DOMAIN ONE: SECURITY FUNDAMENTALS (35%)
Task 1: Implement and coordinate the organization’s security program(s) to protect the organization’s assets
Knowledge of
- Security theory and terminology
- Project management techniques
- Security industry standards
- Protection techniques and methods
- Security program and procedures assessment
- Security principles of planning, organization, and control
Task 2: Implement methods to improve the security program on a continuous basis through the use of auditing, review, and assessment
Knowledge of
- Data collection and intelligence analysis techniques
- Continuous assessment and improvement processes
- Audit and testing techniques
Task 3: 3. Develop and coordinate external relations programs with public sector law enforcement or other external organizations to achieve security objectives
Knowledge of
- Roles and responsibilities of external organizations and agencies
- Local, national, and international public/private partnerships
- Methods for creating effective working relationships
Task 4: Develop, implement, and coordinate employee security awareness programs
Knowledge of
- The nature of verbal and non-verbal communication and cultural considerations
- Security industry standards
- Training methodologies
- Communication strategies, techniques, and methods
- Security awareness program objectives and metrics
Task 5: Implement and/or coordinate an investigative program
Knowledge of
- Report preparation for internal purposes and legal proceedings
- Components of investigative processes
- Types of investigations (e.g. incident, misconduct, compliance)
- Internal and external resources to support investigative functions
Task 6: Provide coordination, assistance, and evidence such as documentation and testimony to support legal proceedings
Knowledge of
- Required components of effective documentation (e.g. legal, employee, procedural, policy, compliance)
- Evidence collection and protection techniques
- Relevant laws and regulations regarding records management, retention, legal holds, and destruction practices
Task 7: Conduct background investigations for hiring, promotion, and/or retention of individuals
Knowledge of
- Background investigations and personnel screening techniques
- Quality and types of information and data sources
- Criminal, civil, and employment law and procedures
Task 8: Develop, implement, coordinate, and evaluate policies, procedures, programs and methods to protect individuals in the workplace against human threats (e.g. harassment, violence)
Knowledge of
- Principles and techniques of policy and procedure development
- Protection personnel, technology, and processes
- Regulations and standards governing or affecting the security industry and the protection of people, property, and information
- Educational and awareness program design and implementation
Task 9: Conduct and/or coordinate an executive/personnel protection program
Knowledge of
- Travel security program components
- Executive/personnel protection program components
- Protection personnel, technology, and processes
Task 10: Develop and/or maintain a physical security program for an organizational asset
Knowledge of
- Resource management techniques
- Preventive and corrective maintenance for systems
- Physical security protection equipment, technology, and personnel
- Security theory, techniques, and processes
- Fundamentals of security system design
Task 11: Recommend, implement, and coordinate physical security controls to mitigate security risks
Knowledge of
- Risk mitigation techniques (e.g. technology, personnel, process, facility design, infrastructure)
- Physical security protection equipment, technology, and personnel
- Security survey techniques
Task 12: Evaluate and integrate technology into security program to meet organizational goals
Knowledge of
- Surveillance techniques and technology
- Integration of technology and personnel
- Plans, drawings, and schematics
- Information security theory and systems methodology
Task 13: Coordinate and implement security policies that contribute to an information security program
Knowledge of
- Practices to protect proprietary information and intellectual property
- Information protection technology, investigations, and procedures
- Information security program components (e.g. asset protection, physical security, procedural security, information systems security, employee awareness, and information destruction and recovery capabilities)
- Information security threats
DOMAIN TWO: BUSINESS OPERATIONS (22%)
Task 1: Propose budgets and implement financial controls to ensure fiscal responsibility
Knowledge of
- Data analysis techniques and cost-benefit analysis
- Principles of business management accounting, control, and audits
- Return on Investment (ROI) analysis
- Fundamental business finance principles and financial reporting
- Budget planning process
- Required components of effective documentation (e.g. budget, balance sheet, vendor work order, contracts)
Task 2: Implement security policies, procedures, plans, and directives to achieve organizational objectives
Knowledge of
- Principles and techniques of policy/procedure development
- Guidelines for individual and corporate behavior
- Improvement techniques (e.g. pilot programs, education, and training)
Task 3. Develop procedures/techniques to measure and improve departmental productivity
Knowledge of
- Communication strategies, methods, and techniques
