CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [152]
FIGURE 6.9 Water-based fire-suppression system
The one drawback to water-based systems is that they cause extreme damage to energized electrical equipment such as computers. These systems can be tied into relays that terminate power to computer systems before they release water into the building.
Gas-based systems were originally designed to use carbon dioxide and later Halon gas. Halon gas isn’t used anymore because it damages the ozone layer; environmentally acceptable substitutes are now available. The principle of a gas system is that it displaces the oxygen in the room, thereby removing this necessary component of a fire.
Evacuate the room immediately in the event of a fire. Gas-based systems work by removing oxygen from the fire, and this can suffocate anyone in the room as well.
The major drawback to gas-based systems is that they require sealed environments to operate. Special ventilation systems are usually installed in gas systems to limit air circulation when the gas is released. Gas systems are also expensive, and they’re usually only implemented in computer rooms or other areas where water would cause damage to technology or other intellectual property.
Understanding Business Continuity Planning
Business Continuity Planning (BCP) is the process of implementing policies, controls, and procedures to counteract the effects of losses, outages, or failures of critical business processes. BCP is primarily a management tool that ensures that critical business functions (CBF) can be performed when normal business operations are disrupted.
Critical business functions refer to those processes or systems that must be made operational immediately when an outage occurs. The business can’t function without them, and many are information intensive and require access to both technology and data.
Two of the key components of BCP are Business Impact Analysis (BIA) and risk assessment. BIA is concerned with evaluating the processes, and risk assessment is concerned with evaluating the risk or likelihood of a loss. Evaluating all the processes in an organization or enterprise is necessary in order for BCP to be effective.
You need only a passing knowledge of business continuity issues for the Security+ exam. If you plan on taking the Project+ exam, also from CompTIA, you will need a more thorough knowledge of the topics.
Undertaking Business Impact Analysis
Business Impact Analysis (BIA) is the process of evaluating all the critical systems in an organization to determine impact and recovery plans. The BIA isn’t concerned with external threats or vulnerabilities; this analysis focuses on the impact a loss would have on the organization.
The key components of a BIA include the following:
Identifying critical functions To identify critical functions, a company must ask itself, “What functions are necessary to continue operations until full service can be restored?” This identification process will help you establish which systems must be returned to operation in order for the business to continue. In performing this identification, you may find that a small or overlooked application in a department may be critical for operations. Many organizations have overlooked seemingly insignificant process steps or systems that have prevented BCP from being effective. Every department should be evaluated to ensure that no critical processes are overlooked.
Prioritizing critical business functions When business is continued after an event, operations must be prioritized as to essential and nonessential functions. If the organization makes resources available to the recovery process, these resources may be limited.