You are the CISO for a publicly traded company. What protections would you implement to ensure availability of your systems (and why)?

If I was put into the role of a CISO in charge of managing availability, there are a few ideas that could be implemented not only to ensure availability but also to improve overall security.

One of the first things that I would implement is Role Based Access Control (RBAC). RBAC would give administrators the ability to manage the roles of authorized users. This means that employees would get the information that’s available to them in a more simplified and secure manner.

Another concept I would put in place is Multi-factor Authentication, with more of an emphasis on Biometric Authentication. Using complex passwords is helpful, but adding an application that’s needed for accessibility, as well as fingerprints or DNA scans, would greatly increase the security that comes with each person logging into the system. Additionally, it also specifies who is who and makes necessary information accessible to the people that are authorized to see it.

Thirdly, something that could ensure availability is Backups. With multiple backups of data, employees that may need to see older information would an option that provides access to them. Also, in the event of a security breach, the company would have security in backlogs of information that could be salvaged to allow systems to continue functioning while the breach is dealt with.

These are some of the ideas that I would implement in a public trading company as a CISO. My reasoning for them is that they not only increase overall security with the help of the CIA Triad, but they would also provide increased availability in the form of providing information efficiently.

Kirkpatrick, C. (2022, August 4). 200t mod 02C – the CIA triad and other cybersecurity fundamentals. Google Slides. Retrieved December 4, 2022, from https://docs.google.com/presentation/d/1DM78jjP0T5eXYWkgWm7JaD1Kg_vVadsrgDy5Em0hrUQ/edit#slide=id.g15a69fc78cf_0_6