1 00:00:00,005 --> 00:00:02,000 - [Instructor] As a security professional, 2 00:00:02,000 --> 00:00:05,006 you must also understand how to apply security controls 3 00:00:05,006 --> 00:00:09,004 that protect the availability of information in systems. 4 00:00:09,004 --> 00:00:12,005 As the third leg of the CIA tirade, 5 00:00:12,005 --> 00:00:16,005 availability controls ensure that information and systems 6 00:00:16,005 --> 00:00:19,008 remain available to authorized users when needed. 7 00:00:19,008 --> 00:00:22,006 Availability controls protect against disruptions 8 00:00:22,006 --> 00:00:27,001 to normal system operation, or data availability. 9 00:00:27,001 --> 00:00:29,002 Potential availability failures may result 10 00:00:29,002 --> 00:00:32,009 from a variety of causes, such as malicious attackers, 11 00:00:32,009 --> 00:00:35,002 like someone conducting a denial-of-service attack 12 00:00:35,002 --> 00:00:36,006 to bring down a website. 13 00:00:36,006 --> 00:00:38,002 Or component failures, 14 00:00:38,002 --> 00:00:41,004 such as the failure of a hard drive or power supply. 15 00:00:41,004 --> 00:00:43,008 They can also come from application failures, 16 00:00:43,008 --> 00:00:47,004 such as errors in code that cause an application crash. 17 00:00:47,004 --> 00:00:50,006 Or utility failures, such as a power outage 18 00:00:50,006 --> 00:00:53,005 that disrupts systems, or a network disruption 19 00:00:53,005 --> 00:00:56,001 that prevents internet access. 20 00:00:56,001 --> 00:00:57,005 There are many controls in place 21 00:00:57,005 --> 00:00:59,001 that can protect the availability 22 00:00:59,001 --> 00:01:01,003 of systems and information. 23 00:01:01,003 --> 00:01:03,005 One example of an availability control 24 00:01:03,005 --> 00:01:05,008 is the use of redundant components 25 00:01:05,008 --> 00:01:08,007 such as including two power supplies in a system, 26 00:01:08,007 --> 00:01:12,002 or having extra hard drives that use RAID technology. 27 00:01:12,002 --> 00:01:16,001 Another example is the use of high availability systems 28 00:01:16,001 --> 00:01:19,005 that have multiple servers dedicated to the same purpose, 29 00:01:19,005 --> 00:01:21,003 so that if one server fails, 30 00:01:21,003 --> 00:01:24,008 the others may continue carrying the operational load. 31 00:01:24,008 --> 00:01:27,009 And the more general category of fault tolerance, 32 00:01:27,009 --> 00:01:30,009 ensures that IT services remain functioning, 33 00:01:30,009 --> 00:01:33,006 even when small failures occur. 34 00:01:33,006 --> 00:01:35,009 There is one additional availability control 35 00:01:35,009 --> 00:01:38,009 that you should be familiar with for the CISSP exam. 36 00:01:38,009 --> 00:01:41,006 Keeping operating systems and applications patched 37 00:01:41,006 --> 00:01:44,002 to current levels, ensures that any flaws 38 00:01:44,002 --> 00:01:47,005 identified by the manufacturer are corrected promptly. 39 00:01:47,005 --> 00:01:49,009 This not only protects your system from vulnerabilities 40 00:01:49,009 --> 00:01:52,003 that might allow an attacker to gain access, 41 00:01:52,003 --> 00:01:54,002 but also corrects issues that may cause 42 00:01:54,002 --> 00:01:56,009 the system to crash, disrupting availability.