Availability is the idea in the CIA triad that refers to as having the correct authorized users able to access the systems, data, and network necessary to go through with performing their day to day tasks. Ensuring this requires a few redundancies and policies, and here is what I would do if I were a CISO.

First is redundancy, things to make sure that if something happens, it can be fixed immediately. Having regular backups created and checked at night to be available during a natural disaster, or a hacking incident, or software or hardware malfunctions would be one of the main redundancies. A backup network system, and backup generators available for the host networking provider and for the building would ensure that power outages are not an issue.

Next is policies, things I can put in place to make sure that things happen when and how they are supposed to. A policy for a weekly backup at the lowest log-on times for the network and software, while erasing backups created over a month ago. Keep all software up to date and virus protected. Finally, a policy would be in place to make sure that all the redundancies are tested, I.E. the backups, the backup generators, and remote backup servers.

I myself am not a CISO of course, but I think these would definitely keep availability up at the “99.9% of the time” mark.