Home > Glossary > Certified in Cybersecurity > Cold Site

📖 What is Cold Site?

A disaster recovery facility that provides space, power, and cooling but has no pre-installed IT equipment or data.

🥋 Sensei Says:

"The cheapest option, but recovery can take days or weeks."

📚 Certification: Certified in Cybersecurity (CC)

🔑 What are the Key Concepts of Cold Site?

▸ Cold sites offer the lowest cost for disaster recovery, as they require minimal upfront investment in hardware and software.
▸ Recovery time objectives (RTOs) are significantly longer with cold sites due to the need to procure, install, and configure all IT infrastructure.
▸ A cold site relies on having detailed documentation and procedures for rebuilding systems from backups or scratch installations.
▸ Suitable for organizations with less critical systems or those able to tolerate extended downtime during a disaster event.
▸ Regular testing of the recovery process is crucial to validate the documentation and ensure a successful failover, even with the extended RTO.

🎯 How does Cold Site appear on the CC Exam?

You may be asked to identify the disaster recovery site type that best fits a small business with a limited budget and a tolerance for several days of downtime.

A scenario might describe a company prioritizing cost savings over rapid recovery – determine which site type aligns with this business requirement.

Expect questions about comparing and contrasting cold sites with warm and hot sites, focusing on cost, RTO, and RPO implications.

❓ Frequently Asked Questions

When would a cold site be a poor choice for disaster recovery?

If your business requires minimal downtime (low RTO) or deals with highly sensitive data needing immediate access, a cold site is likely unsuitable. Consider warm or hot sites instead.

What kind of documentation is essential for a successful cold site recovery?

Detailed hardware and software inventories, network diagrams, configuration files, and step-by-step recovery procedures are vital. Backups must also be readily available and tested regularly.

How does a cold site differ from a warm site in terms of preparedness?

A warm site has some hardware pre-installed and data replicated, reducing recovery time. A cold site has *none* of that, requiring full setup from scratch, making it slower and cheaper.

Related Terms from Certified in Cybersecurity

Biometrics Security Governance Technical Controls Authentication Social Engineering OSI Model

📝 Related Study Guides

Study Guide 8 min read

ISC2 CC Certification Guide: Your Free Entry into Cyber

The ISC2 Certified in Cybersecurity (CC) is a free, entry-level certification designed for beginners. It covers five core domains—Security Principles, BCP/DR, Access Control, Network Security, and Security Operations—via a 100-question exam. It's the ideal starting point for career changers to build a foundation without financial barriers.

Exam Tips 8 min read

ISC2 CC Exam Domains: What You Need to Know to Pass

The ISC2 CC exam consists of five domains: Security Principles, Business Continuity (BC), Disaster Recovery (DR), and Incident Response (IR), Access Controls, Network Security, and Security Operations. To pass, you must master the CIA Triad and security governance, while prioritizing high-weight domains through targeted practice and domain-specific analytics.

Comparison 8 min read

CISSP vs CISM: Which Certification Should You Pursue in 2026?

Choose CISSP if you want broad technical security expertise across eight domains, including cryptography, network security, and software development. Choose CISM if you're focused on information security management, governance, and risk management from a leadership perspective. CISSP is ideal for hands-on security architects, while CISM is designed for security managers and directors.