Availability, especially in publicly-traded companies, is essential to maintaining funding, reputation, and reliability. As the CISO, I would implement intrusion detection/prevention systems and backups to protect the business and the aforementioned characteristics.
Although attacks are inevitable, we should ensure availability through a strong incident prevention plan. Intrusion Detection Systems (IDS) send alerts to privileged users when a network shows unfamiliar traffic. An Intrusion Prevention System (IPS) performs the function of an IDS and takes action to stop the traffic. I would use these systems in tandem with network blacklist/whitelist policies to maintain integrity and prevent possible downtime. If an attacker cannot access the system, their attack vectors become limited, and they are less likely to affect the confidentiality, integrity, and availability of the company.
Depending on the function of the company, I may create backups stored in hot, warm, or cold off-premises sites. Hot sites can be used at a moment’s notice and are best for companies like financial or healthcare institutions. Both should experience zero downtime. Warm sites are not as quickly recoverable as hot sites and may take minor maintenance to be used after an incident. They might be used by companies that can afford to lose some uptime in favor of saving money. Cold sites require the most time and maintenance to recover, but they are less expensive than the others. Storing backups in different geographic regions is important because of the potential risk posed by natural disasters. I might also choose between offline and online backups. Online backups are, like hot sites, more easily accessible, but they are more likely to be included in any attack on the primary system. Offline backups are valuable because they could be overlooked in an incident. In general, keeping backups can minimize incident recovery time and maintain availability by providing an extra system copy.
These two systems would help me maintain the maximum amount of uptime as a CISO. The IDS/IPS would prevent service failure, and backups of different types would help to minimize it when an incident eventually occurs.