CERTIFIED PROTECTION PROFESSIONAL (CPP) - PowerPoint Presentation

1. CERTIFIED PROTECTION PROFESSIONAL (CPP)Certification Examination ReviewDennis Shepp, CPPOctober 2017

2. Crisis ManagementInformation SecurityPhysical SecurityPersonnel Security– Investigations Business Principles & Practices Security Principles & Practices DOMAIN 1 – Security Principles & Practices (21%)DOMAIN 2 – Business Principles & Practices (13%)DOMAIN 3 – Investigations (10%)DOMAIN 4 – Personnel Security (12%)DOMAIN 5 – Physical Security (25%)DOMAIN 6 – Information Security (9%)DOMAIN 7 – Crisis Management (10%)SUBJECTS(DOMAINS)CERTIFIED PROTECTION PROFESSIONAL (CPP)Certification Examination Review

3. CERTIFIED PROTECTION PROFESSIONAL (CPP)Certification Examination ReviewDennis Shepp, CPPDOMAIN 2 – Business Principles & Practices (13%)October 20172DOMAIN

4. Task 02/01 Develop and manage budgets and financial controls to achieve fiscal responsibilityTask 02/02 Develop, implement, and manage policies, procedures, plans, and directives to achieve organizational objectivesTask 02/03 Develop procedures/ techniques to measure and improve organizational productivityTask 02/04 Develop, implement, and manage security staffing processes and personnel development programs in order to achieve organizational objectives

5. Task 02/05 Monitor and ensure a sound ethical climate in accordance with regulatory requirements and the organization’s directives and standards to support and promote proper business practicesTask 02/06 Provide advice and assistance to management and others in developing performance requirements and contractual terms for security vendors/suppliers

6. Task 02/01 Develop and manage budgets and financial controls to achieve fiscal responsibility

7. Knowledge of:02/01/01 Principles of management accounting, control, and audits02/01/02 Business finance principles and financial reporting02/01/03 Return on Investment (ROI) analysis02/01/04 The lifecycle for budget planning purposes

8. CHAPTER 2 FINANCIAL MANAGEMENT, POA Sec Mgmt Chap 2.6) (Kindle Locations 1391-1394).Financial management practices provide analysis and decision tools that allow businesses to monitor the financial operations of an organization and make better financial decisions. Understanding the accounting principles used in generating financial reports. Task 2.1.1 Develop and manage budgets and financial controls to achieve fiscal responsibility explaining the principles of management accounting, control, and audits.

9. Reports make it possible to analyze the current state of business finances and project how financial decisions will affect the business – hence security.Financial analysis it is possible to develop budgets and set expected goals for revenue or return on investment (ROI).Publicly traded & privately owned companies must follow accounting and financial reporting standards. Oversight responsibility should be separated from authority - purpose of an independent auditor who analyzes the facts, draws conclusions & recommendations.

10. Must be developed in cooperation with functional areas that are stakeholdersDevelop budget to align with financial strategyControls to monitor execution:Accounting processInternal auditingFinancial authority limits

11. CHAPTER 2 FINANCIAL MANAGEMENT, POA Sec Mgmt page 13 to 25)Must understand accounting principles (GAAP)Develop financial strategyMust consider ROI – using formulas to evaluate leasing vs purchasing, etcIncome StatementsBalance SheetsCash Flow StatementsRatios (Risk Ratio; Current Ratio; Quick Ratio; Debt/Equity; Profit Margin; Liability)Task 2.1.2 Develop and manage budgets and financial controls to achieve fiscal responsibility explaining business finance principles and financial reporting.

12. Three financial reports or statements have become accepted as standard: the income statement, balance sheet, and statement of cash flows.The income statement tells how much money an organization generates (revenue), how much it spends (expenses), and the difference between those figures (net income).The balance sheet summarizes an organization’s investing and financing. The report’s underlying equation is as follows: assets = liabilities + shareholder equity.The cash flow statement (statement of cash flows) how cash inflows and outflows affect an organization.

13. Demonstrates whether the organization is generating enough cash to cover operations or purchase assets.POA: Security Management Chapter 2.3 FINANCIAL RATIOS (Kindle Locations 1526-1528). Financial analysis involves understanding various profitability measurements and business risks. The quantitative method of profitability analysis relies on ratios of numbers in financial statements. Ratios are helpful for comparing performance against expected values in an industry or against an organization’s historical performance.

