Skip Navigation LinksASIS International / Certification / Board Certifications / CPP / CPP Exam Domains and Knowledge Statements

CPP Exam Domains and Knowledge Statements

Domain I: Security Principles and Practices (21%)  Old Weight  (19%)

Task 01/01 Plan, develop, implement, and manage the organization’s security program to protect the organization’s assets
Knowledge of:
01/01/01 Principles of planning, organization, and control
01/01/02 Security theory, techniques, and processes
01/01/03 Security industry standards NEW
01/01/04 Continuous assessment and improvement processes NEW
01/01/05 Cross-functional organizational collaboration NEW

Task 01/02 Develop, manage, or conduct the security risk assessment process
Knowledge of:
01/02/01 Quantitative and qualitative risk assessments
01/02/02 Vulnerability, threat, and impact assessments
01/02/03 Potential security threats (for example, all hazards, criminal activity) NEW

Task 01/03 Evaluate methods to improve the security program on a continuous basis through the use of auditing, review, and assessment
Knowledge of:
01/03/01 Cost-benefit analysis methods
01/03/02 Risk management strategies (for example, avoid, assume/accept, transfer, spread)
01/03/03 Risk mitigation techniques (for example, technology, personnel, process, facility design) NEW
01/03/04 Data collection and trend analysis techniques NEW

Task 01/04 Develop and manage external relations programs with public sector law enforcement or other external organizations to achieve security objectives
Knowledge of:
01/04/01 Roles and responsibilities of external organization and agencies
01/04/02 Methods for creating effective working relationships
01/04/03 Techniques and protocols of liaison
01/04/04 Local and national Public/Private Partnerships  NEW

Task 01/05 Develop, implement, and manage employee security awareness programs to achieve organizational goals and objectives
Knowledge of:
01/05/01 Training methodologies
01/05/02 Communication strategies, techniques, and methods
01/05/03 Awareness program objectives and program metrics NEW

01/05/04 Elements of a security awareness program (for example, roles and responsibilities, physical risk, communication risk, privacy) NEW


Domain II: Business Principles and Practices (13%)  Old Weight (11%)

Task 02/01 Develop and manage budgets and financial controls to achieve fiscal responsibility
Knowledge of:
02/01/01 Principles of management accounting, control, and audits
02/01/02 Business finance principles and financial reporting
02/01/03 Return on Investment (ROI) analysis
02/01/04 The lifecycle for budget planning purposes

Note Change: 02/02/04:
Preventive and corrective
maintenance for systems

Task 02/02 Develop, implement, and manage policies, procedures, plans, and directives to achieve organizational objectives
Knowledge of:
02/02/01 Principles and techniques of policy/procedures development
02/02/02 Communication strategies, methods, and techniques
02/02/03 Training strategies, methods, and techniques
02/02/04 Cross-functional collaboration NEW
02/02/05 Relevant laws and regulations NEW

Task 02/03 Develop procedures/ techniques to measure and improve organizational productivity
Knowledge of:
02/03/01 Techniques for quantifying productivity/metrics/key performance indicators (KPI)
02/03/02 Data analysis techniques and cost-benefit analysis
02/03/03 Improvement techniques (for example, pilot programs, education and training) NEW

Task 02/04 Develop, implement, and manage security staffing processes and personnel development programs in order to achieve organizational objectives
Knowledge of:
02/04/01 Interview techniques for staffing
02/04/02 Candidate selection and evaluation techniques
02/04/03 Job analysis processes
02/04/04 Pre-employment background screening NEW
02/04/05 Principles of performance evaluations, 360 reviews, and coaching
02/04/06 Interpersonal and feedback techniques
02/04/07 Training strategies, methodologies, and resources
02/04/08 Retention strategies and methodologies NEW
02/04/09 Talent management and succession planning NEW

Task 02/05 Monitor and ensure a sound ethical climate in accordance with regulatory requirements and the organization’s directives and standards to support and promote proper business practices
Knowledge of:
02/05/01 Good governance standards
02/05/02 Guidelines for individual and corporate behavior
02/05/03 Generally accepted ethical principles
02/05/04 Confidential information protection techniques and methods
02/05/05 Legal and regulatory compliance NEW

Task 02/06 Provide advice and assistance to management and others in developing performance requirements and contractual terms for security vendors/suppliers NEW
Knowledge of:
02/06/01 Key concepts in the preparation of requests for proposals and bid reviews/evaluations NEW
02/06/02 Service Level Agreements (SLA) definition, measurement and reporting NEW
02/06/03 Contract law, indemnification, and liability insurance principles NEW

