Instructions:

In this discussion board, you are the CISO for a publicly traded company. What protections would you implement to ensure availability of your systems (and why)?

---

In order to protect availability, the first step I would take is to get a lay of the land. I would look at what the network looks like, what the systems look like, and what connections we have for electricity and internet. For the network, I would use Cisco’s three tier design with its layer 3 switches in the core/backbone and in the distribution layer which provides much redundancy, and smaller regular switches for the users. I learned about Cisco’s model and it seems like a great way to bring redundancy to network connections. Next I would make sure that we have a connection to two different ISPs, if possible depending on our location. Having two different ISPs helps when one goes down and one of them could come back online faster than the other if both go out. We could have a cheaper connection at the second as more of an emergency backup, or it could take half our usual traffic. I would also do the same with electricity if possible because one could experience an outage and we’d be fine. For the software on the systems, I would harden the systems by disabling/removing any unnecessary programs/processes to better optimize performance and reduce the likelihood of crashes. As for the hardware, I would ensure that power supplies are uninterruptable, redundant, and can produce more watts than the system can draw, if possible. Uninterruptable PSUs protect the components with unwanted power events like brownouts and spikes, and let data save properly before shutting down. There would also have to be a good schedule based on activity logs for the best time to shut down for updates.