Article | Academy of Management Learning & Education | September 2009
The Technology Manager's Journey: An Extended Narrative Approach to Educating Technical Leaders
Robert D. Austin, Richard L. Nolan and Shannon O'Donnell
Keywords: Information Technology; Management; Knowledge Use and Leverage; Business Education; Multinational Firms and Management; Entertainment; Communication; Curriculum and Courses; Framework; Design; Goals and Objectives; Learning; Information Technology Industry;
1.What is a denial of service attack?
Denial of service (DOS) attack is an attempt to make a piece of hardware like a machine or network resource unavailable to its intended users. This attack is performed by sending out a ood of information packets that gridlocks the networks resources rendering them unavailable. !ikipedia provides the following information about the federal governing of the crime"#Denial$of$service attacks are considered violations of the %nternet &rchitecture 'oards %nternet proper use policy and also violate the acceptable use policies of virtually all %nternet service providers. They also commonly constitute violations of the laws of individual nations. (!ikipedia *+,-)
How well did iPremier perform during the seventy-ve minute attack? If you were o! "urley# what# if anything# might you have done di$erently during the crisis?
%remier was unprepared for the /- minutes attack. This might have come due to too much faith in the 0datas abilities to control these situation and lack of vision with regards to any threats. %remier had contracted with 0data an %nternet hosting business that provided them with most of their computer e1uipment and internet connection. 0data was not viewed as an industry leader and was selected because it was located close to iremiers corporate head1uarters. 2owever despite being unprepared % do believe iremier did perform well enough during the /- minutes attack3 the situation was handled professionally by all parties involved. 4et even though they handled the matter professionally there is a point that the 5%O didn6t handle too well. 2e is responsible for whatever happens to the companys reputation be it good or bad. &t the moment they were not sure if their systems had been intrudedor if there was some sort of distributed DOS attack. This was because there was not a crisis management strategy in place. 7vidently the company also did not have e1uipment such as proper 8rewall to help subdue the problem. %f the attack had not ended as soon as it did and coupled with a possible intrusion the conse1uences on iremier would have been much more severe. %f % was 'ob Turley % would have ordered the system to be fully shut down even if it meant losing the data that would help the company 8gure out what had happened. %f the website was hacked it means customers information such as credit cards and social security numbers would have been compromised. % believe shutting it down would have been the safer move in managing the potential risk. Dealing with the stolen data and e9pense of the fallout of people6s personal information leaking is far more detrimental to the company than losing information about how the DOS occurred.
%.What information a!out these events should iPremier share with its customers and the pu!lic? &ustify your answer.
% am not sure that a disaster such as this intrusion should be regarded as public relations unless people6s identities were stolen. %f it is shared % believe they may have to share more information about what further steps to secure the infrastructure are planned and are taken to prevent it from happening again. These steps include integrating a well formulated framework for security management. %f shared with the public rehearsing the response is crucial to communicate the proper information to ensure the public can still trust iremier. !ell thought and planned out response (pre$crises) to ma:or incidents makes managers more con8dent and e;ective during real crises. 7ven if the incident occurs in a di;erent form from which was practiced practicemakes a crisis situation more familiar and better prepares managers to improvise solutions. This point could be applied to 1uestion < as well.