Failover systems are one of the best places to start when implementing safe measures as a CISO. Spreading your data centers (geographically) across the country is a good way to minimize the risk of having multiple sites down concurrently. Following up on failover systems, having proper data backups and being familiar with the organization’s DRP is essential in restoring systems to operating capacity. Again, whilst on the topic of mitigation and prevention, patch management is largely necessary in the grand scheme of things. Monitoring and updating your patches minimizes the risk of a vulnerability creating unnecessary downtime for the organization. Finally, incident response / active reconnaissance helps the organization properly identify a threat before it causes harm. As a CISO, these are the protections I’d elevate to the highest priority.