14. 2.3.1 PROFITABILITY RATIOS Profitability ratios aid in quantifying an organization’s ability to generate income beyond covering expenses. The larger the margin of net income, the more profitable an organization is. Gross Profit Margin = (Revenue – Cost of Goods Sold – General and Administrative Costs)/ Revenue Operating Margin = EBITA/ Revenue Net Profit Margin = Net Income/ RevenueReturn on Assets (ROA) = Net Income/ Total AssetsReturn on Equity (ROE) = Net Income/ Shareholder Equity

15. 2.3.1 PROFITABILITY RATIOS (continued)Earnings per Share (EPS) = Net Income/ Total SharesPrice to Earnings (P/E) = Price per Share/ EPS2.3.2 Risk RatiosFinancial risk analysis deals with current or projected numbers that are derived directly from an organization’s financial decisions. Focuses on whether a company will have the ability to cover expenses and operating costs in the short and long term. Current Ratio = Current Assets/ Current LiabilitiesQuick Ratio = (Cash + Securities + Accounts Receivable)/ Current Liabilities

16. 2.3.2 Risk Ratios (continued)Debt to Equity Ratio = Total Liabilities/ Shareholder Equity

17. 2.5.1 RETURN ON INVESTMENT ASIS POA: Sec Mgmt (Kindle Locations 1657-1659) pages 110-111Return on investment (ROI) an effective way to compare the desirability of different ways of spending & future budget money.ROI formula ROI = Initial Investment + Interest -1 Initial Investment(read the examples used in Chap 1 for radio purchase)Task 2.1.3 Develop and manage budgets and financial controls to achieve fiscal responsibility explaining Return on Investment (ROI) analysis.

18. 5.3.1 RETURN ON INVESTMENT, POA: Security Management, page 109, (Kindle Locations 3298-3299)Return on investment (ROI) is a standard profitability ratio that measures how much net income the business earns for each dollar invested by its owners. Also called return on equityROI is used to gauge management’s overall effectiveness in generating profits.International, ASIS. POA: Security Management; Legal Issues; Security Officer Operations; and Crisis Management. ASIS International. Kindle Edition. ROI can be measured in time saved, improved efficiency, reduced manpower, reduced losses, lower liability or insurance payments, or greater customer satisfaction.

19. It all translates into an improved bottom line over time.The expectation is that security measures should not merely be efficient but should provide a positive return on investment. Many organizations do not make ROI calculations when judging security spending; they merely adopt a budget based on historical experience or future estimates. Difficult to calculate when having to measure:Time savingsImproved efficiencyReduction in manpowerReduced lossLower liability/insurance

20. ROI = AL + R CSPAL = Avoided LossR = Recoveries madeCSP = Cost of Security Program

21. 2.5 BUDGETS, POA Sec Mgmt (Kindle Locations 1631-1632)pges 27; 29; 30Types of budget development processes:Top-down (upper management dictates without bottom input)Bottom-up (developed by unit)Zero-based budgeting, a process wherein funds are placed in a budget only to the extent that planned expenditures are justified in detail.Dept Budgets typically annualTask 2.1.1 Develop and manage budgets and financial controls to achieve fiscal responsibility explaining the lifecycle for budget planning purposes.

22. Used to compare past expenditures or forecastDeveloped with cross-functional cooperationAligned with organization’s financial strategyBudgetary Limitations for training:Outsourcing; purchasing off-self training; Grant funding; sharing instructional materials & professional organizations

23. Task 02/02 Develop, implement, and manage policies, procedures, plans, and directives to achieve organizational objectives

24. Knowledge of:02/02/01 Principles and techniques of policy/procedures development02/02/02 Communication strategies, methods, and techniques02/02/03 Training strategies, methods, and techniques02/02/04 Cross-functional collaboration02/02/05 Relevant laws and regulations

25. 10.4.2 POLICIES AND PROCEDURES, POA (Kindle Location 6991)Policies establish rules, while procedures explain how to follow those rules.1.3.1 HUMAN RESOURCES MANAGEMENT, POA (Kindle Locations 1288-1289)HR department must establish policies and procedures to outline how business will be conducted at the organization. Policies cover items that the organization monitors and expects employees to conform to. Task 2.2.1 Develop, implement, and manage policies, procedures, plans, and directives to achieve organizational objectives describing the principles and techniques of policy/procedures development.

