At my CISO job, let’s pretend I need to defend a bank. Only 20 people can use the bank’s systems concurrently. One morning, 25 users attempt to log in simultaneously, causing the system to crash. I would grant access to 30 users at a time when the machine booted up a backup. The bankers then have availability as a result of this. When something happens to a data center I have to switch to a different site to continue production thereby having data available. Making corrections for human error is one approach to stop this from happening. through educating people on how to use backup systems to resolve an outage.

Additional Comments:

As a CISO, your plans are excellent. I wish I had come up with some of the ideas you did. I particularly liked the idea of having board members. How would you internally prevent human mistakes is one question I have. I believe that preventing data loss and fraud is a wonderful start, but human error introduces vulnerabilities.