Memorandum
To: Mr. Bob Turley, CIO
From: Independent Member on the Board of Directors
Date: January 13, 2003
Subject: Actions Following the DoS Attack
As a result of the DoS attack earlier this morning, it is important to assess and address the upcoming actions of our company with regard to customers, procedures, security, and partners. Below I have summarized my suggestions on how to handle these issues and what needs to be done to prevent another attack from reoccurring.
Customers: Do we disclose the attack?
After weighing both the advantages and disadvantages of disclosing the attack to the public, it appears that the best course of action would be to disclose the information to the public. As we currently stand, we do not know if any account information has been compromised; however, if there was a compromise somewhere during the attack, iPremier could face heavy lawsuits. This would be an extremely high cost to incur for the company. Therefore, we need to let the customers know that there was a DoS attack, and that there does not appear to be any compromise of account information. We also need to make them aware that we will be taking to prevent an attack from reoccurring.
Procedures
It is clear through this morning’s events that we need to reassess and/or implement various procedures in our organization. Below is a summary of these procedures
o Public relations—it appears that th ...