1: Plan, develop, implement, and manage the organization’s security program to protect the organization’s assets. Knowledge of:

• Principles of planning, organization, and control

• Security theory, techniques, and processes (e.g., artificial intelligence, IoT)

• Security industry standards (e.g., ASIS/ISO)

• Continuous assessment and improvement processes

• Cross-functional organizational collaboration

• Enterprise Security Risk Management (ESRM)

2: Develop, manage, or conduct the security risk assessment process. Knowledge of:

• Quantitative and qualitative risk assessments

• Vulnerability, threat, and impact assessments

• Potential security threats (e.g., “all hazards,” criminal activity, terrorism, consequential)

3: Evaluate methods to improve the security program on a continuous basis through the use of auditing, review, and assessment. Knowledge of:

• Cost-benefit analysis methods

• Risk management strategies (e.g., avoid, assume/accept, transfer, spread)

• Risk mitigation techniques (e.g., technology, personnel, process, facility design)

• Data collection and trend analysis techniques

4: Develop and manage professional relationships with external organizations to achieve security objectives. Knowledge of:

• Roles and responsibilities of external organization and agencies

• Methods for creating effective working relationships

• Techniques and protocols of liaison

• Local and national public/private partnerships

5: Develop, implement, and manage workforce security awareness programs to achieve organizational goals and objectives. Knowledge of:

• Training methodologies

• Communication strategies, techniques, and methods

• Awareness program objectives and program metrics

• Elements of a security awareness program (e.g., roles and responsibilities, physical risk, communication risk, privacy)

1: Develop and manage budgets and financial controls to achieve fiscal responsibility. Knowledge of:

• Principles of management accounting, control, audits, and fiduciary responsibility

• Business finance principles and financial reporting

• Return on Investment (ROI) analysis

• The life cycle for budget planning purposes

2: Develop, implement, and manage policies, procedures, plans, and directives to achieve organizational objectives. Knowledge of:

• Principles and techniques of policy/procedures development

• Communication strategies, methods, and techniques

• Training strategies, methods, and techniques

• Cross-functional collaboration

• Relevant laws and regulations

3: Develop procedures/techniques to measure and improve organizational productivity. Knowledge of:

• Techniques for quantifying productivity/metrics/key performance indicators (KPI)

• Data analysis techniques and cost-benefit analysis

• Improvement techniques (e.g., pilot/beta testing programs, education, training)

4: Develop, implement, and manage security staffing processes and personnel development programs in order to achieve organizational objectives. Knowledge of:

• Interview techniques for staffing

• Candidate selection and evaluation techniques

• Job analysis processes

• Pre-employment background screening

• Principles of performance evaluations, 360 reviews, and coaching/mentoring

• Interpersonal and feedback techniques

• Training strategies, methodologies, and resources

• Retention strategies and methodologies

• Talent management and succession planning

5: Monitor and ensure an acceptable ethical climate in accordance with regulatory requirements and organizational culture. Knowledge of:

• Governance standards

• Guidelines for individual and corporate behavior

• Generally accepted ethical principles

• Confidential information protection techniques and methods

• Legal and regulatory compliance

6: Develop performance requirements and contractual terms for security vendors/suppliers. Knowledge of:

• Key concepts in the preparation of requests for proposals and bid reviews/evaluations

• Service Level Agreement (SLA) terms, metrics, and reporting

• Contract law, indemnification, and liability insurance principles

• Monitoring processes to ensure that organizational needs and contractual requirements are being met

1: Identify, develop, implement, and manage investigative operations. Knowledge of:

• Principles and techniques of policy and procedure development

• Organizational objectives and cross-functional collaboration

• Types of investigations (e.g., incident, misconduct, compliance, due diligence)

• Internal and external resources to support investigative functions

• Report preparation for internal/external purposes and legal proceedings

• Laws pertaining to developing and managing investigative programs

2:Manage or conduct the collection, preservation, and disposition of evidence to support investigative actions. Knowledge of:

• Protection/preservation of crime scene

• Evidence collection techniques

• Requirements of chain of custody

• Methods for preservation/disposition of evidence

• Laws pertaining to the collection, preservation, and disposition of evidence

3:Manage or conduct surveillance processes. Knowledge of:

• Surveillance and counter-surveillance techniques

• Technology/equipment and personnel to conduct surveillance (e.g., Unmanned Aircraft Systems (UAS), robotics)

• Laws pertaining to managing surveillance processes

4:Manage and conduct investigations requiring specialized tools, techniques, and resources. Knowledge of:

