CPP Exam Information and Guideline
Certified Protection Professional
Below are complete topics detail with latest syllabus and course outline, that will help you good knowledge about exam objectives and topics that you have to prepare. These contents are covered in questions and answers pool of exam.
Exam : CPP
Exam Name : Certified Protection Professional (ASIS)
Quesitons : 225
Scored Questions : 200
Unscored : 25
Duration : 4 hrs
Security Fundamentals (35%)
TASK 1: Implement and coordinate the organizations security program(s) to protect the organizations assets Knowledge of
1. Security theory and terminology
2. Project management techniques
3. Security industry standards
4. Protection techniques and methods
5. Security program and procedures assessment
6. Security principles of planning, organization, and control
TASK 2: Implement methods to improve the security program on a continuous basis through the use of auditing, review, and assessment Knowledge of
1. Data collection and intelligence analysis techniques
2. Continuous assessment and improvement processes
3. Audit and testing techniques
TASK 3: Develop and coordinate external relations programs with public sector law enforcement or other external organizations to achieve security objectives Knowledge of
1. Roles and responsibilities of external organizations and agencies
1. Local, national, and international public/private partnerships
2. Methods for creating effective working relationships
TASK 4: Develop, implement, and coordinate employee security awareness programs Knowledge of
1. The nature of verbal and non-verbal communication and cultural considerations
2. Security industry standards
3. Training methodologies
4. Communication strategies, techniques, and methods
5. Security awareness program objectives and metrics
TASK 5: Implement and/or coordinate an investigative program
Knowledge of
1. Report preparation for internal purposes and legal proceedings
2. Components of investigative processes
3. Types of investigations (e.g., incident, misconduct, compliance)
4. Internal and external resources to support investigative functions
TASK 6: Provide coordination, assistance, and evidence such as documentation and testimony to support legal proceedings
Knowledge of
1. Required components of effective documentation (e.g., legal, employee, procedural, policy, compliance)
2. Evidence collection and protection techniques
3. Relevant laws and regulations regarding records management, retention, legal holds, and destruction practices (Note: No countryspecific laws will be on the APP exam)
TASK 7: Conduct background investigations for hiring, promotion, and/or retention of individuals
Knowledge of
1. Background investigations and personnel screening techniques
2. Quality and types of information and data sources
3. Criminal, civil, and employment law and procedures
TASK 8: Develop, implement, coordinate, and evaluate policies, procedures, programs and methods to protect individuals in the workplace against human threats (e.g., harassment, violence)
Knowledge of
1. Principles and techniques of policy and procedure development
2. Protection personnel, technology, and processes
3. Regulations and standards governing or affecting the security industry and the protection of people, property, and information
4. Educational and awareness program design and implementation
TASK 9: Conduct and/or coordinate an executive/personnel protection program
Knowledge of
1. Travel security program components
2. Executive/personnel protection program components
3. Protection personnel, technology, and processes
TASK 10: Develop and/or maintain a physical security program for an organizational asset
Knowledge of
1. Resource management techniques
2. Preventive and corrective maintenance for systems
3. Physical security protection equipment, technology, and personnel
4. Security theory, techniques, and processes
5. Fundamentals of security system design
TASK 11: Recommend, implement, and coordinate physical security controls to mitigate security risks
Knowledge of
1. Risk mitigation techniques (e.g., technology, personnel, process, facility design, infrastructure)
2. Physical security protection equipment, technology, and personnel
3. Security survey techniques
TASK 12: Evaluate and integrate technology into security program to meet organizational goals
Knowledge of
1. Surveillance techniques and technology
2. Integration of technology and personnel
3. Plans, drawings, and schematics
4. Information security theory and systems methodology
TASK 13: Coordinate and implement security policies that contribute to an information security program
Knowledge of
1. Practices to protect proprietary information and intellectual property
2. Information protection technology, investigations, and procedures
3. Information security program components (e.g., asset protection, physical security, procedural security, information systems security, employee awareness, and information destruction and recovery capabilities)
4. Information security threats
DOMAIN TWO
Business Operations (22%)
