Internet activists are often a group of people who meet in the cyber world and collectively deny customers access to company websites. The intention of these Internet activists is often denial of service. While the intentions of "traditional" hackers are not only denial of service but also theft of privileged information and data, Internet activists only seek to disrupt service. Nowadays, organizations should protect themselves from cyber attacks on their websites by adopting a very structured security policy. . It is not enough to have a secure infrastructure as a one-off effort, but continuous monitoring is required to ensure that security breaches do not occur. A well-configured intrusion detection system is the first step to ensuring a constantly monitored network. Firewalls, constantly updated antivirus programs, frequent and timely software updates as well as penetration testing could help organizations become targets of external attacks. While organizations try to keep their business up and running through their websites, activists work hard trying to disrupt the offerings. provided by these organizations to their customers. Distributed Denial of Service (DDoS) attacks are one of the primary means of destabilizing a business. A DDoS attack often begins with the creation of an attack network. Attackers use tools like Nmap and Nessus and find vulnerable machines that become secondary targets from which the attack is launched on the victim. While organizations cannot prevent attackers from using these secondary objectives, some mitigation strategies such as load balancing, throttling, or request dropping are security countermeasures that could be applied to address such concerns. The post-inci. ..... half of the document .... .. the process should include questions about the location of the servers on which the data is stored. This is important because there would be significant legal implications depending on the country where the data is hosted. Additionally, questions about who will handle the data and in what locations, identity access, and privacy controls should be discussed. The data encryption techniques used by potential suppliers would lead to a good deal of confidence in choosing a supplier. Questions about data separation should also be asked. This would ensure that other customers of the same provider have their data separate and apart. The cloud service provider should also be asked for details on disaster recovery and business continuity plans. Service level agreements (SLAs) should be well detailed and documented to avoid confusion and provide clarity.