“You are the CISO for a publicly traded company. What protections would you implement to ensure availability of your systems (and why)?”

1. an IRP, to have an organized, quick, and efficient response towards accidents so they’re taken care of quickly and responsibly, while also having regular drills to make sure everyone knows exactly what to do and in case of updates towards the plan.

2. Redundancy, in case servers go down, power goes out, etc, we’ll have a backup ready to resume operations instead of only having 1 source, and if said source goes out then so does the entire operation, reducing downtime from any errors outside of my control.

3. Regular Backups, we started learning about attacks on the cloud, and having regular backups would prevent problems like ransomware or data loss, this would likely be stored off-site so it’s harder to obtain.

4. Regular Patches & Monitoring, keeping systems updated constantly to prevent any vulnerabilities and constant monitoring of performance or anomalies so problems can be dealt with before they escalate.