CHAPTER CPP STUDY SESSION

1

CHAPTER CPP STUDY SESSION

Chapter 159 CY2016 Study Session ConceptApproved 15 Nov 2015

09 December 2015

Mr. Stephen P. Perkins, PMP, CPPChapter CPP Prep Chairman

CY2016 CPP Study Session Concept

• Chapter conducts two CPP Study Sessions in 2016 ... defined as a ~8 week prep session. The preparation cycle ends with candidates taking the test within the semi-annual period.

• Each week explores one, but NMT two, domain ... 2.5 hour session. Some domains may need more than one day in the week, or some might not need as much.

• Primary and Alternate Instructors attend their sessions; encouraged to attend others

• Use of Chapter CPPs designed to leverage their expertise and provide them opportunities to maintain their expertise … also provides them CPP recertification points

• Focused use of instructors minimizes their use to “power” sessions

• Optimize technology when possible … use hard & digital copies of POAs/Standards/ Guidelines … Venue for the sessions is … TBD

• Requires CPP candidate participation inside and outside the weekly sessions … missed classes are missed opportunities

• This CPP Study Session will NOT include separate Focus Area sessions, nor a weekend CPP Review. All CPP Facilitators will attend end of session reviews

2As of 02 Nov 2015Mr. Stephen P. Perkins, PMP, CPP

CPP Study Session Concept

3As of 15 Nov 2015Mr. Stephen P. Perkins, PMP, CPP

• Study Session – 7 Domains + Legal (BY WEEK)

1 – Security Principles and Practices

2 – Business Principles and Practices

3 – Investigations

4 – Physical Security

5 – Personnel Security

6 – Information Security

7 – Crisis Management

X – Legal

NOTE: Facilitators will work Guidelines and Standards into their Domains

• Study Session Specifics

1 – Dates: Every Thursday and Selected Tuesdays

2 – Times: 1800 – 2030 (last thirty minutes for quizzes)

