Editing Information security (section)

==== Availability ====
For any information system to serve its purpose, the information must be [[availability|available]] when it is needed.<ref>{{Cite video |url=http://dx.doi.org/10.1117/12.2266326.5459349132001 |title=Video from SPIE - the International Society for Optics and Photonics |access-date=2021-05-29 |doi=10.1117/12.2266326.5459349132001}}</ref> This means the computing systems used to store and process the information, the [[security controls]] used to protect it, and the communication channels used to access it must be functioning correctly.<ref>{{Cite journal |date=2005 |title=Communication Skills Used by Information Systems Graduates |journal=Issues in Information Systems |doi=10.48009/1_iis_2005_311-317 |issn=1529-7314 |doi-access=free}}</ref> [[High availability]] systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades.<ref>{{Cite report |url=https://www.osti.gov/biblio/5083196/ |title=Outages of electric power supply resulting from cable failures Boston Edison Company system |date=1980-07-01 |doi=10.2172/5083196 |osti=5083196 |access-date=18 January 2022}}</ref> Ensuring availability also involves preventing [[denial-of-service attack]]s, such as a flood of incoming messages to the target system, essentially forcing it to shut down.<ref>{{Cite journal |last1=Loukas |first1=G. |last2=Oke |first2=G. |date=September 2010 |title=Protection Against Denial of Service Attacks: A Survey |url=http://staffweb.cms.gre.ac.uk/~lg47/publications/LoukasOke-DoSSurveyComputerJournal.pdf |url-status=dead |journal=[[The Computer Journal|Comput. J.]] |volume=53 |issue=7 |pages=1020–1037 |doi=10.1093/comjnl/bxp078 |archive-url=https://web.archive.org/web/20120324115835/http://staffweb.cms.gre.ac.uk/~lg47/publications/LoukasOke-DoSSurveyComputerJournal.pdf |archive-date=2012-03-24 |access-date=2015-08-28 |orig-year=August 2009}}</ref>

In the realm of information security, availability can often be viewed as one of the most important parts of a successful information security program.{{Citation needed|date=June 2021}} Ultimately end-users need to be able to perform job functions; by ensuring availability an organization is able to perform to the standards that an organization's stakeholders expect.<ref>{{Citation |title=Be Able To Perform a Clinical Activity |date=2020-02-02 |work=Definitions |publisher=Qeios |doi=10.32388/dine5x |s2cid=241238722|doi-access=free }}</ref> This can involve topics such as proxy configurations, outside web access, the ability to access shared drives and the ability to send emails.<ref>{{Cite book |last1=Ohta |first1=Mai |title=2011 IEEE International Symposium on Dynamic Spectrum Access Networks (DySPAN) |last2=Fujii |first2=Takeo |date=May 2011 |publisher=IEEE |isbn=978-1-4577-0177-1 |pages=623–627 |chapter=Iterative cooperative sensing on shared primary spectrum for improving sensing ability |doi=10.1109/dyspan.2011.5936257 |chapter-url=http://dx.doi.org/10.1109/dyspan.2011.5936257 |s2cid=15119653}}</ref> Executives oftentimes do not understand the technical side of information security and look at availability as an easy fix, but this often requires collaboration from many different organizational teams, such as network operations, development operations, incident response, and policy/change management.<ref>{{Citation |title=Information technology. Information security incident management |url=http://dx.doi.org/10.3403/30387743 |access-date=2021-05-29 |publisher=BSI British Standards |doi=10.3403/30387743}}</ref> A successful information security team involves many different key roles to mesh and align for the "CIA" triad to be provided effectively.<ref>{{Citation |last=Blum |first=Dan |title=Identify and Align Security-Related Roles |date=2020 |work=Rational Cybersecurity for Business |pages=31–60 |place=Berkeley, CA |publisher=Apress |doi=10.1007/978-1-4842-5952-8_2 |isbn=978-1-4842-5951-1 |s2cid=226626983|doi-access=free }}</ref>