New CPP Exam to Launch March 2016

CPP exam domains have been modified as a result of a worldwide analysis of security management jobs. Revised domains will be reflected in updated exams that will be administered beginning March 1, 2016.

If you plan to test before March 1, 2016, your exam will cover the domains as follows:

Security Principles and Practices (19%)
Business Principles and Practices (11%)
Investigations (10%)
Personnel Security (12%)
Physical Security (25%)
Information Security (8%)
Crisis Management (8%)
Legal Aspects (7%)

Please note: If you are scheduled to test after February 29, 2016, you will be taking the updated exam. The exam has been revised and more information regarding the CPP certification is available on the ASIS International website at www.asisonline.org/certification. It is highly recommended to review this information thoroughly prior to taking the CPP exam. Following are the revised domains and their exam weights.

Updated Domains and Knowledge Statements

Domain I: Security Principles and Practices (21%) Old Weight (19%)

Task 01/01 Plan, develop, implement, and manage the organization’s security program to protect the organization’s assets
Knowledge of:
01/01/01 Principles of planning, organization, and control
01/01/02 Security theory, techniques, and processes
01/01/03 Security industry standards NEW
01/01/04 Continuous assessment and improvement processes NEW
01/01/05 Cross-functional organizational collaboration NEW

Task 01/02 Develop, manage, or conduct the security risk assessment process
Knowledge of:
01/02/01 Quantitative and qualitative risk assessments
01/02/02 Vulnerability, threat, and impact assessments
01/02/03 Potential security threats (for example, all hazards, criminal activity) NEW

Task 01/03 Evaluate methods to improve the security program on a continuous basis through the use of auditing, review, and assessment
Knowledge of:
01/03/01 Cost-benefit analysis methods
01/03/02 Risk management strategies (for example, avoid, assume/accept, transfer, spread)
01/03/03 Risk mitigation techniques (for example, technology, personnel, process, facility design) NEW
01/03/04 Data collection and trend analysis techniques NEW

Task 01/04 Develop and manage external relations programs with public sector law enforcement or other external organizations to achieve security objectives
Knowledge of:
01/04/01 Roles and responsibilities of external organization and agencies
01/04/02 Methods for creating effective working relationships
01/04/03 Techniques and protocols of liaison
01/04/04 Local and national Public/Private Partnerships (example Fusion Centers) NEW

Task 01/05 Develop, implement, and manage employee security awareness programs to achieve organizational goals and objectives
Knowledge of:
01/05/01 Training methodologies
01/05/02 Communication strategies, techniques, and methods
01/05/03 Awareness program objectives and program metrics NEW

01/05/04 Elements of a security awareness program (for example, roles and responsibilities, physical risk, communication risk, privacy) NEW

Domain II: Business Principles and Practices (13%) Old Weight (11%)

Task 02/01 Develop and manage budgets and financial controls to achieve fiscal responsibility
Knowledge of:
02/01/01 Principles of management accounting, control, and audits
02/01/02 Business finance principles and financial reporting
02/01/03 Return on Investment (ROI) analysis
02/01/04 The lifecycle for budget planning purposes

Note Change: 02/02/04:
Preventive and corrective
maintenance for systems

Task 02/02 Develop, implement, and manage policies, procedures, plans, and directives to achieve organizational objectives
Knowledge of:
02/02/01 Principles and techniques of policy/procedures development
02/02/02 Communication strategies, methods, and techniques
02/02/03 Training strategies, methods, and techniques
02/02/04 Cross-functional collaboration NEW
02/02/05 Relevant laws and regulations NEW

Task 02/03 Develop procedures/ techniques to measure and improve organizational productivity
Knowledge of:
02/03/01 Techniques for quantifying productivity/metrics/key performance indicators (KPI)
02/03/02 Data analysis techniques and cost-benefit analysis
02/03/03 Improvement techniques (for example, pilot programs, education and training) NEW

Task 02/04 Develop, implement, and manage security staffing processes and personnel development programs in order to achieve organizational objectives
Knowledge of:
02/04/01 Interview techniques for staffing
02/04/02 Candidate selection and evaluation techniques
02/04/03 Job analysis processes
02/04/04 Pre-employment background screening NEW
02/04/05 Principles of performance evaluations, 360 reviews, and coaching
02/04/06 Interpersonal and feedback techniques
02/04/07 Training strategies, methodologies, and resources
02/04/08 Retention strategies and methodologies NEW
02/04/09 Talent management and succession planning NEW