26. Some policies are driven by government regulation.Procedures deal with specific items.8-step process illustrates one methodology: Step 1 Identify organizational issues that impact organizational policy. Step 2 Identify the information in need of protection and the protection required. Step 3 Identify the various classes of policy users. Step 4 Draft policies based on Steps 1– 3. Step 5 Review draft policies with management, users, and legal counsel, and then finalize. Step 6 Train all personnel in the organization’s policies. Step 7 Enforce the policies. Step 8 Review and modify policies, as appropriate but at least annually.

27. Examine and apply regulations which impact policies.Involve stakeholders (managers, supervisors, employees).11.8.9 EMPLOYEE EDUCATION AND TRAINING, POA: Security Management, page 334Training employees at all levels (substance abuse) but applicable to all programs.

28. 1.2 ORGANIZATIONAL STRATEGY, 1.2.2 Communicating the Strategy, POA Sec mgmt Policies: Establishes the rules (longer term)Procedures: How to follow the rules (shorter term – changes more often)Organizational strategy: serves as foundation for developing business processes to support overall business structureDeveloping strategy: guides the company into futureTask 2.2.2 Develop, implement, and manage policies, procedures, plans, and directives to achieve organizational objectives describing communication strategies, methods, and techniques.

29. Policies & procedures (strategy) communicated through vision, mission and objectivesNeed to consider all employeesPolicies/procedures must be inclusiveMetrics – KPIs – tied to organizational strategyAny metrics must be SMART1.2.2 COMMUNICATING THE STRATEGY, POA: Security Management, (Kindle Locations 1220-1221).Once a strategic direction is understood, it is essential to capture that direction and communicate it effectively within and outside the organization. The following topics can help communicate the organizational strategy:

30. The vision of an organization is a specific description of where the business will be in the long-term. The vision statement conveys a general understanding of the business, its culture, and its future goals. The mission of the business specifies its types of products or services, level of quality, and other tangible aspects of the business and its plans. While the vision states objectives and business goals, the mission communicates business functionality and operational methods. Objectives This statement includes the specific organizational objectives so that all involved parties can understand what needs to be done.

31. The objectives should highlight specific goals that the organization wants units to achieve in terms of relevant metrics. The objectives must be SMART (Specific, Measurable, Attainable, Relevant, and Time-bound).4.9 TRAINING STRATEGIES, POA: Security Officer Operations, A number of strategies make training programs more cost-effective: off-duty training; tuition reimbursement; recognition programs; integrated training; videos; selling security services; supervisory training; internships; previous experience; officer selection; job rotation; and professional memberships.

32. 4.9.1 Off-Duty Training4.9.2 Tuition Reimbursement4.9.3 Recognition Programs4.9.4 Integrated Training4.9.5 Video Collaborations4.9.6 Selling Security Services4.9.7 Supervisory Training4.9.8 Internships4.9.9 Formal and Informal Training Efforts4.9.10 Government and Private Studies4.9.11 Training and Guidelines Standards

33. 10.3.1 TECHNIQUES, MATERIALS, AND RESOURCES, ASIS. POA: Security Management (Kindle Locations 6889-6890). page 297)Written materialsAV Materials (audio-visual)Formal briefingsIntegration into line operationsInside/outside experts.Task 2.2.3 Develop, implement, and manage policies, procedures, plans, and directives to achieve organizational objectives describing training strategies, methods, and techniques.

34. 6.4.1 ESTABLISHING A MODEL PREVENTION PROGRAM, POA Security Management (Kindle Locations 4124-4126)Strong collaboration among staff and key stakeholders. Such collaboration requires a clear delineation of roles and responsibilities between security, human resources, legal, communications (both internal and external), facilities management, and affected line managers (cross-functional).Prevention: designed to teach management and employees about the nature, types, and most vulnerable areas of losses in the organization.Task 2.2.4 Develop, implement, and manage policies, procedures, plans, and directives to achieve organizational objectives describing cross-functional collaboration.

35. 6.4.1 ESTABLISHING A MODEL PREVENTION PROGRAM, POA Security Management (Kindle Locations 4124-4126)Strong collaboration among staff and key stakeholders. Such collaboration requires a clear delineation of roles and responsibilities between security, human resources, legal, communications (both internal and external), facilities management, and affected line managers (cross-functional).Prevention: designed to teach management and employees about the nature, types, and most vulnerable areas of losses in the organization.Incident reporting: Employees should be encouraged to report theft & fraud even without a monetary reward.