3 – Location: TBD

4 – References: POAs, Guidelines (4), Standards (4), and Green CPP Study Guide

CPP Study Session ConceptCPP Study Model

CPP StudyPrep

Modules 1-4 Modules5-7/X

CPP TestingCPPStudy AAR

FOCUS AREAS

AREA 1 – Sensors AREA 2 – Lighting AREA 3 – Locks AREA 4 – CPTED 4

As of 15 Nov 2015Mr. Stephen P. Perkins, PMP, CPP

Modules 1-4 Modules5-7/X

CPP StudyPrep

CPPStudy AAR

CPPFocus Areas

CPPTesting

CPP Study Session ConceptFacilitator Assignments – Modules 1-4

As of 15 Nov 2015 5Mr. Stephen P. Perkins, PMP, CPP

Date Section Primary Facilitator Alternate Facilitator

Session

0 - Tues

Orientation Day Steve Perkins, CPP

Session

1A - Thu

Physical Security - #1 Darryll DeCotis, CPP

Session

1B - Tues


Session

1C - Thu


Session

2A - Tues

Security Principles - #1 Barry Watkins, CPP

Session

2B - Thu

Security Principles - #2 Barry Watkins, CPP

Session

3 - Thu

Investigations Gary Chlebus, CPP

Session

4 - Thu

Business Principles Al Kittredge, CPP John Wolf, CPP

NOTE: Names are notional

As of 15 Nov 2015 6Mr. Stephen P. Perkins, PMP, CPP

Date Section Primary Facilitator Alternate Facilitator

Session

5 - Thu

Personnel Security John Wolf, CPP

Session

6 - Thu

Information Security Steve Perkins, CPP Dan Jutson, CISSP

Session

7 - Thu

Crisis Management Dan Brand, CPP

Session

8 - Thu

Legal Gary Chlebus, CPP

Session

9- Tues

Session Review Steve Perkins, CPP Darryll DeCotis, CPP

Session

10 - Thu

Assessment Steve Perkins, CPP Darryll DeCotis, CPP


CPP Study Session ConceptFacilitator Assignments – Modules 5-8

CPP Study Session ConceptFacilitator Assignments – Session 16-01

As of 09 Dec 2015 7Mr. Stephen P. Perkins, PMP, CPP

Date Section Primary Facilitator

0 – Tues

14 Jan 16

Orientation Day Steve Perkins, CPP

1A – Thur

04 Feb 16

Physical

Security - #1

Darryll DeCotis, CPP

1B – Tues

09 Feb 16

Physical

Security - #2


1C – Thur

11 Feb 16

Physical

Security - #3


2A – Tues

16 Feb 16

Security

Principles - #1

Barry Watkins, CPP

2B – Thur

18 Feb 16

Security

Principles - #2

Barry Watkins, CPP

3 – Thur

25 Feb 16

Investigations Gary Chlebus, CPP


Date Section Primary Facilitator

4 – Thur

03 Mar 16

Business

Principles

Al Kittredge, CPP

5 – Thur

10 Mar 16

Personnel

Security

John Wolf, CPP

6 – Thur

17 Mar 16

Information

Security

Steve Perkins, CPP

7 – Thur

24 Mar 16

Crisis

Management

Dan Brand, CPP

8 – Thur

31 Mar 16

Legal Gary Chlebus, CPP

9- Tues

07 Apr 16

Session Review Steve Perkins, CPP

8

LOCATION: Trustee's Building (very first building) Room T-107

Appears to be #45 on the map

CPP Study Session ConceptInstruction Location


• The first and most rigorous component of becoming a CPP is meeting the eligibility requirements. As with most Board Certifications, the qualifications are strict and require substantial experience. While many candidates place considerable emphasis on the exam, the eligibility requirements set Board Certification apart from a course certificate or a degree program. Only those candidates who meet the rigors of the eligibility requirements can sit for the exam.

• The CPP Exam is an assessment of a candidate’s depth of knowledge. An item writing team monitored by the ASIS Professional Certification Board (PCB), a group of volunteer leaders within ASIS, constructs the CPP exam. The exam items or questions relate to specific knowledge, skills, and tasks under eight domains. There may be thousands of exam items within the item bank. However, each candidate will see only 225 multiple-choice questions covering all of the domains. The item writing team references each of the items to Protection of Assets (POA) or an ASIS standard.

9

CPP Study Session ConceptWhy the CPP?

As of 28 May 2015Mr. Stephen P. Perkins, PMP, CPP

1 - Security Principles and Practices (21%)

2 - Business Principles and Practices (13%)

3 - Investigations (10%)

4 - Personnel Security (12%)

5 - Physical Security (25%)

6 - Information Security (09%)

7 - Crisis Management (10%)

10

CPP Study Session ConceptWhat are the CPP Domains?

As of 01 Nov 2015*** Effective 1 Mar 2016 ***

Mr. Stephen P. Perkins, PMP, CPP

• Task 01/01 Plan, direct, implement, and manage the organization’s security program to protect the organization’s assets – Knowledge of: Principles of planning, organization, and control; Security theory, techniques, and processes;

Security industry standards NEW; Continuous assessment and improvement processes NEW; and Cross-functional organizational collaboration NEW

• Task 01/02 Develop, manage, or conduct the security risk assessment process – Knowledge of: Quantitative and qualitative risk assessments; Vulnerability, threat, and impact assessments; and Potential

security threats (for example, all hazards, criminal activity) NEW

• Task 01/03 Evaluate methods to improve the security program on a continuous basis through the use of auditing, review and assessment – Knowledge of: Cost-benefit analysis methods; Risk management strategies (for example, avoid, assume/accept, transfer,

spread); Risk mitigation techniques (for example, technology, personnel, process, facility design) NEW; and Data collection and trend analysis techniques NEW

