Prompt

You are the CISO for a publicly traded company. What protections would you implement to ensure availability of your systems (and why)?

There are multiple protections I would employ to protect my systems, one of them being utilizing the Principle of Least Privilege to prevent employees from accessing resources they should not be able to and potentially harm the systems. Similarly, I would lock up important rooms (servers, security, etc.) and have them require ID card or biometric scanners to allow only authorized employees from accessing them. 

From an outside-danger perspective, I would first have backups servers and the like set up away from any of the company offices or the like to act as hot sites in case all data needs to be recovered in case of natural disaster or failure of main servers. Since servers contain a lot of information on clients, it’s important that it is not lost, and that everything can be recovered as soon as possible. I would also airgap these servers and maybe install faraday cages to completely prevent any tampering.