36. 4.4 MANAGEMENT OF ASSETS PROTECTION, POA, (Kindle Locations 2738-2739)Depends on the proper balance of three managerial dimensions: technical expertise, management ability, and the ability to deal with people.

37. Task 02/02 Develop, implement, and manage policies, procedures, plans, and directives to achieve organizational objectives with knowledge of:02/02/05 Relevant laws and regulationsCopyrights (POA: Information Security section 1.5.1)Trademarks, Trade Dress & Service Marks (POA: Information Security; section 1.5.2)Patents (POA: Information Security; section 1.5.3)

38. 02/02/05 Relevant laws and regulations (continued)Trade Secrets (POA: Information Security; section 1.5.4)Nondisclosure Agreements (NDA’s) (POA: Information Security; section 1.5.6)International Issues (intellectual property protection) (POA: Information Security section 1.5.5)

39. 02/02/05 Relevant laws and regulations (continued)Information Security Systems (ISS) considerations:Payment Card Industry Data Security Standard (US) Health Care and Insurance Portability and Accountability Act (US)Gramm-Leach-Bliley Act (US)Children’s Online Privacy Protection Act (US)Sarbanes-Oxley Act (US)Red Flag Rules (US)FTC enforcement actions (US)EU Data Protection POA: Information Security 3.4 Emerging, Legal, Regulatory and and Contractual Landscape Regarding ISS (Kindle Locations 14091-14095).

40. 02/02/05 Relevant laws and regulations (continued)Protection officer licensing and trainingGoverned by local government jurisdictions POA: Information Security 3.4 Emerging, Legal, Regulatory and and Contractual Landscape Regarding ISS (Kindle Locations 14091-14095).

41. Task 02/03 Develop procedures/ techniques to measure and improve organizational productivity

42. Knowledge of:02/03/01 Techniques for quantifying productivity/metrics/key performance indicators (KPI)02/03/02 Data analysis techniques and cost-benefit analysis02/03/03 Improvement techniques (for example, pilot programs, education and training)

43. (ORM.1-2017 Standard Page 33)Performance evaluationEvaluate plans, procedures and capabilitiesPeriodic assessments ; performance evaluations; testing; post incident reports; exercisesImplement and maintain metricsPlan-Do-Check-Act (PDCA) Cycle used during the process> 1million organizations in 161 countries overseen by ISOTask 2.3.1 Develop procedures/ techniques to measure and improve organizational productivity explaining techniques for quantifying productivity/metrics/key performance indicators (KPI).

44. Plan-Do-Check-Act (PDCA)

45.

46. 5.3.1 RETURN ON INVESTMENT, ASIS. POA: Security Management; (Kindle Location 3314). page 107 - 116Manage organization to do more with less – cost-effectivenessMoney expended has highest returnROI formulas for program effectivenessROI = AL + R CSPCost avoidance – using asset protection resources – involve stakeholdersWAECUP, STEP, SWOT strategies help measure benefitsTask 2.3.2 Develop procedures/ techniques to measure and improve organizational productivity explaining data analysis techniques and cost-benefit analysis.

47. 1.6 LOSS IMPACT, POA, Physical Security, (Kindle Locations 1176-1183)Cost-of-Loss Formula Taking the worst-case position and analyzing each security vulnerability in light of the probable maximum loss for a single occurrence of the risk event, one can use the following equation: K = (Cp + Ct + Cr + Ci) - (I - a) K = criticality, total cost of loss Cp = cost of permanent replacement Ct = cost of temporary substitute Cr = total related costs Ci = lost income cost I = available insurance orindemnity a = available insurance

48. 5.6 DATA ANALYSIS AND DISPLAY, POA: Security Management, page 229, (Kindle Locations 3473-3475)The key is to ensure that the software aggregates the data for analysis. Analysis of aggregate data should lead the security manager to discover trends, successes, failures, costs, losses, savings, recoveries, what works, and what does not work, along with a host of other information.

49. 10.3.3 MEASURING THE PROGRAM, POA, Security Management, (Kindle Locations 6948-6951)Measuring effectiveness of programs - through the use of metrics.Company losses before & after the security awareness program was implemented# of persons briefed & number of briefings conducted in specific periodsTopics covered, projected or actual briefing completion date and method of deliveryTask 2.3.3 Develop procedures/ techniques to measure and improve organizational productivity explaining improvement techniques (for example, pilot programs, education and training).