• Task 01/04 Develop and manage external relations programs with public sector law enforcement or other external organizations to achieve loss prevention objectives – Knowledge of: Roles and responsibilities of external organization and agencies; Methods for creating effective working

relationships; and Techniques and protocols of liaison, and Local and national Public/Private Partnerships (example Fusion Centers) NEW

• Task 01/05 Develop, implement, and manage employee security awareness programs to achieve organizational goals and objectives – Knowledge of: Training methodologies; Communication strategies, techniques, and methods; Awareness program objectives

and program metrics NEW; and Elements of a security awareness program (for example, roles and responsibilities, physical risk, communication risk, privacy) NEW

11

CPP Study Session ConceptSecurity Principles & Practices (21%)


• Task 02/01 Develop and manage budgets and financial controls to achieve fiscal

responsibility– Knowledge of: Principles of management accounting, control, and audits; Business finance principles and financial reporting;

Calculation & interpretation of Return on Investment (ROI); and The lifecycle for budget planning purposes

• Task 02/02 Develop, implement, and manage policies, procedures, plans and directives to achieve organizational objectives – Knowledge of: Principles and techniques of policy/procedures development; Communication strategies, methods, and

techniques; Training strategies, methods, and techniques; and Preventive and corrective maintenance for systems; Cross-functional collaboration NEW; and Relevant laws and regulations NEW

• Task 02/03 Develop procedures/techniques to measure and improve organizational

productivity – Knowledge of: Techniques for quantifying productivity/metrics/key performance indicators (KPI); and Data analysis

techniques and ROI

• Task 02/04 Develop, implement, and manage security staffing processes and personnel development programs in order to achieve organizational objectives – Knowledge of: Interview techniques for staffing; Candidate selection and evaluation techniques; Job analysis processes; Pre-

employment background screening NEW; Principles of performance evaluations, 360 reviews, and coaching; Interpersonal and feedback techniques; Training strategies, methodologies, and resources; and Human Capital Management; Retention strategies and methodologies NEW; and Talent management and succession planning NEW

CPP Study Session ConceptBusiness Principles & Practices (13%)


1 of 211

• Task 02/05 Monitor and ensure a sound ethical climate in accordance with the regulatory requirements and the organization’s directives and standards to support and promote proper

business practices – Knowledge of: Good governance standards; Guidelines for individual and corporate behavior; Generally accepted ethical

principles; Confidential information protection techniques and methods; and Legal and regulatory compliance NEW

• Task 02/06 Provide advice and assistance to management and others in developing

performance requirements and contractrual terms for security vendors/supplier NEW– Knowledge of: Key concepts in the preparation of requests for proposals and bid reviews/evaluations NEW; Service Level

Agreements (SLA) definition, measurement and reporting NEW; and Contract law, indemnification, and liability insurance principles NEW

CPP Study Session ConceptBusiness Principles & Practices (13%)


2 of 212

• Task 03/01 Identify, develop, implement, and manage Investigation functions– Knowledge of: Principles and techniques of policy and procedure development; Organizational objectives and cross-

functional collaboration; Types of investigations (for example, incident, misconduct, compliance) NEW; Internal and external resources to support investigative functions; Report preparation for internal purposes and legal proceedings; and Laws pertaining to developing and managing investigative programs NEW

• Task 03/02 Manage or conduct the collection and preservation of evidence to support post-investigation actions – Knowledge of: Evidence collection techniques; Protection/preservation of crime scene; Requirements of chain of custody;

Methods for preservation of evidence; and Laws pertaining to the collection and preservation of evidence NEW

• Task 03/03 Manage or conduct surveillance processes – Knowledge of: Surveillance techniques; and Technology/equipment and human resources; and Laws pertaining to managing

surveillance processes NEW

• Task 03/04 Manage and conduct investigations requiring specialized tools, techniques, and resources– Knowledge of: Techniques, tools and resources related to Financial and fraud related crimes; Intellectual property and

industrial espionage crimes; arson and property crimes; and cybercrimes

CPP Study Session ConceptInvestigations (10%)

