As a CISO, you are the head honcho of security in a business, so you must know what the right calls are. To ensure availability is to make sure your data can be accessed by authenticated users by protecting reliability and system uptime. System uptime is a large factor in business formats. It is almost impossible for a system to have zero downtime, due to maintenance and updates. I would implement off-site backups as protection of availability. Off-site backups would allow quick start-up of a server in case of any bad or catastrophic events happened. Redundancy is another way to ensure availability can be ensured. Duplication of certain components or functions can help ensure availability in case of function failure. If one function fails, a duplicate version can take over and let someone work on the failed version. In my own words, failover is like redundancy is the sense that if something fails, it is moved to somewhere else. When a server fails, having a failover situation will let the connection migrate to another server to keep client operations running. Failover would be useful to have if an entire server fails instead of just having one part of it fail.