50. Cost of briefing per employee1.3.1 Performance Measurement and Training (Kindle Location 1332)Metrics for evaluating employees should align closely with the organizational strategy. Employees should be measured on both how well they do their current jobs and how well they contribute to the growth of the company as a whole. Measuring:work quality Performance on time performance within budget meeting of other requirements of the position

51. Employee’s overall performance:extra sales, extra hours, and work on several projectswork on tasks outside the position requirementscontribution toward improvements in the business processLeadershipEncourage and support employee certificationSeek new technology – embrace changesBenchmarking with other organizationsAuditing the program (internal/external) – seek improvementTraining – essential component - investment

52. Task 02/04 Develop, implement, and manage security staffing processes and personnel development programs in order to achieve organizational objectives

53. Knowledge of:02/04/01 Interview techniques for staffing02/04/02 Candidate selection and evaluation techniques02/04/03 Job analysis processes02/04/04 Pre-employment background screening02/04/05 Principles of performance evaluations, 360 reviews, and coaching

54. Knowledge of (continued):02/04/06 Interpersonal and feedback techniques02/04/07 Training strategies, methodologies, and resources02/04/08 Retention strategies and methodologies02/04/09 Talent management and succession planning

55. NOTE: REVIEW PREEMPLOYMENT SCREENING GUIDELINEASIS Pre-employment and Background Screening Guideline (2009). Paragraph 8 – page 24/25Helps employers understand and implement the fundamental concepts, methodologies, and legal issues associated with the pre-employment background screening of job applicants. Interviews – first chance to come face-to-faceImportant to be “Active Listeners”Convey critical information to applicant – encourages honestyTask 2.4.1 Develop, implement, and manage security staffing processes and personnel development programs in order to achieve organizational objectives describing the interview techniques for staffing.

56. Allow applicant to share information – not on applicationEmployer has first chance to assess candidate in person – best way to evaluate.1.3.1 Human Resource Management, POA, Security Management, (Kindle Locations 1247-1249) Difficult to assess a candidate based solely on a résumé and a single interview.Review applications/resumes and invite only the most viable candidates for an interview.interviewers provide a thorough overview of the company and the benefits of working for that company.

57. The interviewer should examine the candidate’s objective capabilities and subjective fit with the team the candidate would work with. This latter measure is sometimes the more important one.

58. ANSI/ASIS ORM.1-2007, A.9.4.2 Communicating Complaint and Grievance Procedures; page 70.Task 2.4.2 Develop, implement, and manage security staffing processes and personnel development programs in order to achieve organizational objectives describing the Interpersonal and feedback techniques.

59. ANSI/ASIS ORM.1-2007, A.9.4.2 Communicating Complaint and Grievance Procedures; page 70.

60. 3.1 VIGILANT PERFORMANCE, POA: Security Officer Operations, (Kindle Locations 17218-17222).Job analysis - systematic collection and recording of information about the purpose of a job, its major duties, the conditions under which it is performed, required contacts with others, and the knowledge, skills, and abilities needed to perform the job effectively. A detailed job analysis should be prepared for each position. There needs to be a fit between the security officer, the position, and company expectations.Task 2.4.3 Develop, implement, and manage security staffing processes and personnel development programs in order to achieve organizational objectives describing the job analysis processes.

61. NOTE: REVIEW PREEMPLOYMENT SCREENING GUIDELINE1.3.1 HUMAN RESOURCE MANAGEMENT, POA, (Kindle Locations 1248-1257). Important for an organization to understand how to conduct an effective job requirements analysis, thorough candidate profiles, and effective interviews and evaluations. Staffing decisions should be measured against a detailed job requirements analysis. The analysis should be made not only by the manager responsible for hiring but also by other team members and organizational leaders. Staffing decisions should be measured against a detailed job requirements analysis.

62. The analysis should be made not only by the manager responsible for hiring but also by other team members and organizational leaders. The job requirements analysis addresses both direct and indirect requirements. The direct requirements are those that the candidate must meet to understand and function in the position. The indirect requirements are skills that will increase the candidate’s likelihood of success. Systematic – collection of information, concerning positions and jobs the organization has.Outlines required competencies, qualifications, experience, skills (communication, leadership, interpersonal) needed for suitability for the position.