Task 02/05 Monitor and ensure a sound ethical climate in accordance with regulatory requirements and the organization’s directives and standards to support and promote proper business practices
Knowledge of:
02/05/01 Good governance standards
02/05/02 Guidelines for individual and corporate behavior
02/05/03 Generally accepted ethical principles
02/05/04 Confidential information protection techniques and methods
02/05/05 Legal and regulatory compliance NEW

Task 02/06 Provide advice and assistance to management and others in developing performance requirements and contractual terms for security vendors/suppliers NEW
Knowledge of:
02/06/01 Key concepts in the preparation of requests for proposals and bid reviews/evaluations NEW
02/06/02 Service Level Agreements (SLA) definition, measurement and reporting NEW
02/06/03 Contract law, indemnification, and liability insurance principles NEW

02/06/04 Monitoring processes to ensure that organizational needs and contractual requirements are being met NEW

Domain III: Investigations (10%)

Task 03/01 Identify, develop, implement, and manage investigative functions
Knowledge of:
03/01/01 Principles and techniques of policy and procedure development
03/01/02 Organizational objectives and cross-functional collaboration
03/01/03 Types of investigations (for example, incident, misconduct, compliance) NEW
03/01/04 Internal and external resources to support investigative functions
03/01/05 Report preparation for internal purposes and legal proceedings
03/01/06 Laws pertaining to developing and managing investigative programs NEW

Task 03/02 Manage or conduct the collection and preservation of evidence to support investigation actions
Knowledge of:
03/02/01 Evidence collection techniques
03/02/02 Protection/preservation of crime scene
03/02/03 Requirements of chain of custody
03/02/04 Methods for preservation of evidence
03/02/05 Laws pertaining to the collection and preservation of evidence NEW

Task 03/03 Manage or conduct surveillance processes
Knowledge of:
03/03/01 Surveillance techniques
03/03/02 Technology/equipment and personnel to conduct surveillance
03/03/03 Laws pertaining to managing surveillance processes NEW

Task 03/04 Manage and conduct investigations requiring specialized tools, techniques, and resources
Knowledge of:
03/04/01 Techniques, tools and resources related to:

financial and fraud related crimes
intellectual property and industrial espionage crimes
arson and property crimes
cybercrimes

Note Change: 03/05/04:
The use of human rights codes
for cautioned statements

Task 03/05 Manage or conduct investigative interviews
Knowledge of:
03/05/01 Methods and techniques of eliciting information
03/05/02 Techniques for detecting deception
03/05/03 The nature of non-verbal communication and cultural considerations
03/05/04 Rights of interviewees NEW
03/05/05 Required components of written statements
03/05/06 Laws pertaining to managing investigative interviews NEW

Task 03/06 Provide coordination, assistance, and evidence such as documentation and testimony to support legal counsel in actual or potential criminal and/or civil proceedings NEW
Knowledge of:
03/06/01 Statutes, regulations and case law governing or affecting the security industry and the protection of people, property and information NEW
03/06/02 Criminal law and procedures NEW
03/06/03 Civil law and procedures NEW
03/06/04 Employment law (e.g., wrongful termination, discrimination and harassment) NEW

Domain IV: Personnel Security (12%)

Task 04/01 Develop, implement, and manage background investigations for hiring, promotion, or retention of individuals
Knowledge of:
04/01/01 Background investigations and personnel screening techniques
04/01/02 Quality and types of information sources
04/01/03 Screening policies and guidelines NEW
04/01/04 Laws and regulations pertaining to personnel screening NEW

Task 04/02 Develop, implement, manage, and evaluate policies, procedures, programs and methods to protect individuals in the workplace against human threats (for example, harassment, violence)
Knowledge of:
04/02/01 Protection techniques and methods
04/02/02 Threat assessment
04/02/03 Prevention, intervention and response tactics
04/02/04 Educational and awareness program design and implementation
04/02/05 Travel security program
04/02/06 Laws, government, and labor regulations regarding organizational efforts to reduce employee substance abuse NEW

Note Change: 4/03/05:
Travel security programs

Task 04/03 Develop, implement, and manage executive protection programs
Knowledge of:
04/03/01 Executive protection techniques and methods
04/03/02 Risk analysis
04/03/03 Liaison and resource management techniques
04/03/04 Selection, costs, and effectiveness of proprietary and contract executive protection personnel

Domain V: Physical Security (25%)

Task 05/01 Conduct facility surveys to determine the current status of physical security
Knowledge of:
05/01/01 Security protection equipment and personnel
05/01/02 Survey techniques
05/01/03 Building plans, drawings, and schematics
05/01/04 Risk assessment techniques
05/01/05 Gap analysis NEW