• Financial and fraud related crimes

• Intellectual property and espionage crimes

• Crimes against property (e.g., arson, vandalism, theft, sabotage)

• Cybercrimes (e.g., distributed denial of service (DDoS), phishing, ransomware)

• Crimes against persons (e.g., workplace violence, human trafficking, harassment)

5:Manage or conduct investigative interviews. Knowledge of:

• Interview and interrogation techniques

• Techniques for detecting deception

• Non-verbal communication and cultural considerations

• Rights of interviewees

• Required components of written statements

• Legal considerations pertaining to managing investigative interviews

6:Provide support to legal counsel in actual or potential criminal or civil proceedings. Knowledge of:

• Statutes, regulations, and case law governing or affecting the security industry and the protection of people, property, and information

• Criminal law and procedures

• Civil law and procedures

• Employment law (e.g., confidential information, wrongful termination, discrimination, harassment)

1:Develop, implement, and manage background investigation processes for hiring, promotion, and retention of individuals. Knowledge of:

• Background investigations and personnel screening techniques

• Quality and types of information sources (e.g., open source, social media, government databases, credit reports)

• Screening policies and guidelines

• Laws and regulations pertaining to personnel screening

2:Develop, implement, manage, and evaluate policies and procedures to protect individuals in the workplace against human threats (e.g., harassment, violence, active assailant). Knowledge of:

• Protection techniques and methods

• Threat assessment

• Prevention, intervention, and response tactics

• Educational and awareness program design and implementation

• Travel security (e.g., flight planning, global threats, consulate services, route selection, contingency planning)

• Industry/labor regulations and applicable laws

• Organizational efforts to reduce employee substance abuse

3:Develop, implement, and manage executive protection programs. Knowledge of:

• Executive protection techniques and methods

• Threat analysis

• Liaison and resource management techniques

• Selection, costs, and effectiveness of proprietary and contract executive protection personnel

1:Conduct facility surveys to determine the current status of physical security. Knowledge of:

• Security protection equipment and personnel (e.g., Unmanned Aircraft Systems (UAS), robotics)

• Survey techniques (e.g., document review, checklist, onsite visit, stakeholder interviews)

• Building plans, drawings, and schematics

• Risk assessment techniques

• Gap analysis

2:Select, implement, and manage physical security strategies to mitigate security risks. Knowledge of:

• Fundamentals of security system design

• Countermeasures (e.g., policies, technology, procedures)

• Budgetary projection development process (e.g., technology, hardware, labor)

• Bid package development and evaluation process

• Vendor qualification and selection process

• Testing procedures and final acceptance (e.g., commissioning, factory acceptance test)

• Project management techniques

• Cost-benefit analysis techniques

• Labor-technology relationship

3: Assess the effectiveness of physical security measures by testing and monitoring. Knowledge of:

• Protection personnel, hardware, technology, and processes

• Audit and testing techniques (e.g., operation testing)

• Predictive, preventive, and corrective maintenance

1:Conduct surveys to evaluate the current status of information security programs. Knowledge of:

• Survey techniques

• Quantitative and qualitative risk assessments

• Risk mitigation strategies (e.g., technology, personnel, process, facility design)

• Cost-benefit analysis methods

• Protection technology, security threats equipment, and procedures (e.g., interoperability)

• Information security threats

• Integration of facility and system plans, drawings, and schematics

2:Develop policies and procedures to ensure information is evaluated and protected against vulnerabilities and threats. Knowledge of:

• Principles of information security management

• Information security theory and terminology

• Information security industry standards (e.g., ISO, PII, PCI)

• Laws and regulations regarding records management including collection, retention, legal holds, and disposition practices (e.g., General Data Protection Regulation (GDPR), biometric information)

• Practices to protect proprietary information and intellectual property

• Information protection measures including security processes, physical access systems, and data management

3:Implement and manage an integrated information security program. Knowledge of:

• Information security including confidentiality, integrity, and availability

• Information security systems methodology

• Authentication techniques (e.g., multi-factor, biometrics)

• Continuous evaluation and improvement programs

• Ethical hacking and penetration testing techniques and practices

• Encryption and data masking techniques (e.g., cryptography)

• Systems integration techniques (e.g., interoperability, licensing, networking)

• Cost-benefit analysis methodology

• Project management techniques

• Budget review process (e.g., system development lifecycle)

• Vendor evaluation and selection process

• Final acceptance and testing procedures

• Protection technology and forensic investigations

• Training and awareness programs to mitigate threats and vulnerabilities (e.g., phishing, social engineering, ransomware, insider threats)