| 🏠 Back to Exam Syllabus | 📺 RooCloud on YouTube | 🌐 RooCloud Practice Exams |
CISSP 18.1 - The Nature of Disaster (Part 2 of 2)
This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series continues the nature of disaster in Domain 7, turning from natural events to the disasters people cause. It covers the quiet, everyday failures that trigger far more real outages than any headline event, and why a plan must treat the mundane threats with the same seriousness as the rare ones.
What this episode covers
- Human-caused fires and violence — mostly human-made fires and rarer terrorism, with bombings leaning on physical security.
- Balancing the response — not over-funding exotic threats while ignoring the common ones far more likely to strike.
- Power and infrastructure — battery backups for short outages and asking whether you could survive days without power.
- Utility lifelines — water, gas, sewer, transport, and internet, and hunting hidden single points of failure.
- Hardware and software failures — full redundant failover versus fast parts replacement with local inventory.
- Labor actions and theft — a mass walkout halting work, and theft of physical infrastructure like copper wiring.
- AI-driven misinformation — disinformation at machine speed, defended with trusted channels set up before the crisis.
Watch the full episode above for the worked examples and detailed explanations of each concept.
Frequently Asked Questions
Which human-caused fires and violent acts should you plan for?
Most fires are human-made, born of faulty wiring, carelessness, or arson, and building fires happen by the thousands every single day. Terrorism is far rarer but far harder to predict, and it once wiped out small businesses that had no recovery plan at all. Bombings and explosions behave much like a large fire but lean heavily on physical security to prevent. The exam trap is balance: do not pour resources into exotic threats while ignoring the common ones that are far more likely to strike.
How do power and infrastructure failures ripple through operations?
A short outage is the baseline every plan handles, usually with a battery backup that buys time to shut down cleanly or start a generator. But ask the harder question of whether you could survive a sustained loss of power for two days, or seven. Power is only one utility, since water, gas, sewer, highways, railroads, and internet connectivity are all lifelines that can fail on their own. Watch for hidden single points of failure, like two redundant internet providers that both enter your building through one vulnerable conduit.
What happens when your own hardware and software let you down?
Components wear out and physically break, and software fails on bad input or hidden bugs. If you truly cannot tolerate downtime, the answer is full redundancy, with failover servers in separate locations that take over instantly. When budget rules that out, plan for fast parts replacement instead, keeping hard-to-find components in local inventory rather than waiting days for one obscure part to ship from overseas. The goal is to remove that kind of single dependency before it removes you.
Why do labor actions and theft deserve a seat at the table?
A disaster does not have to come from weather or wires. If a large share of your workforce walks out at once, your ability to operate can collapse just as surely as if the building burned, and that crisis belongs to human resources and operations, not the security team alone. Theft and vandalism are the everyday cousins of terrorism, far more likely and often aimed at physical infrastructure, like scrappers stealing copper from your cooling systems, so build in both prevention and contingency.
What new threat is artificial intelligence adding to the mix?
A fast-growing one built on misinformation at machine speed. With large language models and autonomous agents, a bad actor can launch a coordinated disinformation campaign at a scale no human team could match, triggering reputational damage, financial panic as automated systems react to fake news, or bad calls made in the fog of a real crisis. The defense is preparation: establish verifiable, trusted communication channels before a crisis hits, so your people already know which sources to believe when false information floods in.
📚 Master the ISC2 CISSP Exam!
Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.
Reference: This article is based on concepts discussed in CISSP 18.1 - The Nature of Disaster (Part 2 of 2).