Outline a quantitative approach for justifying the use of a

Outline a quantitative approach for justifying the use of a DDoS mitigation service to protect an e-commerce company such as SpaFinder. Can you identify any nonfinancial reasons to subscribe to a DDoS mitigation service? If so, what are they?

Solution

these workers join a team of full-time employees and other contingent workers for the life of the project and then move on to their next assignment. Whether they work, when they work, and how much they work depends on the company’s need for them. They have neither an explicit nor an implicit contract for continuing employment. Organizations can obtain contingent workers through temporary staffing firms or employee leasing organizations. Temporary staffing firms recruit, train, and test job seekers in a wide range of job categories and skill levels, and then assign them to clients as needed. Temporary employees are often used to fill in during staff vacations and illnesses, handle seasonal workloads, and help staff special projects. However, they are not considered official employees of the company, so they are not eligible for company benefits such as vacation, sick pay, and medical insurance. Because temporary workers do not receive additional compensation through company benefits, they are often paid a higher hourly wage than full-time employees doing equivalent work. Temporary working arrangements sometimes appeal to people who want maximum flexibility in their work schedule as well as a variety of work experiences. Other workers take temporary work assignments only because they are unable to find more permanent work. In employee leasing, a business (called the subscribing firm) transfers all or part of its workforce to another firm (called the leasing firm), which handles all humanresource-related activities and costs, such as payroll, training, and the administration of employee benefits. The subscribing firm leases these workers, but they remain employees of the leasing firm. Employee leasing firms operate with minimal administrative, sales, and marketing staff to keep down overall costs, and they pass the savings on to their clients. Employee leasing is a type of coemployment relationship, in which two employers have actual or potential legal rights and duties with respect to the same employee or group of employees. Employee leasing firms are subject to special regulations regarding workers’ compensation and unemployment insurance. Because the workers are technically employees of the leasing firm, they may be eligible for some company benefits through the firm. Organizations can also obtain temporary IT employees by hiring a consulting firm. Consulting organizations maintain a staff of employees with a wide range of skills and experience, up to and including world-renowned industry experts; thus, these firms can often provide the exact skills and expertise that an organization requires for a particular project. Consulting firms work with their clients on engagements for which there are typically well-defined expected results or deliverables that must be produced (e.g., creation of an IT strategic plan, implementation of an enterprise resource planning [ERP] system,e. Many companies turn to H-1B workers to meet critical business needs or to obtain essential technical skills and knowledge that cannot be readily found in the United States. H-1B workers may also be used when there are temporary shortages of needed skills. Employers often need H-1Bprofessionals to provide special expertise in overseas markets or on projects that enable U.S. businesses to compete globally. A key requirement for using H-1B workers is that employers must pay H-1B workers the prevailing wage for the work being performed. A person can work for a U.S. employer as an H-1B employee for a maximum continuous period of six years. With sponsorship from their employers, H-1B visa holders can apply for permanent residence. During the application periods, their H-1B visas can be renewed in one-year extensions until their green card is issued. Should a worker’s H-1B visa expire, the foreign worker must remain outside the United States for one year before another H-1B petition will be approved

First, you need a sense of realism. “There’s no 100% way of protecting yourself against a DDoS attack,” claims David Jacoby of the Global Research and Analysis Team at Kaspersky. The next step is to make sure your systems are in good order. Arbor Networks found that many firms fell victim to relatively minor DDoS attacks because of poorly configured firewalls and IPS devices.12 But that doesn’t mean that tidying up your firewall rules will make you immune. There are DDoS mitigation devices available, and many organisations have equipment from the likes of Arbor or Cisco on their premises. The problem is that with many kinds of attack, by the time the attack traffic has reached your perimeter, it’s too late to do anything about it.

Increasingly, firms are turning to specialist service providers for their DDoS mitigation. It’s becoming big business. For example, in September 2011, Tata Communications announced it was pushing out its DDoS protection services globally. This is a service that’s rapidly moving downwards in terms of size of organisation. The biggest firms already have DDoS protection in place, which means the attackers are looking at smaller, easier targets. Verisign’s Petro gives the examples of stealing money from banks via hacking. This is now very unlikely with big banks – the security is just too good. But in 2010, $70m was still stolen from banks in the US – mainly from small, local banks and credit unions that don’t have the resources or funds for the levels of security enjoyed by the big players. “So we’ve seen the problem move from something that was million-dollar botnets focused at multi-million dollar websites for coercion, blackmail and other reasons,” he says, “moving all the way down now to small and medium sized businesses.” He adds that Verisign was mainly selling to large corporates who were paying, perhaps, $500,000 a year. Now it’s finding an increasing amount of business among smaller firms, with services costing around $3,000-$4,000 a month. Verisign’s service is effectively a DNS swing. It maintains servers ready and staged with the customer’s IP. “We do this in two ways,” explains Petro. “At the upper end of the market the customer may have CPE on prem, and their first reaction will be from the CPE. They’ll swing their web server, so we’ll effectively become their ISP during that timeframe.