63. 3.1 VIGILANT PERFROMANCE, POA: Security Officers Operations, (Kindle Locations 17198-17202).Definitions: Dictionary: keen attention to detect danger; wariness physiology: the global responsiveness of the nervous system to external (sensory) and internal (muscles, tendons, and joints) stimuli psychology: unspecified function of the central nervous system that enables an individual to respond effectively to the infrequent and uncertain occurrence of specific, often low-order intensity stimuli in a monotonous environment

64. Job performance and stress – impacts on vigilant performance – work area design; human engineering of equipment; human acuity; human detection and attention capabilities; job analysis; training; workplace environment; quality control; morale; management support to staff.

65. CHAPTER 4: BACKGROUND INVESTIGATIONS AND PRE-EMPLOYMENT SCREENING, POA: Investigations, (Kindle Locations 18969-18972) page 163 – 171 From a legal perspective, preemployment investigations provide organizations mitigation from negligent hiring and discrimination. A bad hiring decision imposes many costs - if a poorly chosen employee steals from the company, losses will include the value of the property or service stolen; the cost of the investigation; and the cost of recruiting, hiring, and training a replacement employee.Task 2.4.4 Develop, implement, and manage security staffing processes and personnel development programs in order to achieve organizational objectives describing the pre-employment background screening.

66. Not all positions in an organization require the same level of screening. Certain positions often merit an enhanced level of scrutiny - an organization must carefully review its position descriptions and select the appropriate level of screening. 4.4.5 SEVEN EASY STEPS TO A COMPREHENSIVE PREEMPLOYMENT SCREENING POLICY The following steps can help in developing a legal, effective, and fair pre-employment screening policy:Create clearly written , well defined job descriptions for all positions.Assess the risk of each job classification in terms of reasonable (or foreseeable) potential for problems.

67. 4.4.5 SEVEN EASY STEPS TO A COMPREHENSIVE PREEMPLOYMENT SCREENING POLICY The following steps can help in developing a legal, effective, and fair pre-employment screening policy:Create clearly written , well defined job descriptions for all positions.Assess the risk of each job classification in terms of reasonable (or foreseeable) potential for problems. Based on the preceding risk assessment, determine the scope of pre-employment screening for each job classification. Work with human resources and legal personnel to develop an appropriate hiring packet. Establish criteria for evaluating information.Communicate the policy and its purpose to the workforce

68. Periodically review the policy compliance.NOTE: REVIEW PREEMPLOYMENT SCREENING GUIDELINEFactors that effect the screening program:Build effective screening policy – criteria for collecting informationOutline the types of screening methodsWho conducts investigations?HRSecurity DeptExternal contractorsNOTE: REVIEW PREEMPLOYMENT SCREENING GUIDELINEHR manages process – most visible staffing

69. HR manages process – most visible staffingJob analysis – indirect (leadership, communication skills) and direct (qualifications, job skills) requirementsScreening process (background investigations: reference checks, police checks, financial checks, verify credentials)Personal profiling testing, drug testing, then interview – examine the candidate’s capabilities – competencies – can they perform the requirements of job.

70. 2.6.1 EVALUATIONS, POA Security Officer Operations, (Kindle Location 17096). Evaluate the personal behaviors on the job and task performanceTwo-way communications – informal every 6mons and annually formallyIf required to improve – training360 Review – employee provides feedback to supervisor, a process that is top-down, horizontal and vertical.Task 2.4.5 Develop, implement, and manage security staffing processes and personnel development programs in order to achieve organizational objectives describing the principles of performance evaluations, 360 reviews, and coaching.

71. SMART KPIs (Specific-Measurable-Achievable-Relevant-Time bound)Regular assessment and recording of officer performance by supervisors after every post visit. The assessment must include: personal appearance and condition of the officer physical condition of the post availability and condition of all required personnel and post equipment, including the post orders quality of officer response to training questions or situations quality of officer response to actual situations arising at post during the visit.

72. At regular intervals, the security manager can review performance and ratings to determine whether additional training or counseling is needed.Performance evaluations should be used to ensure that staff and supervisors receive regular feedback on both positive and negative performance. Coaching and leadership go hand in hand. Coaching is “the process of giving motivational feedback to maintain and improve performance”.The process should maximize the employee’s potential to the benefit of both the employee and employer.

73. 3.6.5 ANALYZING JOB PERFORMANCE, POA: Security Officer Operations, Performance appraisals are an essential part of any job. Common criteria for a performance appraisal are task performance, overall behavior on the job, and positive and negative traits that relate to the officer’s performance. Recommended an individual formal performance appraisal be conducted once per year, with an informal review at the six month mark. Ensures the employee knows exactly how he or she is perceived in the eyes of management.

