What is it?
An assurance that information can be requested by and delivered to authorized individuals whenever required.
Why is it important?
Availability is part of the confidentiality, integrity, and availability (CIA) security triad. Even if information is kept confidential and has integrity, it still must be available so that authorized individuals can access the information in a reasonable period of time.
Why does a business professional need to know this?
A business professional needs to understand availability because it constitutes one leg of the confidentiality, integrity, availability (CIA) security triad, which is the foundation of secure information in cybersecurity.
Your efforts to secure your systems and data mean nothing if that data is not available to authorized users (individuals or other systems). Availability can be compromised by malicious individuals or by accident in many ways, including the following:
- Distributed Denial of Service (DDoS) attacks, which attempt to slow down or crash systems by flooding a system with requests from many different systems
- Malicious software that either crashes or slows down a system
- System slowdowns or crashes caused by malicious insiders or human error
- An unexpectedly high volume of legitimate requests (e.g., a popular item goes on sale)
To help ensure availability, organizations need to plan for peak usage, for example by using load balancing and failover strategies. They also need to follow best practices for creating a strong cybersecurity defense. These include vulnerability assessments, business continuity planning, and incident response planning.
While these practices are not inexpensive, consider the loss in sales and productivity if your systems and data were to become unavailable for an extended period of time.