You are the CISO for a publicly traded company. What protections would you implement to ensure availability of your systems (and why)?

My Answer: To ensure the availability of my systems, I would first think about the core issues that a publicly traded company would face. The Risk management Matrix is a great tool for this, it follows the basic principle of ID both assets and threats, mitigate said threats and determine the origins of the threat. Things like hardware failures and DDoS, amongst many others, would have particularly negative impacts on the availability of the companies systems. In order to combat such threats I would deploy a multi-layered defense model or “onion model” as the main form of protection. The idea behind the multi-layered defense would be that it would be essential ensuring availability, while also allowing for confidentiality and Integrity of the systems. The utilization of the risk I would also utilize basic protections such a hybrid data storage systems that would keep information both in cloud and in a physical storage, firewalls, and authentication systems to ensure only authorized personnel have access.