02/06/04 Monitoring processes to ensure that organizational needs and contractual requirements are being met NEW


Domain III: Investigations (10%)    

Task 03/01 Identify, develop, implement, and manage investigative functions
Knowledge of:
03/01/01 Principles and techniques of policy and procedure development
03/01/02 Organizational objectives and cross-functional collaboration
03/01/03 Types of investigations (for example, incident, misconduct, compliance) NEW
03/01/04 Internal and external resources to support investigative functions
03/01/05 Report preparation for internal purposes and legal proceedings
03/01/06 Laws pertaining to developing and managing investigative programs NEW

Task 03/02 Manage or conduct the collection and preservation of evidence to support investigation actions
Knowledge of:
03/02/01 Evidence collection techniques
03/02/02 Protection/preservation of crime scene
03/02/03 Requirements of chain of custody
03/02/04 Methods for preservation of evidence
03/02/05 Laws pertaining to the collection and preservation of evidence NEW

Task 03/03 Manage or conduct surveillance processes
Knowledge of:
03/03/01 Surveillance techniques
03/03/02 Technology/equipment and personnel to conduct surveillance
03/03/03 Laws pertaining to managing surveillance processes NEW

Task 03/04 Manage and conduct investigations requiring specialized tools, techniques, and resources
Knowledge of:
03/04/01 Techniques, tools and resources related to:

  • financial and fraud related crimes
  • intellectual property and industrial espionage crimes
  • arson and property crimes
  • cybercrimes
Note Change: 03/05/04:
The use of human rights codes
for cautioned statements

Task 03/05 Manage or conduct investigative interviews
Knowledge of:
03/05/01 Methods and techniques of eliciting information
03/05/02 Techniques for detecting deception
03/05/03 The nature of non-verbal communication and cultural considerations
03/05/04 Rights of interviewees NEW
03/05/05 Required components of written statements
03/05/06 Laws pertaining to managing investigative interviews NEW

Task 03/06 Provide coordination, assistance, and evidence such as documentation and testimony to support legal counsel in actual or potential criminal and/or civil proceedings NEW
Knowledge of:
03/06/01 Statutes, regulations and case law governing or affecting the security industry and the protection of people, property and information NEW
03/06/02 Criminal law and procedures NEW
03/06/03 Civil law and procedures NEW
03/06/04 Employment law (e.g., wrongful termination, discrimination and harassment) NEW


Domain IV: Personnel Security (12%)    

Task 04/01 Develop, implement, and manage background investigations for hiring, promotion, or retention of individuals
Knowledge of:
04/01/01 Background investigations and personnel screening techniques
04/01/02 Quality and types of information sources
04/01/03 Screening policies and guidelines NEW
04/01/04 Laws and regulations pertaining to personnel screening NEW

Task 04/02 Develop, implement, manage, and evaluate policies, procedures, programs and methods to protect individuals in the workplace against human threats (for example, harassment, violence)
Knowledge of:
04/02/01 Protection techniques and methods
04/02/02 Threat assessment
04/02/03 Prevention, intervention and response tactics
04/02/04 Educational and awareness program design and implementation
04/02/05 Travel security program
04/02/06 Laws, government, and labor regulations regarding organizational efforts to reduce employee substance abuse NEW

Note Change: 4/03/05:
Travel security programs

Task 04/03 Develop, implement, and manage executive protection programs
Knowledge of:
04/03/01 Executive protection techniques and methods
04/03/02 Risk analysis
04/03/03 Liaison and resource management techniques
04/03/04 Selection, costs, and effectiveness of proprietary and contract executive protection personnel


Domain V: Physical Security (25%)     

Task 05/01 Conduct facility surveys to determine the current status of physical security
Knowledge of:
05/01/01 Security protection equipment and personnel
05/01/02 Survey techniques
05/01/03 Building plans, drawings, and schematics
05/01/04 Risk assessment techniques
05/01/05 Gap analysis NEW

Task 05/02 Select, implement, and manage physical security strategies to mitigate security risks
Knowledge of:
05/02/01 Fundamentals of security system design
05/02/02 Countermeasures
05/02/03 Budgetary projection development process
05/02/04 Bid package development and evaluation process
05/02/05 Vendor qualification and selection process
05/02/06 Final acceptance and testing procedures
05/02/07 Project management techniques
05/02/08 Cost-benefit analysis techniques
05/02/09 Labor-technology relationship NEW

