iSales is an e-commerce site that sells very popular boutique gifts. The site does close to $500,000 sales each day. There have been two security breaches.
1. Just before the peak selling season, late November, iSales.com, their Website was subject to a Denial of Service (DOS) attack that left iSales unable to respond to customers for 36 hours.
2. A computer hacker from Florida, described in court by a defense psychiatrist as an "idiot savantlike genius for computers and information technology", broke into the iSales computer systems and stole the credit card numbers of their customers. The hacker would drive past the iSales location with a laptop and tap into the unprotected wireless Internet signals. He then installed "sniffer" programs that picked off credit and debit card numbers as they were processed by the iSales computers. He sold the credit card numbers overseas. The losses to iSales customers and banks was said to amount to several million dollars.
How should iSales proceed to protect their infrastructure against malicious threats in general and these two attacks in particular? What short term and long term defensive actions should iSales management take? Provide guidance to iSales on the actions they should take to manage of security risks.
Additional requirement
This question lies from Corporate Strategy and describe about the security measures that need to be taken to protect its e-commerce website. The question is about an e-commerce website being hacked and the financial data of customers being stolen and sold overseas.
Word limit 450