D.C. McCarthy Speaks on Cyber Crime

John McCarthy

Mahalo to Deputy Chief John McCarthy who addressed our members at our March meeting.  John discussed the ongoing threat of cyber crime and how it impacts us in both our personal and business lives.  John is a strong supporter of ASIS and our chapter.

Police Chief Susan Ballard Addresses ASIS Chapter

Susan Ballard, Honolulu Police

Susan Ballard, Honolulu Police

Chapter members were honored to have Honolulu Police Chief Susan Ballard as our guest speaker.  Chief Ballard spoke of her vision for the Honolulu Police department and focusing on the future of working together with organizations such as ours to improve the quality of life for  all residents of Honolulu.

Susan Ballard, Honolulu Police

Chief Ballard responding to question from member Lana Rapoza.

Susan Ballard, Honolulu Police

Chief Ballard receiving Certificate of Appreciation from Chapter Chair Jim Frame.

Nominations for 2018 Executive Board

Nominations are now open for Chapter 134 executive board positions for 2018.  The positions are Chapter Chair, Vice Chair, Treasurer and Secretary.  Nominations can be emailed to [email protected] if you are interested in running or if you wish to nominate another member.

Nominations close at the meeting on November 8th and ballots will be emailed to members for voting.

2017 Golf Outing Photos

New ASIS PSP Exam 3Q Launch

ASIS Hawaii Chapter 134 Members:

Please be informed that the revised PSP exam, which originally had been scheduled to launch in March 2017 is now planned to launch in November 2017. To note, the 8-piece and newly consolidated 4-piece PSP reference material are both applicable for the current exam format. Test takers will not need to purchase new reference materials should they take the exam before November 2017.

If you have questions or require additional information, the certification team stands ready to assist.  You can reach them at [email protected]

2017 Chapter Elections

The ASIS Hawaii Chapter is seeking nominations for the positions of Chair, Vice Chair, Secretary, and Treasurer.
Nominations can be sent to Jerry Pahukula at [email protected] by October 31, 2016. 
Once nominations are received, ballots will be created and sent out for voting with further instructions.  

Chapter member named to Advisory Commission

Congratulations to Chapter member Joe Miller who was recently appointed a Commissioner on the Civil Defense Advisory Commission of the Department of Emergency Management by Mayor Kirk Caldwell.  Joe joins chapter member Jerry Dolak who is also currently serving as a Commissioner on the commission.

The Civil Defense Advisory Commission is established by Section 6-104, Revised Charter of the City and County of Honolulu to advise the mayor, the council and the director of emergency management on matters pertaining to civil defense, weather emergencies, emergency management and to promote community understanding and interest in such matters.

Honolulu Department of Emergency Management

Left to right: Melvin Kaku, Director, Department of Emergency Management; Honolulu Mayor Kirk Caldwell, Joe Miller; Peter Hirai, Deputy Director, Department of Emergency Management

 

Certification Update

Congratulations to chapter members Jerry Pahukula and Rick Osborne on earning their Physical Security Professional (PSP) certifications in July.  Hard work, perserverance, and good study habits pay off!

New CPP Exam to Launch March 2016

CPP exam domains have been modified as a result of a worldwide analysis of security management jobs. Revised domains will be reflected in updated exams that will be administered beginning March 1, 2016.

If you plan to test before March 1, 2016,  your exam will cover the domains as follows:

Please note: If you are scheduled to test after February 29, 2016, you will be taking the updated exam.  The exam has been revised and more information regarding the CPP certification is available on the ASIS International website at www.asisonline.org/certification.  It is highly recommended to review this information thoroughly prior to taking the CPP exam.  Following are the revised domains and their exam weights.