74. 4.3.5 REDUCED TURNOVER Security Officer Operations pges 47-49, 70; Investigations page 179)Avoiding turnover can be achieved by well documented training programsReduced turnover can be achieved through training and positive employee motivation (award programs, etc) Applying motivational theories to reduce turnoverTraining cited as a high factor toward retaining employeesPoor screening program can lead to higher turnoversTurnover calculator:Cost associated with replacing an employee (costly) Free calculator available on InternetTask 2.4.8 Develop, implement, and manage security staffing processes and personnel development programs in order to achieve organizational objectives describing retention strategies and methodologies.

75. Employee retention begins with open lines of communication designed to ensure that realistic expectations are in place for new and existing employees. Proper orientation to the employee’s work environment followed by training about the organization’s products, services, culture, and expectations. Turnover calculator:Cost associated with replacing an employee (costly) Free calculator available on Internet4.2.2 RETENTION AND TRANSFER, POA: Security Officer Operations; (Kindle Locations 17662-17665).Knowledge retention, or the amount of learning that remains with the learner over a period of time, requires reiteration.

76. Having the student perform the task while listening to the instructor promotes the highest retention of information. Continuous learning aids in both retention and the transfer or application to the job of the knowledge, skills, and abilities obtained in training. Transfer concerns the relevance of the learning to the job environment, thereby ensuring that what is learned in the classroom is put to use.

77. 1.3.1 HUMAN RESOURCE MANAGEMENT, POA: Security Management, (Kindle Locations 1242-1243). HR can find and keep high-level talent for the company and leverage that talent to maximum effectiveness. A good HR department can find and keep high-level talent for the company and leverage that talent to maximum effectiveness. Task 2.4.9 Develop, implement, and manage security staffing processes and personnel development programs in order to achieve organizational objectives describing talent management and succession planning.

78. ANSI/ASIS ORM.1-2007 page 24

79. Task 02/05 Monitor and ensure a sound ethical climate in accordance with regulatory requirements and the organization’s directives and standards to support and promote proper business practices

80. Knowledge of:02/05/01 Good governance standards02/05/02 Guidelines for individual and corporate behavior02/05/03 Generally accepted ethical principles02/05/04 Confidential information protection techniques and methods02/05/05 Legal and regulatory compliance

81. CHAPTER 3 STANDARDS IN SECURITY, POA Security Management, page 33, 44-45Organize committees to review and audit compliance to standardsAdopting ISO, ANSI/ASIS standardsBenefits – benchmarks, forcing organization to systematically identify risks and solutions, encourage more participants, provide tools, study standards toward enhancing orgs performance, protecting orgs reputation and brand, and helping the org coordinating its programsTask 2.5.1 Monitor and ensure a sound ethical climate in accordance with regulatory requirements and the organization’s directives and standards to support and promote proper business practices and good governance standards.

82.

83. ANSI/ASIS ORM.1-2007 Organizational ResilienceANSI/ASIS CSO.1-2013 Chief Security Officer ASIS GDL PBS-2009 (Pre-employment and Background Screening Guideline)ASIS/SHRM WVPI.1-2011 Workplace Violence and Intervention StandardASIS GDL FPSM-2009 Facilities Physical Security GuidelineASIS GDL BC.01 2005 Business Continuity GuidelineASIS General Risk Assessment Guideline (2003)Task 2.5.2 Monitor and ensure a sound ethical climate in accordance with regulatory requirements and the organization’s directives and standards to support and promote proper business practices describing guidelines for individual and corporate behavior.

84. CHAPTER 1 ETHICS IN THE SECURITY PROFESSION POA: Legal Issues (Kindle Locations 8915-8916)Business ethics rests on five core, foundational values: honesty, responsibility, respect, fairness, and compassion Ethics is a discipline or system of moral principles governing human action and interactions.One can ask three questions as a test for ethical conduct Is it legal? Is it balanced? Task 2.5.3 Monitor and ensure a sound ethical climate in accordance with regulatory requirements and the organization’s directives and standards to support and promote proper business practices describing generally accepted ethical principles.

