Bob Turley has recently taken on the role of CIO at iPremier. Three months later, he is already facing a serious problem. On top of that, he is even physically away from the company at the time. From the information given in the case, I believe that Bob needs to analyze the company’s current security system and IT set up to determine what they could have done to prevent such an attack from happening in the first place and what proper counter-measures that should’ve been in place to properly react to such a situation.
The following is a list of existing system weaknesses that I have gathered:
1. Qdata – The Company’s data center that no one likes although it wasn’t explicitly given why it wasn’t good. However, the importance of changing to a proper data center was overlooked by the company due to the expense and personal relationship between founders.
A.24/7 support – The service that iPremier pays Qdata for, which obviously did not do the job that the name promises. This adds to the “con” of Qdata.
2. Emergency Procedures - A binder of outdated procedures, which means the IT people were not able to respond to the attack efficiently.
3. Staff Training – It seems to me that the training and discipline in the IT department is a bit lax as shown by Leon with the whole WoW Pvping and deferring responsibility to others on the phone call. Joanne, on the other hand, knows what she’s doing, but failed to keep the emergency procedures up to date.
Bob took over the CIO position in October of 2008, and the attack occurred on January 2009. Technically Bob had three months to implement and fortify the system weaknesses, but Bob did not know they would be attacked so he didn’t think of it. Now that their security has been breached, Bob should examine their current situation.
1. The Hacking – The perpetrators of this incident are obviously experienced and know their way around. They can start and stop the attack whenever they wished and sent emails...