On-Premises Facilities, Power, and Environment

Why Facilities Belong in a Network Security Domain

Network security is not only packets and passwords. ISC2 frames availability as one of the three pillars of the CIA triad, and on-premises facilities are where availability is won or lost. A switch in an unlocked closet, a rack without cooling, a single power circuit, or a leak above cabling causes a security incident as real as a malware alert. Expect Domain 4 to test whether you treat physical and environmental failures as security events.

Use current logistics as anchors. The CC exam is computer adaptive testing (CAT), runs 2 hours, delivers 100 to 125 items, and requires 700 out of 1000 to pass. The exam costs $199 plus a $50 Annual Maintenance Fee (AMF). The current outline's five domain weights are 26, 10, 22, 24 (Network Security), and 18 percent, so this domain is the single largest. A new exam outline takes effect September 1, 2026 — verify the edition on your scheduled date.

Data Centers and Wiring Closets

A data center holds compute, storage, network, and security devices. A wiring closet looks humble but often holds switches, patch panels, wireless controllers, and floor uplinks. Both need access control. If an unauthorized person can unplug an uplink, attach a rogue device, factory-reset gear, or photograph port labels, that is a physical compromise.

Layered Power Resilience

Network gear needs clean, continuous power. Build it in layers rather than buying one device and calling it redundant:

• Line conditioning / surge suppression smooths sags, spikes, and noise that degrade power supplies.
• An uninterruptible power supply (UPS) carries devices through brief outages (seconds to minutes) and enables a graceful shutdown so data and configurations are not corrupted. A UPS is ride-through, not a long-term source.
• A generator covers extended outages, but only with a fuel contract, periodic load testing, maintenance, and an automatic transfer switch (ATS) to move load from utility to generator. A generator with an empty tank gives false confidence.
• Dual power supplies on separate circuits (A/B feeds) prevent one breaker from dropping a service. Two supplies on the same power strip are not real diversity.

Power failure is also a security failure: if access control, cameras, a firewall, or a VPN concentrator loses power, enforcement and monitoring stop. The disaster recovery plan must name which controls must stay energized.

Environmental Controls and Fire Suppression

HVAC (heating, ventilation, and air conditioning) keeps equipment in range. ASHRAE recommends roughly 18-27 C (64-81 F) and about 40-60 percent relative humidity for data halls. Too hot shortens component life and triggers thermal shutdowns; too humid risks condensation; too dry raises electrostatic discharge risk. Sensors should report temperature, humidity, water/leak, and smoke, with alerts routed to operations.

Life-safety code always wins over equipment protection.

Worked Scenarios

Scenario 1: One floor drops out every afternoon. Switch logs show reboots with no malware indicators; facilities data shows closet temperature spiking after lunch because someone added a space heater and props the door open. The fix is not a firewall rule — restore HVAC, secure and close the closet, inspect switches, and add temperature alerting. Scenario 2: A branch firewall and switch share a consumer power strip; a brief flicker drops the office and stops camera uploads. A UPS, A/B feeds, and a documented recovery procedure close the gap. On the exam, map heat, water, fire, and power answers to availability, not confidentiality.

Cabling, Closet Hygiene, and Common Traps

Cabling is part of the security infrastructure too. Structured cabling, labeled patch panels, and tidy runs are not cosmetic — they cut recovery time and prevent accidental disconnects during maintenance. Unlabeled or tangled cabling leads to the wrong port being pulled during an incident. Copper runs should respect distance limits (for example, Ethernet over twisted pair tops out near 100 meters), and runs near fluorescent ballasts, motors, or power lines can suffer electromagnetic interference (EMI) that degrades links; shielded cable or fiber addresses high-EMI areas.

Fiber also resists tapping better than copper, which is a confidentiality benefit on sensitive backbone links.

Closet hygiene means more than tidiness. A propped-open or unlocked closet, a missing temperature sensor, a forgotten contractor's space heater, or a leaking pipe overhead are the everyday causes of "unexplained" outages. Water detection under raised floors and above racks, plus smoke detection tied to the building alarm, gives early warning before an outage becomes a fire or a flood.

Common exam traps to recognize: (1) treating a heat, water, or power problem as a network-protocol or malware problem; (2) calling two power supplies on one strip "redundant"; (3) assuming a generator works without fuel and testing; (4) choosing wet-pipe sprinklers for an electronics room when a pre-action or clean-agent system better balances life safety and equipment protection; and (5) forgetting that losing power to a firewall, camera system, or badge reader is itself a loss of a security control.

When a CC question describes a facility symptom, anchor your answer to the affected pillar of the CIA triad — almost always availability — and pick the physical or environmental control that directly restores it.