Updated Domains and Knowledge Statements

Domain I: Security Principles and Practices (21%)  Old Weight  (19%)

Task 01/01 Plan, develop, implement, and manage the organization’s security program to protect the organization’s assets
Knowledge of:
01/01/01 Principles of planning, organization, and control
01/01/02 Security theory, techniques, and processes
01/01/03 Security industry standards NEW
01/01/04 Continuous assessment and improvement processes NEW
01/01/05 Cross-functional organizational collaboration NEW

Task 01/02 Develop, manage, or conduct the security risk assessment process
Knowledge of:
01/02/01 Quantitative and qualitative risk assessments
01/02/02 Vulnerability, threat, and impact assessments
01/02/03 Potential security threats (for example, all hazards, criminal activity) NEW

Task 01/03 Evaluate methods to improve the security program on a continuous basis through the use of auditing, review, and assessment
Knowledge of:
01/03/01 Cost-benefit analysis methods
01/03/02 Risk management strategies (for example, avoid, assume/accept, transfer, spread)
01/03/03 Risk mitigation techniques (for example, technology, personnel, process, facility design) NEW
01/03/04 Data collection and trend analysis techniques NEW

Task 01/04 Develop and manage external relations programs with public sector law enforcement or other external organizations to achieve security objectives
Knowledge of:
01/04/01 Roles and responsibilities of external organization and agencies
01/04/02 Methods for creating effective working relationships
01/04/03 Techniques and protocols of liaison
01/04/04 Local and national Public/Private Partnerships (example Fusion Centers) NEW

Task 01/05 Develop, implement, and manage employee security awareness programs to achieve organizational goals and objectives
Knowledge of:
01/05/01 Training methodologies
01/05/02 Communication strategies, techniques, and methods
01/05/03 Awareness program objectives and program metrics NEW

01/05/04 Elements of a security awareness program (for example, roles and responsibilities, physical risk, communication risk, privacy) NEW


Domain II: Business Principles and Practices (13%)  Old Weight (11%)

Task 02/01 Develop and manage budgets and financial controls to achieve fiscal responsibility
Knowledge of:
02/01/01 Principles of management accounting, control, and audits
02/01/02 Business finance principles and financial reporting
02/01/03 Return on Investment (ROI) analysis
02/01/04 The lifecycle for budget planning purposes

Note Change: 02/02/04:
Preventive and corrective
maintenance for systems

Task 02/02 Develop, implement, and manage policies, procedures, plans, and directives to achieve organizational objectives
Knowledge of:
02/02/01 Principles and techniques of policy/procedures development
02/02/02 Communication strategies, methods, and techniques
02/02/03 Training strategies, methods, and techniques
02/02/04 Cross-functional collaboration NEW
02/02/05 Relevant laws and regulations NEW

Task 02/03 Develop procedures/ techniques to measure and improve organizational productivity
Knowledge of:
02/03/01 Techniques for quantifying productivity/metrics/key performance indicators (KPI)
02/03/02 Data analysis techniques and cost-benefit analysis
02/03/03 Improvement techniques (for example, pilot programs, education and training) NEW

Task 02/04 Develop, implement, and manage security staffing processes and personnel development programs in order to achieve organizational objectives
Knowledge of:
02/04/01 Interview techniques for staffing
02/04/02 Candidate selection and evaluation techniques
02/04/03 Job analysis processes
02/04/04 Pre-employment background screening NEW
02/04/05 Principles of performance evaluations, 360 reviews, and coaching
02/04/06 Interpersonal and feedback techniques
02/04/07 Training strategies, methodologies, and resources
02/04/08 Retention strategies and methodologies NEW
02/04/09 Talent management and succession planning NEW


Task 02/05 Monitor and ensure a sound ethical climate in accordance with regulatory requirements and the organization’s directives and standards to support and promote proper business practices

Knowledge of:
02/05/01 Good governance standards
02/05/02 Guidelines for individual and corporate behavior
02/05/03 Generally accepted ethical principles
02/05/04 Confidential information protection techniques and methods
02/05/05 Legal and regulatory compliance NEW

Task 02/06 Provide advice and assistance to management and others in developing performance requirements and contractual terms for security vendors/suppliers NEW
Knowledge of:
02/06/01 Key concepts in the preparation of requests for proposals and bid reviews/evaluations NEW
02/06/02 Service Level Agreements (SLA) definition, measurement and reporting NEW
02/06/03 Contract law, indemnification, and liability insurance principles NEW

02/06/04 Monitoring processes to ensure that organizational needs and contractual requirements are being met NEW


Domain III: Investigations (10%)

Task 03/01 Identify, develop, implement, and manage investigative functions
Knowledge of:
03/01/01 Principles and techniques of policy and procedure development
03/01/02 Organizational objectives and cross-functional collaboration
03/01/03 Types of investigations (for example, incident, misconduct, compliance) NEW
03/01/04 Internal and external resources to support investigative functions
03/01/05 Report preparation for internal purposes and legal proceedings
03/01/06 Laws pertaining to developing and managing investigative programs NEW

