DOMAIN ONE: PHYSICAL SECURITY ASSESSMENT (34% of examination)
Task 1: Develop a physical security assessment plan NEW
- Risk assessment models and considerations
- Qualitative and quantitative assessment methods
- Key areas of the facility or assets that may be involved in the assessment
- Types of resources needed for the assessment
Task 2: Identify assets to determine their value, criticality, and loss impact
- Definitions and terminology related to assets, value, loss impact, and criticality
- The nature and types of assets (tangible and intangible)
- How to determine value for various types of assets and business operations NEW
Task 3: Assess the nature of the threats so that the scope of the problem can be determined
- The nature, types, severity, and likelihood of threats and hazards (e.g., natural disasters, cyber, criminal events, terrorism, socio-political, cultural) NEW
- Operating environment (e.g., geography, socioeconomic environment, criminal activity) NEW
- Potential impact of external organizations (e.g., competitors, supply chain, organizations in immediate proximity) on facility's security program
- Other external factors (e.g., legal, loss of reputation, economic) and their impact on the facility's security program NEW
Task 4: Conduct an assessment to identify and quantify vulnerabilities of the organization
- Relevant data and methods for collection (e.g., security survey, interviews, past incident reports, crime statistics, employee issues, issues experienced by other similar organizations)
- Qualitative and quantitative methods for assessing vulnerabilities to probable threats and hazards
- Existing equipment, physical security systems, personnel, and procedures
- Effectiveness of security technologies and equipment currently in place
- Interpretation of building plans, drawings and schematics
- Applicable standards/regulations/codes and where to find them
- Environmental factors and conditions (e.g., facility location, architectural barriers, lighting, entrances) that impact physical security
Task 5: Perform a risk analysis so that appropriate countermeasures can be developed
- Risk analysis strategies and methods
- Risk management principles
- Methods for analysis and interpretation of collected data
- Threat and vulnerability identification NEW
- Loss event profile analyses
- Appropriate countermeasures related to specific risks
- Cost benefit analysis (e.g. return on investment (ROI) analysis, total cost of ownership)
- Legal and regulatory considerations related to various countermeasures/security applications (e.g., video surveillance, privacy issues, personally identifiable information)
DOMAIN TWO: APPLICATION, DESIGN, AND INTEGRATION OF PHYSICAL SECURITY SYSTEMS (34% of examination)
Task 1: Establish security program performance requirements
- Design constraints (e.g. regulations, budget, cost, materials, equipment and system compatibility)
- Applicability of risk analysis results
- Relevant security terminology and concepts
- Applicable codes, standards and guidelines
- Functional requirements (e.g., system capabilities, features, fault tolerance)
- Performance requirements (e.g., technical capability, systems design capacities)
- Operational requirements (e.g., policies, procedures, staffing)
- Success metrics
Task 2: Determine appropriate physical security measures NEW
- Structural security measures (e.g., barriers, lighting, locks, blast mitigation, ballistic protection)
- Crime prevention through environmental design (CPTED) concepts
- Electronic security systems (e.g., access control, video surveillance, intrusion detection)
- Security staffing (e.g., officers, technicians, management)
- Personnel, package, and vehicle screening
- Emergency notification systems
- Principles of data storage and management
- Principles of network infrastructure and network security
- Security audio communications (e.g., radio, telephone, intercom, IP audio)
- Systems monitoring and display (control centers/consoles)
- Systems redundancy alternative power sources (battery, UPS, generators, surge protection)
- Signal and data transmission methods
- Considerations regarding Personally Identifiable Information (physical/logical/biometric)
- Visitor management systems and circulation control
Task 3: Design physical security system and prepare construction and procurement documentation
- Design phases (pre-design, schematic design, design development, construction documentation)
- Design elements (e.g., calculations, drawings, specifications, review of manufacturer's data, technical data)
- Construction specification standards (e.g., Constructions Specifications Institute, Owner’s equipment standards, American Institute of Architects MasterSpec)
- Systems integration (e.g., technical approach, connecting with non-security systems)
- Project management concepts
- Scheduling (e.g., Gantt charts, PERT charts, milestones and objectives)
- Cost estimation and cost-benefit analysis of design options
- Value engineering
DOMAIN THREE: IMPLEMENTATION OF PHYSICAL SECURITY MEASURES (32% of examination)
Task 1: Outline criteria for pre-bid meeting to ensure comprehensiveness and appropriateness of implementation
- Bid package components
- Criteria for evaluation of bids
- Technical compliance criteria
- Ethics in contracting
Task 2: Procure system to address risks identified
- Project management functions and processes throughout the system life cycle NEW
- Vendor pre-qualification (interviews and due diligence)
- Procurement process
Task 3: Conduct final acceptance testing and implement/provide procedures for ongoing monitoring and evaluation of the measures NEW
- Installation and inspection techniques
- Systems integrations
- Commissioning
- Installation problem resolution (punchlists)
- Systems configuration management
- Final acceptance testing criteria NEW
- End-user training requirements
Task 4: Implement procedures for ongoing monitoring and evaluation throughout the system life cycle
- Maintenance inspection techniques
- Test and acceptance criteria
- Warranty types
- Ongoing maintenance, inspections, and upgrades
- Ongoing training requirements
- Systems disposal and replacement processes
Task 5: Develop requirements for personnel involved in support of the security program
- Roles, responsibilities and limitations of security personnel (including proprietary (in-house) and contract security staff)
- Human resource management
- Security personnel training, development and certification
- General, post and special orders
- Security personnel uniforms and equipment
- Personnel performance review and improvement processes
- Methods to provide security awareness training and education for non-security personnel