TASK 1: Propose budgets and implement financial controls to ensure fiscal responsibility
Knowledge of
1. Data analysis techniques and cost-benefit analysis
2. Principles of business management accounting, control, and audits
3. Return on Investment (ROI) analysis
4. Fundamental business finance principles and financial reporting
5. Budget planning process
6. Required components of effective documentation (e.g., budget, balance sheet, vendor work order, contracts)
TASK 2: Implement security policies, procedures, plans, and directives to achieve organizational objectives
Knowledge of
1. Principles and techniques of policy/procedure development
2. Guidelines for individual and corporate behavior
3. Improvement techniques (e.g., pilot programs, education, and training)
TASK 3: Develop procedures/techniques to measure and improve departmental productivity
Knowledge of
1. Communication strategies, methods, and techniques
2. Techniques for quantifying productivity/metrics/key performance indicators (KPI)
3. Project management fundamentals tools and techniques
4. Principles of performance evaluations, 360 reviews, and coaching
TASK 4: Develop, implement, and coordinate security staffing processes and personnel development programs in order to achieve organizational objectives
Knowledge of
1. Retention strategies and methodologies
2. Job analysis processes
3. Cross-functional collaboration
4. Training strategies, methods, and techniques
5. Talent management and succession planning
6. Selection, evaluation, and interview techniques for staffing
TASK 5: Monitor and ensure a sound ethical culture in accordance with regulatory requirements and organizational objectives
Knowledge of
1. Interpersonal communications and feedback techniques
2. Relevant laws and regulations
3. Governance and compliance standards
4. Generally accepted ethical principles
5. Guidelines for individual and corporate behavior
TASK 6: Provide advice and assistance in developing key performance indicators and negotiate contractual terms for security vendors/suppliers
Knowledge of
1. Confidential information protection techniques and methods
2. Relevant laws and regulations
3. Key concepts in the preparation of requests for proposals and bid reviews/evaluations
4. Service Level Agreements (SLA) definition, measurement and reporting
5. Contract law, indemnification, and liability insurance principles
6. Monitoring processes to ensure that organizational needs and contractual requirements are being met
7. Vendor qualification and selection process
DOMAIN THREE
Risk Management (25%)
TASK 1: Conduct initial and ongoing risk assessment processes
Knowledge of
1. Risk management strategies (e.g., avoid, assume/accept, transfer, mitigate)
2. Risk management and business impact analysis methodology
3. Risk management theory and terminology (e.g., threats, likelihood, vulnerability, impact)
TASK 2: Assess and prioritize threats to address potential consequences of incidents
Knowledge of
1. Potential threats to an organization
2. Holistic approach to assessing all-hazard threats
3. Techniques, tools, and resources related to internal and external threats
TASK 3: Prepare, plan, and communicate how the organization will identify, classify, and address risks
Knowledge of
1. Risk management compliance testing (e.g., program audit, internal controls, selfassessment)
2. Quantitative and qualitative risk assessments
3. Risk management standards
4. Vulnerability, threat, and impact assessments
TASK 4: Implement and/or coordinate recommended countermeasures for new risk treatment strategies
Knowledge of
1. Countermeasures
2. Mitigation techniques
3. Cost-benefit analysis methods for risk treatment strategies
TASK 5: Establish a business continuity or continuity of operations plan (COOP)
Knowledge of
1. Business continuity standards
2. Emergency planning techniques
3. Risk analysis
4. Gap analysis
TASK 6: Ensure pre-incident resource planning (e.g., mutual aid agreements, table-top exercises)
Knowledge of
1. Data collection and trend analysis techniques
2. Techniques, tools, and resources related to internal and external threats
3. Quality and types of information and data sources
4. Holistic approach to assessing all-hazard threats
DOMAIN FOUR
Response Management (18%)
TASK 1: Respond to and manage an incident using best practices
Knowledge of
1. Primary roles and duties in an incident command structure
2. Emergency operations center (EOC) management principles and practices
TASK 2: Coordinate the recovery and resumption of operations following an incident
Knowledge of
1. Recovery assistance resources
2. Mitigation opportunities during response and recovery processes
TASK 3: Conduct a post-incident review Knowledge of
1. Mitigation opportunities during response and recovery processes
2. Post-incident review techniques
TASK 4: Implement contingency plans for common types of incidents (e.g., bomb threat, active shooter, natural disasters)
Knowledge of
1. Short- and long-term recovery strategies
2. Incident management systems and protocols