- Techniques for quantifying productivity/metrics/key performance indicators (KPI)
- Project management fundamentals tools and techniques
- Principles of performance evaluations, 360 reviews, and coaching
Task 4: Develop, implement, and coordinate security staffing processes and personnel development programs in order to achieve organizational objectives
Knowledge of
- Retention strategies and methodologies
- Job analysis processes
- Cross-functional collaboration
- Training strategies, methods, and techniques
- Talent management and succession planning
- Selection, evaluation, and interview techniques for staffing
Task 5: Monitor and ensure a sound ethical culture in accordance with regulatory requirements and organizational objectives
Knowledge of
- Interpersonal communications and feedback techniques
- Relevant laws and regulations
- Governance and compliance standards
- Generally accepted ethical principles
- Guidelines for individual and corporate behavior
Task 6: Provide advice and assistance in developing key performance indicators and negotiate contractual terms for security vendors/suppliers
Knowledge of
- Confidential information protection techniques and methods
- Relevant laws and regulations
- Key concepts in the preparation of requests for proposals and bid reviews/evaluations
- Service Level Agreements (SLA) definition, measurement and reporting
- Contract law, indemnification, and liability insurance principles
- Monitoring processes to ensure that organizational needs and contractual requirements are being met
- Vendor qualification and selection process
DOMAIN THREE: RISK MANAGEMENT (25%)
Task 1: Conduct initial and ongoing risk assessment processes
Knowledge of
- Risk management strategies (e.g. avoid, assume/accept, transfer, mitigate)
- Risk management and business impact analysis methodology
- Risk management theory and terminology (e.g. threats, likelihood, vulnerability, impact)
Task 2: Assess and prioritize threats to address potential consequences of incidents
Knowledge of
- Potential threats to an organization
- Holistic approach to assessing all-hazard threats
- Techniques, tools, and resources related to internal and external threats
Task 3: Prepare, plan, and communicate how the organization will identify, classify, and address risks
Knowledge of
- Risk management compliance testing (e.g. program audit, internal controls, self-assessment)
- Quantitative and qualitative risk assessments
- Risk management standards
- Vulnerability, threat, and impact assessments
Task 4: Implement and/or coordinate recommended countermeasures for new risk treatment strategies
Knowledge of`
- Countermeasures
- Mitigation techniques
- Cost-benefit analysis methods for risk treatment strategies
Task 5: Establish a business continuity or continuity of operations plan (COOP)
Knowledge of
- Business continuity standards
- Emergency planning techniques
- Risk analysis
- Gap analysis
Task 6: Ensure pre-incident resource planning (e.g. mutual aid agreements, table-top exercises)
Knowledge of
- Data collection and trend analysis techniques
- Techniques, tools, and resources related to internal and external threats
- Quality and types of information and data sources
- Holistic approach to assessing all-hazard threats
DOMAIN FOUR: RESPONSE MANAGEMENT (18%)
Task 1: Respond to and manage an incident using best practices
Knowledge of
- Primary roles and duties in an incident command structure
- Emergency operations center (EOC) management principles and practices
Task 2: Coordinate the recovery and resumption of operations following an incident
Knowledge of
- Recovery assistance resources
- Mitigation opportunities during response and recovery processes
Task 3: Conduct a post-incident review
Knowledge of
- Mitigation opportunities during response and recovery processes
- Post-incident review techniques
Task 4: Implement contingency plans for common types of incidents (e.g. bomb threat, active shooter, natural disasters)
Knowledge of
- Short- and long-term recovery strategies
- Incident management systems and protocols
Task 5: Identify vulnerabilities and coordinate additional countermeasures for an asset in a degraded state following an incident
Knowledge of
- Triage/prioritization and damage assessment techniques
- Prevention, intervention, and response tactics
Task 6: Assess and prioritize threats to mitigate consequences of incidents
Knowledge of
- Triage/prioritization and damage assessment techniques
- Resource management techniques
Task 7: Coordinate and assist with evidence collection for post-incident review (e.g. documentation, testimony)
Knowledge of
- Communication techniques and notification protocols
- Communication techniques and protocols of liaison
Task 8: Coordinate with emergency services during incident response
Knowledge of
- Emergency operations center (EOC) concepts and design
- Emergency operations center (EOC) management principles and practices
- Communication techniques and protocols of liaison
Task 9: Monitor the response effectiveness to incident(s)
Knowledge of
- Post-incident review techniques
- Incident management systems and protocols
Task 10: Communicate regular status updates to leadership and other key stakeholders throughout incident
Knowledge of
- Communication techniques and protocols of liaison
- Communication techniques and notification protocols
Task 11: Monitor and audit the plan of how the organization will respond to incidents
Knowledge of
- Training and exercise techniques
- Post-incident review techniques