnel that are skilled are on the night shift. It would prevent further harm from
occurring. Leon had to wait for more personnel before he could make a decision on how to
handle the attack. It would be imperative to have more skilled personnel available to deal with
attacks in future (Chapela, Criado, Moral, & Romance, 2015). It would ensure that the right
decisions are made in the case of attack. It would prevent the devastating effects of the attack,
and would act as a means to determine the cause and source swiftly.
Question 3.
The company can prepare for future attacks by purchasing additional storage. It would be
used for the storage of logging data that can be used in reconstructing attacks in future. It would
act as a preventive mechanism to ensure that the hackers will not take advantage of a particular
weakness in the company’s system. It would also play a role in determining the location of the
attackers. In this regard, it would prove beneficial in preventing future attacks on the company.
The logging data should also be analyzed frequently (Austin & Short, 2009). It can reveal
information such as unwarranted access that has not been detected. The information can be used
in curbing future attacks on the company.
The company should update its emergency procedures. During the attack, a large number
of the employees were unaware of what should be done after the attack. They all offered
different ways of responding to the attack. The emergency procedures should detail how the
company should respond to attack, and what each employee should do. The attack was short-

6. IPREMIER CASE
lived, but could have led to the loss of valuable data concerning employees and clients.
Furthermore, if it occurred during the day, then it could have negatively affected the company’s
operations (Khan, 2015). The emergency procedures will have to consider the time of day when
the attack is carried out, and to safeguard critical data.
The company should also employ more people to deal with the attack. After the attack,
Spangler called personnel from the organization. It led to a rise in fears among the employees as
most of them we unaware of the extent of the attack, yet they offered ways to resolve the attack.
Joanne was also denied access to the Qdata center, and the personnel who would have provided
an adequate solution were not available (Austin & Short, 2009)y. In this regard, the company
should rely on its own data center to reduce the chain of command involved when dealing with
such an attack in future. They should employ more people and establish their data center to
ensure that future attacks will be dealt with swiftly.
Question 4.
In the aftermath of the attack, I would be worried about the loss of valuable credit card
information and client data. A large number of the employees were unaware of the cause and
long-term effect of the attack. Important information could have been stolen that would lead to
additional problems for the company. It can result in loss of customers, especially when the
information is used maliciously. It is dangerous to the company, and could lead to more
problems. There is also the threat of lawsuits from the attack. For instance, the company lacked
proper strategies to deal with the attack, and some clients could feel that the company is not keen
to ensure the security of their information (Khan, 2015). It can be a major issue for the company.
Furthermore, the attack could lead to a major PR scare such an attack, with an unknown origin or
a means to resolve could be dangerous. It would mean that an attack could be carried out in

7. IPREMIER CASE
future that has a far much worse effect. For instance, it would mean that the business halts its
operations if it is unable to deal with it. It would also loose most of its clients if they were unable
to interact with the company through the website.
Several actions could be recommended. First, all employees should be informed of the
attack that occurred. It would encourage them to report any cases of malicious activities that
could lead to attack. For instance, the attack could have emerged from within the company with
people who are aware of its policies and procedures. It could also emanate from unfamiliar
people who access the company networking resources from within the company. Mostly,
communication with all employees would encourage them to ensure the security of the company,
and report cases of malicious attacks in the company (Gülpinar, Harrison, & Rustem, 2011). It
would be important to inform all clients that the company has been attacked. It can be achieved
by providing information about the attack on the website. It would be beneficial in case the
attack leads to losing of information from the client that is then used maliciously. Moreover,
reporting such information would improve the relationship between the company and clients, and
would increase the trust between the two parties
Question 5.
The contingency plan will entail corporate security and disaster recovery. Essential this
will be through security policies and emergency procedures to ensure that the company s
prepared for future events. The contingency plan details the steps taken by the company in case
of an attack or network disruption.
i. Developing the consistency planning strategy or statement - It will ascertain the need to deal
with the risk of a DDos attack or any future attacks. The policy statement will detail the
contingency objectives of the organization. It will comprise several variables (Khan, 2015). The

8. IPREMIER CASE
will involve minimizing the risk and loss faced by the company. It will also seek to protect the
organization from lawsuits. It also provides the company with a means to recover after such as
attack. The plan will also detail what is at stake, and how the company can preserve the
consumer confidence.
ii. Organization impact analysis. It will play a role in the identification of processes that would
be beneficial to the success of the organization. They will then be combined with the IT systems
and processes. This analysis will also detail the costs arising from losing the identified processes.
iii. Identification of preventive controls – This is through the establishment of preventive
controls to address system outages before they occur. It is the best strategy as long as the costs
involved do not surpass the criticality of the system. It will entail coming up with a new way of
protecting IT assets in the organization, and ensure their safety.
iv. Establish recovery strategies – recovery strategies are essential in case the preventive
measures fail. The recovery options will depend on the internal resources and capabilities, type
and number of critical systems supporting the business and the needs of the organization.
v. Plan training, testing, and maintenance - The final phase of the plan entails testing to ensure its
applicability to the organization. It established the viability of the organization contingency plan.
It will identify issues with the plan, and procedures that have been outlined but are complex in
execution. Training will ensure that all employees aware of the needs of the plan, and what they
can do during a crisis. It will increase the successful recovery after a disaster. Finally, the plan
should be maintained. It involves updating the plan to ensure that all employees have the best
tools to deal with disasters.

9. IPREMIER CASE
References
Austin, R. D., & Short, J. C. (2009). Case 1: The iPremier Co. (A): Denial of Service Attack
(Graphic Novel Version). New York: Harvard Business School Publishing.
Chapela, V., Criado, R., Moral, S., & Romance, M. (2015). Intentional risk management through
complex networks analysis. Cham: Springer.
Gülpinar, N., Harrison, P. G., & Rustem, B. (2011). Performance models and risk management
in communications systems. New York: Springer.
Khan, M. A. (2015). Diverse contemporary issues facing business management education.
Hershey: Business Science Reference.
Pablos, P. O. (2015). Knowledge management for competitive advantage during economic crisis.
Hershey, PA: Business Science Reference.