TASK 5: Identify vulnerabilities and coordinate additional countermeasures for an asset in a degraded state following an incident
Knowledge of
1. Triage/prioritization and damage assessment techniques
2. Prevention, intervention, and response
tactics
TASK 6: Assess and prioritize threats to mitigate consequences of incidents
Knowledge of
1. Triage/prioritization and damage assessment techniques
2. Resource management techniques
TASK 7: Coordinate and assist with evidence
collection for post-incident review (e.g., documentation, testimony)
Knowledge of
1. Communication techniques and notification protocols
2. Communication techniques and protocols of liaison
TASK 8: Coordinate with emergency services during incident response
Knowledge of
1. Emergency operations center (EOC) concepts and design
2. Emergency operations center (EOC) management principles and practices
3. Communication techniques and protocols of liaison
TASK 9: Monitor the response effectiveness to incident(s)
Knowledge of
1. Post-incident review techniques
2. Incident management systems and protocols
TASK 10: Communicate regular status updates to leadership and other key stakeholders throughout incident
Knowledge of
1. Communication techniques and protocols of liaison
2. Communication techniques and notification protocols
TASK 11: Monitor and audit the plan of how the organization will respond to incidents
Knowledge of
1. Training and exercise techniques
2. Post-incident review techniques
Security Principles and Practices (21%)
TASK 1: Plan, develop, implement, and manage the organizations security program to protect the organizations assets.
Knowledge of
1. Principles of planning, organization, and control
2. Security theory, techniques, and processes
3. Security industry standards
4. Continuous assessment and improvement processes
5. Cross-functional organizational collaboration
TASK 2: Develop, manage, or conduct the security risk assessment process.
Knowledge of
1. Quantitative and qualitative risk assessments
2. Vulnerability, threat, and impact assessments
3. Potential security threats (e.g., all hazards, criminal activity)
TASK 3: Evaluate methods to improve the security program on a continuous basis through the use of auditing, review, and assessment.
Knowledge of
1. Cost-benefit analysis methods
2. Risk management strategies (e.g., avoid, assume/accept, transfer, spread)
3. Risk mitigation techniques (e.g., technology, personnel, process, facility design)
4. Data collection and trend analysis techniques
TASK 4: Develop and manage external relations programs with public sector law enforcement or other external organizations to achieve security objectives.
Knowledge of
1. Roles and responsibilities of external organization and agencies
2. Methods for creating effective working relationships
3. Techniques and protocols of liaison
4. Local and national public/private partnerships
TASK 5: Develop, implement, and manage employee security awareness programs to achieve organizational goals and objectives.
Knowledge of
1. Training methodologies
2. Communication strategies, techniques, and methods
3. Awareness program objectives and program metrics
4. Elements of a security awareness program (e.g., roles and responsibilities, physical risk, communication risk, privacy)
DOMAIN TWO
Business Principles and Practices (13%)
TASK 1: Develop and manage budgets and financial controls to achieve fiscal responsibility.
Knowledge of
1. Principles of management accounting, control, and audits
2. Business finance principles and financial reporting
3. Return on Investment (ROI) analysis
4. The lifecycle for budget planning purposes
TASK 2: Develop, implement, and manage policies, procedures, plans, and directives to achieve organizational objectives.
Knowledge of
6. Principles and techniques of policy/procedures development
7. Communication strategies, methods, and techniques
8. Training strategies, methods, and techniques
9. Cross-functional collaboration
10. Relevant laws and regulations
TASK 3: Develop procedures/techniques to measure and improve organizational productivity.
Knowledge of
1. Techniques for quantifying productivity/metrics/key performance indicators (KPI)
2. Data analysis techniques and cost-benefit analysis
3. Improvement techniques (e.g., pilot programs, education and training)
TASK 4: Develop, implement, and manage security staffing processes and personnel development programs in order to achieve organizational objectives.
Knowledge of
1. Interview techniques for staffing
2. Candidate selection and evaluation techniques
3. Job analysis processes
4. Pre-employment background screening
5. Principles of performance evaluations, 360 reviews, and coaching
6. Interpersonal and feedback techniques
7. Training strategies, methodologies, and resources
8. Retention strategies and methodologies
9. Talent management and succession planning
TASK 5: Monitor and ensure a sound ethical climate in accordance with regulatory requirements and the organizations directives and standards to support and promote proper business practices.
