Availability refers to information remaining accessible and usable by authorised people and systems. The ability to access and use information can be affected by things like access controls, destructive attacks, internet issues and backups of data – or a lack of them.

In a ransomware attack, for example, an attacker encrypts information – puts in place malicious access controls –  so the user can’t access their own information and may provide the key for access only after a ransom payment is made.

In the case of destructive attacks, attackers may use malware such as wiper to securely delete all information on a machine, device, server or multiple of them.

Attacks such as DDoS attacks can cause internet issues that may mean information in the cloud or over the internet becomes unavailable such as via a corporate network or a website.

From a technical standpoint, access and use can be restricted with access controls and also monitored to detect if something unusual is happening. The logs can also be maintained to review should something go wrong so experts have evidence to work with.

Keeping software up-to-date, using strong unique passwords, avoiding clicking on phishing links, limiting access to information to what is needed to for each user to perform their role, maintaining valid encrypted backups that are timestamped to restore from, and monitoring are a combination of techniques that may help with resilience to these issues – as could a communications plan.

Leave a Reply

Your email address will not be published. Required fields are marked *