If I were the CISO of a company and had to decide on what to use for protections, I would use the Defense in Depth model (also known as the cross layer model). My reasoning behind this is simply because it’s the easiest, most cost effective method to protecting availability, as well as ensuring the company’s information is kept locked away and secure for access at their discretion. The model shows which information is the least important, such as public information, to the most important information of the company, that being its trade secrets, financial-related information, and personal data. From this, I can work my way down the layers applying certain protections on each type of information. Along with this it makes it easier to give access to whomever needs it. For instance, lets say an admin was setting up permissions for the company and it’s users. Using two factor authentication to verify and authenticate the user, there would be a “whitelist” system in place. As the name suggests, the list either allows the user access to certain material, or denies it. And in the case where there is a threat of anyone gaining un-authenticated verification into the system, the more important information would be backed up into disks and moved offline to tapes.