Task 05/02 Select, implement, and manage physical security strategies to mitigate security risks
Knowledge of:
05/02/01 Fundamentals of security system design
05/02/02 Countermeasures
05/02/03 Budgetary projection development process
05/02/04 Bid package development and evaluation process
05/02/05 Vendor qualification and selection process
05/02/06 Final acceptance and testing procedures
05/02/07 Project management techniques
05/02/08 Cost-benefit analysis techniques
05/02/09 Labor-technology relationship NEW

Task 05/03 Assess the effectiveness of physical security measures by testing and monitoring
Knowledge of:
05/03/01 Protection personnel, technology, and processes
05/03/02 Audit and testing techniques

05/03/03 Preventive and corrective maintenance for systems NEW

Domain VI: Information Security (9%) Old Weight (8%)

Note Change: 06/01/03:
Current methods used
to compromise information

Task 06/01 Conduct surveys of information asset facilities, processes, systems, and services to evaluate current status of information security program
Knowledge of:
06/01/01 Elements of an information security program, including physical security, procedural security, information systems security, employee awareness, and information destruction and recovery capabilities NEW
06/01/02 Survey techniques
06/01/03 Quantitative and qualitative risk assessments
06/01/04 Risk mitigation strategies (for example, technology, personnel, process, facility design) NEW
06/01/05 Cost-benefit analysis methods
06/01/06 Protection technology, equipment and procedures
06/01/07 Information security threats NEW
06/01/08 Building and system plans, drawings, and schematics

Note Change: 06/02/05:
Current trends and techniques
for compromising information

Task 06/02 Develop and implement policies and procedures to ensure information is evaluated and protected against all forms of unauthorized/ inadvertent access, use, disclosure, modification, destruction or denial
Knowledge of:
06/02/01 Principles of management
06/02/02 Information security theory and terminology
06/02/03 Information security industry standards (e.g., ISO, PII, PCI) NEW
06/02/04 Relevant laws and regulations regarding records management, retention, legal holds and destruction practices
06/02/05 Practices to protect proprietary information and intellectual property
06/02/06 Protection measures, equipment, and techniques; including information security processes, systems for physical access, data control, management, and information destruction

Note Change: Task 06/04:
Evaluate the effectiveness of the information
security program’s integrated security
controls, to include related policies,
procedures and plans, to ensure
consistency with organization strategy,
goals and objectives

Task 06/03 Develop and manage a program of integrated security controls and safeguards to ensure information asset protection including confidentiality, integrity, and availability
Knowledge of:
06/03/01 Elements of information asset protection including confidentiality, integrity, and availability, authentication, accountability, and audit ability of sensitive information and associated information technology resources, assets and investigations NEW
06/03/02 Information security theory and systems methodology
06/03/03 Multi-factor authentication techniques NEW
06/03/04 Threats and vulnerabilities assessment and mitigation
06/03/05 Ethical hacking and penetration testing techniques and practices NEW
06/03/06 Encryption and data masking techniques NEW
06/03/07 Systems integration techniques
06/03/08 Cost-benefit analysis methodology
06/03/09 Project management techniques
06/03/10 Budget development process
06/03/11 Vendor evaluation and selection process
06/03/12 Final acceptance and testing procedures, information systems, assessment, and security program documentation
06/03/13 Protection technology, investigations, and procedures
06/03/14 Training and awareness methodologies and procedures

Domain VII: Crisis Management (10%) Old Weight (8%)

Note Change: 07/01/05:
Making the business case
to management

Task 07/01 Assess and prioritize threats to mitigate potential consequences of incidents
Knowledge of:
07/01/01 Threats by type, likelihood of occurrence, and consequences
07/01/02 “All hazards” approach to assessing threats NEW
07/01/03 Cost-benefit analysis
07/01/04 Mitigation strategies
07/01/05 Risk management and business impact analysis methodology
07/01/06 Business Continuity standards (e.g., ISO 22301) NEW

Task 07/02 Prepare and plan how the organization will respond to incidents
Knowledge of:
07/02/01 Resource management techniques
07/02/02 Emergency planning techniques
07/02/03 Triage and damage assessment techniques NEW
07/02/04 Communication techniques and notification protocols
07/02/05 Training and exercise techniques
07/02/06 Emergency operations center (EOC) concepts and design
07/02/07 Primary roles and duties in an incident command structure

Task 07/03 Respond to and manage an incident
Knowledge of:
07/03/01 Resource management techniques
07/03/02 EOC management principles and practices
07/03/03 Incident management systems and protocols NEW

Task 07/04 Recover from incidents by managing the recovery and resumption of operations
Knowledge of:
07/04/01 Resource management techniques
07/04/02 Short and long-term recovery strategies
07/04/03 Recovery assistance resources
07/04/04 Mitigation opportunities in the recovery process