Availability

The information security objective of availability refers to ensuring that information, systems and resources are accessible and usable by authorised users when needed. This objective is critical to maintaining the continuity of service operations and an organisation's ability to conduct its business processes without interruption. Key aspects of availability are:

Ensuring that systems and networks are operational and running with minimal downtime. This includes designing systems that are resilient, reliable and able to operate under a range of conditions.

Implementing backup systems, redundant components and failover mechanisms to ensure that services remain available even in the event of hardware failures, software problems or other disruptions.

Develop and maintain disaster recovery plans that enable the rapid recovery of services and data following a major incident such as a natural disaster, cyber attack or other catastrophic event.

Ensure that systems can handle expected demand and scale to meet increased workloads. This includes monitoring performance and making adjustments to maintain availability during peak usage periods.

Ensure that authorised users can access the information and systems they need without unnecessary delays or obstacles. This includes properly managing user accounts, permissions, and authentication methods to prevent unauthorised access while ensuring legitimate access.

Implement measures to protect against DoS and DDoS (distributed denial of service) attacks, which are aimed at making a system or service unavailable by overloading it with traffic or resource requests.