As the Chief Information Security Officer (CISO) of a public traded company, there are protections I would implement to ensure availability of my systems. Maintaining steady availability is crucial not only because investors and clients rely on open access to the services that is being provided, but also because when a system is not available, money is lost. According to Chai (2022), availability means that information systems must be consistently and reliably accessible to authorized users.
The protections I would implement would be based off of the NIST CSF. The NIST Cybersecurity Framework would be the blueprint for my protections because I would focus on establishing system redundancy, continuous monitoring, regular data backups, and timely software updates. With these protections in place I would be able to ensure the following: continuous operational flow to combat potential cyberattacks or system failure, early threat detection and quick recovery, rapid restoration after an incident, and avoiding service disruptions.
My goal would be to build a hardy foundation that is to not only promote efficiency, but also to be flexible and adaptable to the situations that may arise. Due to this, I would also apply core values from the NIST Special Publication (SP) 800-12 Revision 1 which include: contingency planning, routine availability testing, ensuring that the safeguards are proportionate to the risk level and more. With all of these procedures and guidelines this would keep the company not only be prepared for the worst, but also able to bounce back in an appropriate time and to assist from the Information Technology (IT) department to the Human Resources (HR) department arise to the occasion. In the end, ensuring availability is vital for a company, and having protections in place to either restore effectively, or divert systems going down altogether is imperative for the job of a CISO.
Reference
Chai, W. (2022). What is the CIA triad (confidentiality, integrity and availability)? TechTarget. https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIALinks to an external site.