Knowledge of
1. Good governance standards
2. Guidelines for individual and corporate behavior
3. Generally accepted ethical principles
4. Confidential information protection techniques and methods
5. Legal and regulatory compliance
TASK 6: Provide advice and assistance to management and others in developing performance requirements and contractual terms for security vendors/suppliers.
Knowledge of
1. Key concepts in the preparation of requests for proposals and bid reviews/evaluations
2. Service Level Agreements (SLA) definition, measurement, and reporting
3. Contract law, indemnification, and liability insurance principles
4. Monitoring processes to ensure that organizational needs and contractual requirements are being met
DOMAIN THREE
Investigations (10%)
TASK 1: Identify, develop, implement, and manage investigative functions.
Knowledge of
1. Principles and techniques of policy and procedure development
2. Organizational objectives and crossfunctional collaboration
3. Types of investigations (e.g., incident, misconduct, compliance)
4. Internal and external resources to support investigative functions
5. Report preparation for internal purposes and legal proceedings
6. Laws pertaining to developing and managing investigative programs
TASK 2: Manage or conduct the collection and preservation of evidence to support investigation actions.
Knowledge of
1. Evidence collection techniques
2. Protection/preservation of crime scene
3. Requirements of chain of custody
4. Methods for preservation of evidence
5. Laws pertaining to the collection and preservation of evidence
TASK 3: Manage or conduct surveillance processes.
Knowledge of
1. Surveillance techniques
2. Technology/equipment and personnel to conduct surveillance
3. Laws pertaining to managing surveillance processes
TASK 4: Manage and conduct investigations requiring specialized tools, techniques, and resources.
Knowledge of
1. Financial and fraud related crimes
2. Intellectual property and industrial espionage crimes
3. Arson and property crimes
4. Cybercrimes
TASK 5: Manage or conduct investigative interviews.
Knowledge of
1. Methods and techniques of eliciting information
2. Techniques for detecting deception
3. The nature of non-verbal communication and cultural considerations
4. Rights of interviewees
5. Required components of written statements
6. Laws pertaining to managing investigative interviews
TASK 6: Provide coordination, assistance, and evidence such as documentation and testimony to support legal counsel in actual or potential criminal and/or civil proceedings.
Knowledge of
1. Statutes, regulations, and case law governing or affecting the security industry and the protection of people, property, and information
2. Criminal law and procedures
3. Civil law and procedures
4. Employment law (e.g., wrongful termination, discrimination, and harassment)
DOMAIN FOUR
Personnel Security (12%)
TASK 1: Develop, implement, and manage background investigations for hiring, promotion, or retention of individuals.
Knowledge of
1. Background investigations and personnel screening techniques
2. Quality and types of information sources
3. Screening policies and guidelines
4. Laws and regulations pertaining to personnel screening
TASK 2: Develop, implement, manage, and evaluate policies, procedures, programs, and methods to protect individuals in the workplace against human threats (e.g., harassment, violence).
Knowledge of
1. Protection techniques and methods
2. Threat assessment
3. Prevention, intervention and response tactics
4. Educational and awareness program design and implementation
5. Travel security program
6. Laws, government, and labor regulations
7. Organizational efforts to reduce employee substance abuse
TASK 3: Develop, implement, and manage executive protection programs.
Knowledge of
1. Executive protection techniques and methods
2. Risk analysis
3. Liaison and resource management techniques
4. Selection, costs, and effectiveness of proprietary and contract executive protection personnel
DOMAIN FIVE
Physical Security (25%)
TASK 1: Conduct facility surveys to determine the current status of physical security.
Knowledge of
1. Security protection equipment and personnel
2. Survey techniques
3. Building plans, drawings, and schematics
4. Risk assessment techniques
5. Gap analysis
TASK 2: Select, implement, and manage physical security strategies to mitigate security risks.
Knowledge of
1. Fundamentals of security system design
2. Countermeasures
3. Budgetary projection development process
4. Bid package development and evaluation process
5. Vendor qualification and selection process
6. Final acceptance and testing procedures
7. Project management techniques
8. Cost-benefit analysis techniques
9. Labor-technology relationship
TASK 3: Assess the effectiveness of physical security measures by testing and monitoring.
