The precautions that I would take as the CISO is to make sure that everyone has training every 6 months. The training would be advanced and not just something that one person could click through. I would do in person training as well make them do an activity so that I know they are following along. We would do penetration tests as well throughout the year, so phishing attempts would be included. If anyone is in security violation we would treat them all the same. We would follow all rules and procedures just as they are written no matter what. To ensure the availability we would need these security measures because if someone were to plug in a usb because they are angry they got fired or an employee thinks that it’s smart to store all the passwords on the company’s share drive. I would make sure that there is redundancy within the network so if one thing were to go down something would automatically replace it. There would also be back up to the systems everyday in the middle night and that were to fail the on call network admin would be on call to fix the issue.