Q:
You are the CISO for a publicly traded company. What protections would you implement to ensure availability of your systems (and why)?
With a publicly traded company, system availability is paramount to maintain at all times. If clients, staff and/or shareholders lose access for any amount of time, it can cause various degrees of problems, even if it’s just for a few minutes. As the CISO of such a company, I would most certainly implement a myriad of ways to ensure system availability. One way would be to introduce redundancy into the network and systems; things like keeping backups of any sensitive or important data and replicating domain controllers would assist in maintaining service availability. This is because in the event that crucial data is lost or corrupted, the backups can be used to restore that information to it’s former state. Replication or redundancy of domain controllers would help availability in the event that one controller goes down; thanks to the numerous other domain controller(s) introduced to the network, the service can still be controlled and operated while the downed domain controller is restored. Other ways to help ensure availability of company systems would be to implement regular monitoring of application and service performance, as well as regular updates to network device software and hardware. Monitoring software can supply network admins with ample data on performance and can give them alerts when failures happen. Furthermore, staying on top of necessary updates to both software and hardware will keep the network fitted with the latest in security and keep devices compatible with current technologies.
In conclusion, there are many ways in which availability can be protected in a network, but these methods will certainly be the first few protections I would look to implement to keep my company’s services available to employees, customers and shareholders as often as possible. To ensure availability is to ensure reliability, and it’s important that the world would be able to rely on my company’s systems.