As a Chief Information Security Officer, 

The protections I would implement to ensure availability of my systems are to have a 24 hour 7 day a week staff. The staff will switch from remote to the facility. This will ensure that the staff is not being overworked, and to have everyone in that department understand how to handle incident reports. Depending on the severity of the issue, someone will be contacted immediately. These are real time incidents. When incidents happen and the individual reports it, they will be able to act quick enough to trace the attacker and temporarily shut down the systems. When they immediately shut down the systems, this will prevent the attacker from gathering and sensitive information about the organization and the employees. 

The second thing I would implement is semi-annual training for the organization. This training will consist of all employees being in a classroom environment. After the training is complete, we will see what they have learned by creating fake scenarios. The fake scenarios will consist of our Incident report team acting as an attacker. The purpose of this is to ensure that the employees understand that their decisions and actions make a difference to the organization. Once the scenario is completed, there will be a meeting about the results. We will discuss what went right and what went wrong. Once all of that has been completed, we will give them the correct solution so they will learn how to avoid the issue next time. 

The third thing I would implement is a standard operation procedure (SOP) for everyone in the company. This SOP would have the primary point of contact and the secondary point of contact. It will also have step by step information on how to report the incident. If an incident was to occur, they will have the SOP posted somewhere close to them to help them report the incident accurately. 

The fourth thing I would implement is making sure the budget is good. I would ensure that the budget is maintained for technical issues, upgrading software, and hiring the best incident response team. The budget also helps with backing up information onto a secure flash drive. If the system was to crash and destroy all of the data, the company would have a back up. It would be called the Lock Up Vault. Everyday, everyone is to save all the new information onto their flash drive and lock it up in the vault. They will have a personal key and a personal security password that will allow that one individual to access their flash drive. The reason for the key is if the power goes out due to a storm. Certain individuals will have a master key and have access to all of the flash drives. Once the flash drive has been put in or taken out, it will be logged.