Prompt: In this discussion board, you are the CISO for a publicly traded company. What protections would you implement to ensure availability of your systems (and why)?

The protections I would implement to ensure availability of my systems would be to follow the National Institute of Standards and Technology (NIST). By using strong countermeasures we can ensure that the data stays available and we minimize the risk and stop the opportunity of systems even being stopped. The first countermeasure I would implement would be a hybrid combinations of servers, a cloud based one and a local server. With this approach it makes it harder for all the systems to go down because if one goes down the other servers are still available. Another countermeasure I would put is security-awareness training for the employees. Making security-awareness training required ensures that people know what to look out for if there’s a threat and how to approach it safely. Doing this minimizes the risk of hackers being able to manipulate employees and thus stopping hackers from being able to take down the servers. One time training is not enough in today’s environment, unfortunately. As technology advances so do the threats as well, the employees will need to be updated and trained on these newer threats constantly to ensure that they don’t fall for security vulnerabilities and are able to avoid them. Finally, developing a good Cybersecurity Policy is key to ensuring the availability of the servers of your company. Making sure the company is able to run the best as it can makes it difficult for hackers to get through and enforcing your policies makes it so employees don’t mess up can sure that little to no vulnerabilities happen so that the servers stay up. In conclusion, using hybrid combinations, training, and policy can help minimize the risk and keep the availability of the servers in check.