Task 05/03 Assess the effectiveness of physical security measures by testing and monitoring
Knowledge of:
05/03/01 Protection personnel, technology, and processes
05/03/02 Audit and testing techniques

05/03/03 Preventive and corrective maintenance for systems NEW


Domain VI: Information Security (9%)   Old Weight (8%)
Note Change: 06/01/03:
Current methods used
to compromise information

Task 06/01 Conduct surveys of information asset facilities, processes, systems, and services to evaluate current status of information security program
Knowledge of:
06/01/01 Elements of an information security program, including physical security, procedural security, information systems security, employee awareness, and information destruction and recovery capabilities NEW
06/01/02 Survey techniques
06/01/03 Quantitative and qualitative risk assessments
06/01/04 Risk mitigation strategies (for example, technology, personnel, process, facility design) NEW
06/01/05 Cost-benefit analysis methods
06/01/06 Protection technology, equipment and procedures
06/01/07 Information security threats NEW
06/01/08 Building and system plans, drawings, and schematics

Note Change: 06/02/05:
Current trends and techniques
for compromising information

Task 06/02 Develop and implement policies and procedures to ensure information is evaluated and protected against all forms of unauthorized/ inadvertent access, use, disclosure, modification, destruction or denial
Knowledge of:
06/02/01 Principles of management
06/02/02 Information security theory and terminology
06/02/03 Information security industry standards (e.g., ISO, PII, PCI) NEW
06/02/04 Relevant laws and regulations regarding records management, retention, legal holds and destruction practices 
06/02/05 Practices to protect proprietary information and intellectual property
06/02/06 Protection measures, equipment, and techniques; including information security processes, systems for physical access, data control, management, and information destruction

Task 06/03 Develop and manage a program of integrated security controls and safeguards to ensure information asset protection including confidentiality, integrity, and availability

Note Change: Task 06/04:
Evaluate the effectiveness of the information
security program’s integrated security
controls, to include related policies,
procedures and plans, to ensure
consistency with organization strategy,
goals and objectives

Knowledge of:
06/03/01 Elements of information asset protection including confidentiality, integrity, and availability, authentication, accountability, and audit ability of sensitive information and associated information technology resources, assets and investigations NEW
06/03/02 Information security theory and systems methodology
06/03/03 Multi-factor authentication techniques NEW
06/03/04 Threats and vulnerabilities assessment and mitigation
06/03/05 Ethical hacking and penetration testing techniques and practices NEW
06/03/06 Encryption and data masking techniques NEW
06/03/07 Systems integration techniques
06/03/08 Cost-benefit analysis methodology
06/03/09 Project management techniques
06/03/10 Budget development process
06/03/11 Vendor evaluation and selection process
06/03/12 Final acceptance and testing procedures, information systems, assessment, and security program documentation
06/03/13 Protection technology, investigations, and procedures
06/03/14 Training and awareness methodologies and procedures


Domain VII: Crisis Management (10%)    Old Weight (8%)
Note Change: 07/01/05:
Making the business case
to management

Task 07/01 Assess and prioritize threats to mitigate potential consequences of incidents
Knowledge of:
07/01/01 Threats by type, likelihood of occurrence, and consequences
07/01/02 “All hazards” approach to assessing threats NEW
07/01/03 Cost-benefit analysis
07/01/04 Mitigation strategies
07/01/05 Risk management and business impact analysis methodology
07/01/06 Business Continuity standards (e.g., ISO 22301) NEW

Task 07/02 Prepare and plan how the organization will respond to incidents
Knowledge of:
07/02/01 Resource management techniques
07/02/02 Emergency planning techniques
07/02/03 Triage and damage assessment techniques NEW
07/02/04 Communication techniques and notification protocols
07/02/05 Training and exercise techniques
07/02/06 Emergency operations center (EOC) concepts and design
07/02/07 Primary roles and duties in an incident command structure

Task 07/03 Respond to and manage an incident
Knowledge of:
07/03/01 Resource management techniques
07/03/02 EOC management principles and practices
07/03/03 Incident management systems and protocols NEW

Task 07/04 Recover from incidents by managing the recovery and resumption of operations
Knowledge of:
07/04/01 Resource management techniques
07/04/02 Short and long-term recovery strategies
07/04/03 Recovery assistance resources
07/04/04 Mitigation opportunities in the recovery process