As a CISO, there are a few options that can be done to ensure the protection of data and availability. There should be Anti-Virus software installed on all devices used for this company. These devices should be checked regularly for any potential risks or viruses to ensure the safety of the information. Have all devices automatically update all patches to make sure all data will stay protected. Another way to prevent viruses would be to monitor all activity that goes through your company. Make sure that spam filters are on to prevent viruses. To make sure employees do not become infected by fake “installments”, make sure all IT Administrators have verified these updates. On the employee’s behalf, make sure that all of their work passwords are changed regularly. They should also enforce Two-Factor Authentication (2FA) to ensure the safety of the employees and the data. CISOs can also check on their employees and their likelihood of becoming infected with viruses by testing them with fake virus emails. 

To ensure protection of available information, the company should limit the people who have access to the data. Those specific employees should be the only individuals to have access, unless they provide access to others. The CISO must make sure that all information is reliable and available to the employees that need it. The CISO should give employees access to only the data systems they require for their position, and make sure they are unable to install any software without permission. Control direct access to your computers and set up user accounts for each employee, and define explicit access choices for remote staff and administrators. All of these procedures are done as an attempt to protect their employees and data from outside companies and other unauthorized persons.