Task 03/02 Manage or conduct the collection and preservation of evidence to support investigation actions
Knowledge of:
03/02/01 Evidence collection techniques
03/02/02 Protection/preservation of crime scene
03/02/03 Requirements of chain of custody
03/02/04 Methods for preservation of evidence
03/02/05 Laws pertaining to the collection and preservation of evidence NEW

Task 03/03 Manage or conduct surveillance processes
Knowledge of:
03/03/01 Surveillance techniques
03/03/02 Technology/equipment and personnel to conduct surveillance
03/03/03 Laws pertaining to managing surveillance processes NEW

Task 03/04 Manage and conduct investigations requiring specialized tools, techniques, and resources
Knowledge of:
03/04/01 Techniques, tools and resources related to:

Note Change: 03/05/04:
The use of human rights codes
for cautioned statements

Task 03/05 Manage or conduct investigative interviews
Knowledge of:
03/05/01 Methods and techniques of eliciting information
03/05/02 Techniques for detecting deception
03/05/03 The nature of non-verbal communication and cultural considerations
03/05/04 Rights of interviewees NEW
03/05/05 Required components of written statements
03/05/06 Laws pertaining to managing investigative interviews NEW

Task 03/06 Provide coordination, assistance, and evidence such as documentation and testimony to support legal counsel in actual or potential criminal and/or civil proceedings NEW
Knowledge of:
03/06/01 Statutes, regulations and case law governing or affecting the security industry and the protection of people, property and information NEW
03/06/02 Criminal law and procedures NEW
03/06/03 Civil law and procedures NEW
03/06/04 Employment law (e.g., wrongful termination, discrimination and harassment) NEW


Domain IV: Personnel Security (12%)

Task 04/01 Develop, implement, and manage background investigations for hiring, promotion, or retention of individuals
Knowledge of:
04/01/01 Background investigations and personnel screening techniques
04/01/02 Quality and types of information sources
04/01/03 Screening policies and guidelines NEW
04/01/04 Laws and regulations pertaining to personnel screening NEW

Task 04/02 Develop, implement, manage, and evaluate policies, procedures, programs and methods to protect individuals in the workplace against human threats (for example, harassment, violence)
Knowledge of:
04/02/01 Protection techniques and methods
04/02/02 Threat assessment
04/02/03 Prevention, intervention and response tactics
04/02/04 Educational and awareness program design and implementation
04/02/05 Travel security program
04/02/06 Laws, government, and labor regulations regarding organizational efforts to reduce employee substance abuse NEW

Note Change: 4/03/05:
Travel security programs

Task 04/03 Develop, implement, and manage executive protection programs
Knowledge of:
04/03/01 Executive protection techniques and methods
04/03/02 Risk analysis
04/03/03 Liaison and resource management techniques
04/03/04 Selection, costs, and effectiveness of proprietary and contract executive protection personnel


Domain V: Physical Security (25%)

Task 05/01 Conduct facility surveys to determine the current status of physical security
Knowledge of:
05/01/01 Security protection equipment and personnel
05/01/02 Survey techniques
05/01/03 Building plans, drawings, and schematics
05/01/04 Risk assessment techniques
05/01/05 Gap analysis NEW

Task 05/02 Select, implement, and manage physical security strategies to mitigate security risks
Knowledge of:
05/02/01 Fundamentals of security system design
05/02/02 Countermeasures
05/02/03 Budgetary projection development process
05/02/04 Bid package development and evaluation process
05/02/05 Vendor qualification and selection process
05/02/06 Final acceptance and testing procedures
05/02/07 Project management techniques
05/02/08 Cost-benefit analysis techniques
05/02/09 Labor-technology relationship NEW

Task 05/03 Assess the effectiveness of physical security measures by testing and monitoring
Knowledge of:
05/03/01 Protection personnel, technology, and processes
05/03/02 Audit and testing techniques

05/03/03 Preventive and corrective maintenance for systems NEW


Domain VI: Information Security (9%)   Old Weight (8%)
Note Change: 06/01/03:
Current methods used
to compromise information