As of 01 Nov 2015Mr. Stephen P. Perkins, PMP, CPP19

1 of 2

• Task 03/05 Manage or conduct investigative interviews – Knowledge of: Methods and techniques of eliciting information; Techniques for detecting deception; The nature of non-

verbal communication; Rights of interviewees NEW; Required components of written statements; Laws pertaining to managing investigative interviews NEW

• Task 03/06 Provide coordination, assistance, and evidence such as documentation and testimony to support legal counsel in actual or potential criminal and/or civil proceedings NEW– Knowledge of: Criminal law and procedures NEW; Civil law and procedures NEW; Employment law (e.g., wrongful

termination, discrimination and harassment) NEW

CPP Study Session ConceptInvestigations (10%)


2 of 2

• Task 04/01 Develop, implement, and manage background investigations for hiring, promotion, or retention of individuals– Knowledge of: Background investigations and employment screening techniques; quality and types of Information source;

Screening policies and guidelines NEW; and Laws and regulations pertaining to personnel screening NEW

• Task 04/02 Develop, implement, manage, and evaluate policies, procedures, programs and methods to protect individuals in the workplace against harassment, threats, and violence – Knowledge of: Protection techniques and methods; Threat assessment; Prevention, intervention and response tactics;

Educational and awareness program design and implementation; Travel security programs; and Laws, government, and labor regulations regarding organizational efforts to reduce employee substance abuse NEW

• Task 04/03 Develop, implement, and manage executive protection programs – Knowledge of: Executive protection techniques and methods; Risk analysis; Liaison and resource management techniques;

Selection, costs, and effectiveness of proprietary and contract executive protection personnel

June – July 2015 CPP Study SessionPersonnel Security (12%)


• Task 05/01 Conduct facility survey to determine the current status of physical security – Knowledge of: Security protection equipment and personnel; Survey techniques; Building plans, drawings, and schematics;

Risk assessment techniques; Gap analysis NEW

• Task 05/02 Select, implement, and manage physical security strategies to mitigate security risks– Knowledge of: Fundamentals of security system design; Countermeasures; Budgetary projection development process; Bid

package development and evaluation process; Vendor qualification and selection process; Final acceptance and testing procedures; Project management techniques; Cost-benefit analysis techniques; and Labor-technology relationship NEW

• Task 05/03 Assess the effectiveness of security measures by testing and monitoring– Knowledge of: Protection personnel, technology and processes; Audit and testing techniques; and Preventive and

corrective maintenance for systems NEW

CPP Study Session ConceptPhysical Security (25%)


• Task 06/01 Conduct surveys of information asset facilities, processes, systems, and services to evaluate current status of information security programs – Knowledge of: Elements of an information security program, including physical security, procedural security, information

systems security, employee awareness, and information destruction and recovery capabilities NEW; Survey techniques; Quantitative and qualitative risk assessments; Risk mitigation strategies (for example, technology, personnel, process, facility design) NEW; Cost-benefit analysis methods; Protection technology, equipment and procedures; Information security threats NEW; and Building and system plans, drawings, and schematics

• Task 06/02 Develop and implement policies and standards to ensure information is evaluated and protected against all forms of unauthorized/inadvertent access, use, disclosure, modification, destruction or denial – Knowledge of: Principles of management; Information security theory and terminology; Laws pertaining to protection

requirements for proprietary information and intellectual property; Information security industry standards (e.g., ISO, PII, PCI) NEW; Relevant laws and regulations regarding records management, retention, legal holds and destruction practices; Practices to protect proprietary information and intellectual property; Protection measures, equipment, and techniques; including information security processes, systems for physical access, data control, management, and information destruction

CPP Study Session ConceptInformation Security (09%)


