“If you were the CISO for a publicly traded company, what are some protections you would implement to ensure availability of your systems?”

One of the main actions I would take for protecting the availability of the company’s systems would be ensuring that there are regular backups of the data present in the system. This will allow for a quicker recovery of the systems in the case of an attack since data loss will not be a main concern. In addition to regular backup, a disaster recovery plan should also be put in place to establish a structured and well documented plan for recovery after an attack. In order to help prevent potential attacks, regular monitoring of the systems should be put in place as well that utilizes both system tools and human monitoring teams. Multiple servers and network paths should also be established to reduce the potential for a successful attack due to a single point of failure. These are some protections I would personally make sure to put into place if I were in the position of CISO.