Availability refers to information remaining accessible and usable by authorised people and systems. The ability to access and use information can be affected by things like access controls, destructive attacks, internet issues and backups of data – or a lack of them.
In a ransomware attack, for example, an attacker encrypts information – puts in place malicious access controls – so the user can’t access their own information and may provide the key for access only after a ransom payment is made.
From a technical standpoint, access and use can be restricted with access controls and also monitored to detect if something unusual is happening. The logs can also be maintained to review should something go wrong so experts have evidence to work with.
Keeping software up-to-date, using strong unique passwords, avoiding clicking on phishing links, limiting access to information to what is needed to for each user to perform their role, maintaining valid encrypted backups that are timestamped to restore from, and monitoring are a combination of techniques that may help with resilience to these issues – as could a communications plan.