1 of 2

• Task 06/03 Develop and manage a program of integrated security controls and safeguards to ensure information asset protection including confidentiality, integrity, and availability – Knowledge of: Elements of information asset protection including confidentiality, integrity, and availability, authentication,

accountability, and audit ability of sensitive information and associated information technology resources, assets and investigations NEW; Information security theory and systems methodology; Multi-factor authentication techniques NEW; Threats and vulnerabilities assessment and mitigation; Ethical hacking and penetration testing techniques and practices NEW; Encryption and data masking techniques NEW; Systems integration techniques; Cost-benefit analysis methodology; Project management techniques; Budget development process; Vendor evaluation and selection process; Final acceptance and testing procedures, information systems, assessment, and security program documentation; Protection technology, investigations, and procedures; and Training and awareness methodologies and procedures

CPP Study Session ConceptInformation Security (09%)


2 of 2

• Task 07/01 Assess and prioritize threats to mitigate potential consequences of incidents– Knowledge of: Threats by type, likelihood of occurrence, and consequences; “All hazards” approach to assessing threats

NEW; Cost-benefit analysis; Mitigation strategies; Risk management and business impact analysis methodology; Business Continuity standards (e.g., ISO 22301) NEW

• Task 07/02 Prepare and plan how the organization will respond to incidents– Knowledge of: Resource management techniques; Emergency planning techniques; Triage and damage assessment

techniques NEW; Communication techniques and notification protocols; Training and exercise techniques; Emergency operations center (EOC) concepts and design; and Primary roles and duties in an incident command structure

• Task 07/03 Respond to and manage an incident – Knowledge of: Resource management techniques; EOC management principles and practices; and Incident management

systems and protocols NEW

• Task 07/04 Recover from incidents by managing the recovery and resumption of operations – Knowledge of: Resource management techniques; Short and long-term recovery strategies; Recovery assistance resources;

and Mitigation opportunities in the recovery process

CPP Study Session ConceptCrisis Management

As of 28 May 2015Mr. Stephen P. Perkins, PMP, CPP19

• As you read the reference material, you may realize security is an art as well as a science.There may be multiple solutions for one situation. Remember as you study, the exam items are based on what most security professionals feel is the best solution for a given situation—not what you necessarily use in your practice. While the actual exam questions are difficult, there are no ambiguous answers to questions. Only one answer is correct.

• Do not spend your time solving issues that are ambiguous or have no right answer. Those situations are not likely to be tested. Your colleagues correctly answer the exam questions more than 50% of the time. The test developers remove questions that are not clear or are frequently answered incorrectly from the bank of questions.

• As you move through your studies, re-evaluate your progress.

- Start each study session with a review of the previous work.

- Did you improve your assessment score? Did you mitigate one threat to your success?

- Seek root statements. Identify those items that unconditionally express a key security principle.

o “Sometimes” or “usually” suggest conditions. Unless the conditions are identified, it would be difficult to write a question with one answer.

- Don’t memorize the facts, but apply the facts to a scene, so that you see it as security practice.

• The exam is testing your experience and your knowledge of practices as conducted by other security professionals. This exam is not simply book learning.

21

CPP Study Session ConceptHow Should You Think?


• Your Fellow CPP Study Candidates

• CPP Facilitators

• Chapter CPP Prep Chairman– Steve Perkins, 910-229-1329

• Chapter Chairman– Ricky Davis, 910-578-4102 (?)

22

CPP Study Session ConceptWho Should You Call for Help?


• Your CPP Facilitators- Steve Perkins, CPP … [email protected] … 910-229-1329

- Darryl DeCotis, CPP … [email protected] … 919-630-5753 cell

- Geary Chlebus, CPP … [email protected] … 910-670-2055 cell

- Al Kittredge, CPP … [email protected] … 910-624-3457 cell

- Dan Brand, CPP … [email protected] … 910-797-3778 cell

- John Wolf, CPP … [email protected] … office: (919) 407-4661;

cell: (910) 922-4392

- Dan Jutson, CISSP … [email protected] … 910-570-5268

- Barry Watkins, CPP … [email protected] …

23

CPP Study Session ConceptWho Should You Call for Help?



Documents

CHAPTER CPP STUDY SESSION