Task 06/01 Conduct surveys of information asset facilities, processes, systems, and services to evaluate current status of information security program
Knowledge of:
06/01/01 Elements of an information security program, including physical security, procedural security, information systems security, employee awareness, and information destruction and recovery capabilities NEW
06/01/02 Survey techniques
06/01/03 Quantitative and qualitative risk assessments
06/01/04 Risk mitigation strategies (for example, technology, personnel, process, facility design) NEW
06/01/05 Cost-benefit analysis methods
06/01/06 Protection technology, equipment and procedures
06/01/07 Information security threats NEW
06/01/08 Building and system plans, drawings, and schematics

Note Change: 06/02/05:
Current trends and techniques
for compromising information

Task 06/02 Develop and implement policies and procedures to ensure information is evaluated and protected against all forms of unauthorized/ inadvertent access, use, disclosure, modification, destruction or denial
Knowledge of:
06/02/01 Principles of management
06/02/02 Information security theory and terminology
06/02/03 Information security industry standards (e.g., ISO, PII, PCI) NEW
06/02/04 Relevant laws and regulations regarding records management, retention, legal holds and destruction practices
06/02/05 Practices to protect proprietary information and intellectual property
06/02/06 Protection measures, equipment, and techniques; including information security processes, systems for physical access, data control, management, and information destruction

Note Change: Task 06/04:
Evaluate the effectiveness of the information
security program’s integrated security
controls, to include related policies,
procedures and plans, to ensure
consistency with organization strategy,
goals and objectives

Task 06/03 Develop and manage a program of integrated security controls and safeguards to ensure information asset protection including confidentiality, integrity, and availability
Knowledge of:
06/03/01 Elements of information asset protection including confidentiality, integrity, and availability, authentication, accountability, and audit ability of sensitive information and associated information technology resources, assets and investigations NEW
06/03/02 Information security theory and systems methodology
06/03/03 Multi-factor authentication techniques NEW
06/03/04 Threats and vulnerabilities assessment and mitigation
06/03/05 Ethical hacking and penetration testing techniques and practices NEW
06/03/06 Encryption and data masking techniques NEW
06/03/07 Systems integration techniques
06/03/08 Cost-benefit analysis methodology
06/03/09 Project management techniques
06/03/10 Budget development process
06/03/11 Vendor evaluation and selection process
06/03/12 Final acceptance and testing procedures, information systems, assessment, and security program documentation
06/03/13 Protection technology, investigations, and procedures
06/03/14 Training and awareness methodologies and procedures


Domain VII: Crisis Management (10%)    Old Weight (8%)
Note Change: 07/01/05:
Making the business case
to management

Task 07/01 Assess and prioritize threats to mitigate potential consequences of incidents
Knowledge of:
07/01/01 Threats by type, likelihood of occurrence, and consequences
07/01/02 “All hazards” approach to assessing threats NEW
07/01/03 Cost-benefit analysis
07/01/04 Mitigation strategies
07/01/05 Risk management and business impact analysis methodology
07/01/06 Business Continuity standards (e.g., ISO 22301) NEW

Task 07/02 Prepare and plan how the organization will respond to incidents
Knowledge of:
07/02/01 Resource management techniques
07/02/02 Emergency planning techniques
07/02/03 Triage and damage assessment techniques NEW
07/02/04 Communication techniques and notification protocols
07/02/05 Training and exercise techniques
07/02/06 Emergency operations center (EOC) concepts and design
07/02/07 Primary roles and duties in an incident command structure

Task 07/03 Respond to and manage an incident
Knowledge of:
07/03/01 Resource management techniques
07/03/02 EOC management principles and practices
07/03/03 Incident management systems and protocols NEW

Task 07/04 Recover from incidents by managing the recovery and resumption of operations
Knowledge of:
07/04/01 Resource management techniques
07/04/02 Short and long-term recovery strategies
07/04/03 Recovery assistance resources
07/04/04 Mitigation opportunities in the recovery process

 

Committee Positions

Chapter 134 thanks to Wallace Kelley of Securitas Security Services, Inc. for volunteering to take on the chair of the Young Professionals committee.

Mahalo to Joe Miller who is stepping down after several years as chair.  We wish Wallace the best of luck in his new position.