Knowledge of
1. Protection personnel, technology, and processes
2. Audit and testing techniques
3. Preventive and corrective maintenance for systems
DOMAIN SIX
Information Security (9%)
TASK 1: Conduct surveys of information asset facilities, processes, systems, and services to evaluate current status of information security program.
Knowledge of
1. Elements of an information security program, including physical security, procedural security, information systems security, employee awareness, and information destruction and recovery capabilities
2. Survey techniques
3. Quantitative and qualitative risk assessments
4. Risk mitigation strategies (e.g., technology, personnel, process, facility design)
5. Cost-benefit analysis methods
6. Protection technology, equipment, and procedures
7. Information security threats
8. Building and system plans, drawings, and schematics
TASK 2: Develop and implement policies and procedures to ensure information is evaluated and protected against all forms of unauthorized/inadvertent access, use, disclosure, modification, destruction, or denial.
Knowledge of
1. Principles of management
2. Information security theory and terminology
3. Information security industry standards (e.g., ISO, PII, PCI)
4. Relevant laws and regulations regarding records management, retention, legal holds, and destruction practices
5. Practices to protect proprietary information and intellectual property
6. Protection measures, equipment, and techniques; including information security processes, systems for physical access, data control, management, and information destruction
TASK 3: Develop and manage a program of integrated security controls and safeguards to ensure information asset protection including confidentiality, integrity, and availability.
Knowledge of
1. Elements of information asset protection including confidentiality, integrity, and availability, authentication, accountability, and audit ability of sensitive information; and associated information technology resources, assets, and investigations
2. Information security theory and systems methodology
3. Multi-factor authentication techniques
4. Threats and vulnerabilities assessment and mitigation
5. Ethical hacking and penetration testing techniques and practices
6. Encryption and data masking techniques
7. Systems integration techniques
8. Cost-benefit analysis methodology
9. Project management techniques
10. Budget development process
11. Vendor evaluation and selection process
12. Final acceptance and testing procedures, information systems, assessment, and security program documentation
13. Protection technology, investigations, and procedures
14. Training and awareness methodologies and procedures
DOMAIN SEVEN
Crisis Management (10%)
TASK 1: Assess and prioritize threats to mitigate potential consequences of incidents.
Knowledge of
1. Threats by type, likelihood of occurrence, and consequences
2. “All hazards” approach to assessing threats
3. Cost-benefit analysis
4. Mitigation strategies
5. Risk management and business impact analysis methodology
6. Business continuity standards (e.g., ISO 22301)
TASK 2: Prepare and plan how the organization will respond to incidents.
Knowledge of
1. Resource management techniques
2. Emergency planning techniques
3. Triage and damage assessment techniques
4. Communication techniques and notification protocols
5. Training and exercise techniques
6. Emergency operations center (EOC) concepts and design
7. Primary roles and duties in an incident command structure
TASK 3: Respond to and manage an incident.
Knowledge of
1. Resource management techniques
2. EOC management principles and practices
3. Incident management systems and protocols
TASK 4: Recover from incidents by
Case Management (35%)
TASK 1: Analyze case for applicable ethical conflicts.
Knowledge of
1. Nature/types/categories of ethical issues related to cases (fiduciary, conflict of interest, attorney-client)
2. The role of laws, codes, regulations and organizational governance in conducting investigations
TASK 2: Analyze and assess case elements, strategies and risks.
Knowledge of
1. Case categories (computer, white collar, financial, criminal, workplace violence)
2. Qualitative and quantitative analytical methods and tools
3. Strategic/operational analysis
4. Criminal intelligence analysis
5. Risk identification and impact
6. ASIS Workplace Violence standard
TASK 3: Determine investigative goals and develop strategy by reviewing procedural options.
Knowledge of
1. Case flow
2. Negotiation process
3. Investigative methods
4. Cost-benefit analysis
TASK 4: Determine and manage investigative resources necessary to address case objectives.
Knowledge of
1. Quality assurance process
2. Chain of custody procedures
3. Resource requirements and allocation (e.g., personnel, equipment, time, budget)
TASK 5: Identify, evaluate and implement investigative process improvement opportunities.
Knowledge of
1. Internal review (e.g., management, legal, human resources)
2. External review (e.g., regulatory bodies, accreditation agency)
3. Liaison resources
4. Root cause analysis and process improvement techniques