Protecting Availability

Let us imagine that I am the Chief Information Security Officer (CISO) for a company that is publicly traded in venues like the NASDAQ. My new position makes me responsible for developing, implementing, and enforcing security policies that protect data and services that are critical to my company and our clients.

After a thorough evaluation of our assets and the risks to those assets, my first step would be to ensure that the available servers are distributing their workload. Our company could accomplish this with load balancers, caching mechanisms, data compression, or database optimization. This step is essential to preventing any sort of flooding or overflows from data transmitted into our system and could ward off any memory-related dilemma.

Once the servers can efficiently share tasks and data consumed from them, I would then enforce a routine data backup. This can take place on an external device, or on a separate, secure section of the network that has intense levels of security and selective access. This step would provide us with a viable solution to any system collapses by creating copies of data and could minimize system downtimes.

Now that our servers are sharing their workload and contributing to redundant reserves, my next step would be to schedule a regular assessment of our systems assets in terms of availability. We would likely study downtime, the ratio between downtime and uptime, the average time between failures, and response times. This step will give our organization a better understanding of the effects of our current implementations and could help indicate more steps that would help us provide our clients with reliable services.