In a hypothetical scenario where I am placed as the Chief Information Security Officer, I would take the basic, fundamental steps in ensuring a systems availability. The first and most pressing matter regarding uptime, is the servers on which these systems operate. Making sure that all hardware and software aspects remain up to date is pivotal to ensuring that no issues arise further down the line due to outdated applications, resulting in downtime that would limit availability. The next step would have to focus on prevention rather than reaction. Ensuring all systems comply with a strict password policy and implementing a two-factor or multi-factor authentication combined with an SSO to make accessing the system easier for those with authorization will ensure that industry standard protection practices are being applied and will serve as a tough barrier for attacks that could lead to downtime. Reaction, arguably lower in the priority than prevention, is still critically important in maintain accessibility in the scenario of an attack. Keeping backups of data, multiple server sites, and up-to-date disaster recovery plans will ensure that in the event of an attack, accessibility downtime will be eliminated or mitigated as best as possible.