Physical Security Assessment (34%)
|
|
Develop a physical security assessment plan. |
Knowledge of:
-
Key area or critical asset identification
-
Risk assessment models and considerations (e.g., insideoutward, outside-inward, site-specific risk assessment, functional approach)
-
Qualitative and quantitative assessment methods
-
Types of resources & guidelines needed for the assessment (e.g., stakeholders, budget, equipment, policies, standards)
|
|
Identify assets to determine their value, critically, and loss impact |
Knowledge of:
-
Definitions and terminology related to assets, value, loss impact, and criticality
-
The nature and types of assets (tangible and intangible)
-
How to determine value for various types of assets and business operations
|
|
Assess the nature of the threats and hazards so that the risk can be determined. |
Knowledge of:
-
The nature, types, severity, and likelihood of threats and hazards (e.g., natural disasters, cyber, criminal events, terrorism, sociopolitical, cultural)
-
Operating environment (e.g., geography, socioeconomic environment, criminal activity, existing security countermeasures, security risk level)
-
Potential impact of external organizations (e.g., competitors, organizations in immediate proximity) on facility’s security program
-
Other internal and external factors (e.g., legal, loss of reputation, economic, supply chain) and their impact on the facility’s security program
|
|
Conduct an assessment to identify and quantify vulnerabilities of the organization. |
Knowledge of:
-
Relevant data and methods for collection (e.g., security survey, interviews, incident reports, crime statistics, personnel issues, benchmarking)
-
Effectiveness of current security technologies/equipment, personnel, and procedures
-
Evaluation of building plans, drawings, and schematics
-
Applicable standards/regulations/codes and where to find them
-
Environmental factors and conditions (e.g., facility location, architectural barriers, lighting, entrances) that impact physical security
|
|
Perform a risk analysis to develop countermeasures. |
Knowledge of:
-
Risk analysis strategies and methods
-
Risk management principles
-
Analysis and interpretation of collected data
-
Threat/hazard and vulnerability identification
-
Loss event profile analyses (e.g., consequences)
-
Appropriate countermeasures related to specific risks
-
Cost benefit analysis (e.g., return on investment (ROI), total cost of ownership)
-
Legal and regulatory considerations related to various countermeasures/security applications (e.g., video surveillance, privacy issues, personally identifiable information, life safety)
|
Application, Design, and Integration of Physical Security Systems (35%)
|
|
Establish security program performance requirements. |
Knowledge of:
-
Design constraints (e.g., regulations, budget, materials, system compatibility)
-
Incorporation of risk analysis results in design
-
Relevant security terminology (e.g., punch list, field test)
-
Relevant security concepts (e.g., CPTED, defense-in-depth, the 4 Ds- deter, detect, delay, deny)
-
Applicable codes, standards, and guidelines
-
Operational requirements (e.g., policies, procedures, staffing)
-
Functional requirements (e.g., system capabilities, features, fault tolerance)
-
Performance requirements (e.g., technical capability, systems design capacities)
-
Success metrics
|
|
Determine appropriate physical security Countermeasures. |
Knowledge of:
-
Structural security measures (e.g., barriers, lighting, locks, blast mitigation, ballistic protection)
-
Crime prevention through environmental design (CPTED)
-
Electronic security systems (e.g., access control, video surveillance, intrusion detection)
-
Security staffing (e.g., officers, technicians, management, administration)
-
Personnel, package, and vehicle screening
-
Emergency notification systems (e.g., mass notifications, public address, two-way intercom)
-
Principles of data storage and management (e.g., cloud, onpremise, redundancy, retention, user permissions, personally identifiable information, regulatory requirements)
-
Principles of network infrastructure and physical network security (e.g., token ring, LAN/WAN, VPN, DHCP vs. static, TCP/IP)
-
Security audio communications (e.g., radio, telephone, intercom)
-
Systems monitoring and display (e.g., control centers/consoles, central monitoring station)
-
Primary and backup power sources (e.g., grid, battery, UPS, generators, alternative/renewable)
-
Signal and data transmission methods (e.g., copper, fiber, wireless)
-
Visitor and vendor management policies
|
|
Design physical security systems and project documentation. |
Knowledge of:
-
Design phases (e.g., pre-design, schematic, development, construction, documentation)
-
Design elements (e.g., calculations, drawings, specifications, review, technical data)
-
Construction specification standards (e.g., Constructions Specifications Institute, Owner’s equipment standards, American Institute of Architects (AIA) MasterSpec)
-
Systems integration
-
Project management concepts
-
Scheduling (e.g., Gantt charts, PERT charts, milestones, objectives
-
Cost estimation and cost-benefit analysis of design options (e.g., value engineering)
|
Implementation of Physical Security Measures (31%)
|
|
Outline criteria for pre-bid meeting. |
Knowledge of:
-
Bid process (e.g., site visits, RFI, substitution requests, pre-bid meeting)
-
Bid package types (e.g., RFP, RFQ, IFB, sole source)
-
Bid package components (e.g., project timelines, costs, personnel, documentation, scope of work)
-
Criteria for evaluation of bids (e.g., cost, experience, scheduling, certification, resources)
-
Technical compliance criteria
-
Ethics in contracting
|
|
Develop procurement plan for goods and services. |
Knowledge of:
-
Vendor evaluation and selection (e.g., interviews, due diligence, reference checks)
-
Project management functions and processes
-
Procurement process
|
|
Manage implementation of goods and services. |
Knowledge of:
-
Installation and inspection techniques
-
Systems integrations
-
Commissioning
-
Installation problem resolution (e.g., punch lists)
-
Systems configuration management (e.g., as-built drawings)
-
Final acceptance testing criteria (e.g., system acceptance testing, factory acceptance testing)
-
End-user training requirements
|
|
Develop requirements for personnel involved in support of the security program. |
Knowledge of:
-
Roles, responsibilities, and limitations of security personnel (including proprietary [in-house] and contract security staff)
-
Human resource management (e.g., establishing KPIs, performance review, improvement processes, recruiting, onboarding, progressive discipline)
-
Security personnel professional development (e.g., training, certification)
-
General, post, and special orders
-
Security personnel uniforms and equipment
-
Security awareness training and education for non-security personnel
|
|
Monitor and evaluate program throughout the system life cycle. |
Knowledge of:
-
Maintenance of systems and hardware (e.g., preventative, corrective, upgrades, calibration, service agreements)
-
Warranty types (e.g., manufacturer, installation, replacement parts, extended)
-
Ongoing system training (e.g., system upgrades, manufacturer’s certification)
-
System evaluation and replacement process
|
Use this quick start guide to collect all the information about ASIS PSP Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the ASIS Physical Security Professional (PSP) exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual ASIS Physical Security Professional (PSP) certification exam.