85. Ethics (continued):How will it make me feel about myself?Ethics as a discipline is divided into several types. Descriptive ethics attempts to explain or describe ethical events. Analytical ethics attempts to examine ethical conceptsApplied ethics— the type most relevant to business— is active.Not descriptive or prescriptiveApplies ethical concepts in specific business situations. This form of ethics makes specific judgments about right and wrong and prescribe types of behavior as ethical in the context of the activity.

86. It makes claims about what should be done and what may not be done. Business ethics is the field of ethics that examines moral controversies relating to business practices in any economic system. It looks at various business activities and asks whether they are right or wrong.

87. 1.4.1 BASIC PROTECTION PRACTISES, POA: Information Security, (Kindle Locations 12151-12152) Pges 12, 13, 25, 90Classifying and marking protected informationConfidentialRestrictedLimitedNon-publicTask 2.5.4 Monitor and ensure a sound ethical climate in accordance with regulatory requirements and the organization’s directives and standards to support and promote proper business practices describing confidential information protection techniques and methods.

88. Example, many businesses divide information in three categories: approved for external release (unrestricted access), internal (limited to employees and contractors), and confidential (limited by a specific need to know). Using NDAs (Non-Disclosure Agreements)Sample NDA on Pages 44-47Policies and procedures concerning the handling of documents and records. Equipment to manage sensitive information (shredders, signs, safes, containers)

89. Information security countermeasures:DetectionRecoveryCompliance1.4.2 PHYSICAL SECURITY, POA: Legal Issues (Kindle Locations 12158-12161) IAP professionals should coordinate closely with physical security staff to harmonize protective efforts in several categories. Layered Protection (Defense in Depth)

90. Task 02/05 Monitor and ensure a sound ethical climate in accordance with regulatory requirements and the organization’s directives and standards to support and promote proper business practicesWith knowledge of:02/05/05 Legal and regulatory compliance

91. Task 02/06 Provide advice and assistance to management and others in developing performance requirements and contractual terms for security vendors/suppliers

92. Knowledge of:02/06/01 Key concepts in the preparation of requests for proposals and bid reviews/evaluations02/06/02 Service Level Agreements (SLA) definition, measurement and reporting02/06/03 Contract law, indemnification, and liability insurance principles02/06/04 Monitoring processes to ensure that organizational needs and contractual requirements are being met

93. 12.6.2 SPECIFICATIONS, POA Physical Security, (Kindle Locations 7391-7397). Systems specifications match & complement the systems design in sufficient detail to achieve the following:Final implementation reflects what was intended.Systems specifications contain actual performance instructions and criteria for constructing systems included in the design. Task 2.6.1 Provide advice and assistance to management and others in developing performance requirements and contractual terms for security vendors/suppliers explaining key concepts in the preparation of requests for proposals and bid reviews/evaluations.

94. Included in the specification should be functional testing. Drawings and plans are virtually useless unless there are associated specifications detailing construction and systems performance criteria. Drawings and plans show what is to be constructedAll the bidders get the same complete understanding of the requirements.A security system specification should include the following:Instructions to bidders with a list of all documents included in the contract documentsList of project referencesFunctional description of the complete systems design.List of design drawingsList of description of products and services

95. List of applicable codes and standardsSupport servicesTechnical descriptionsGeneral site conditions12.6.3 DrawingsDrawings are the cornerstone of any construction project. A picture or diagram of design intent is less likely to be misinterpreted by contractors. 12.8 Procurement PhaseSole source, request for proposal (RFP), and invitation for bid (IFB), with some variations

96. CHAPTER 5 SELECTING AND ADMINISTERING THE SECURITY SERVICES CONTRACT POA: Security Officers Operations, 5.1.1 RFP Evaluate the security needsDefine scope of workDefine objectivesTimelines(POA Security Officer Ops Chapter 5, pge 108; Physical Security pge 348)Bid EvaluationStrict submission deadlineProposal contentPropose submission on time – usually restrictionsTechnical and commercial proposals (quality of proposal)Look for best value – not best priceLicensing and training

97. (POA: Physical Security (Kindle Locations 8091-8093). ASIS International. Kindle Edition)What’s prime responsibility? What is the warranty?12.12 MAINTENANCE, EVALUATION, AND REPLACEMENT . POA: Physical Security (Kindle Location 8091) Kindle Edition. When contracting for maintenance services, the customer and the contractor should do the following: Agree on the basis of the contract document. Document in detail the components of the systems that are to be maintained. Task 2.6.2 Provide advice and assistance to management and others in developing performance requirements and contractual terms for security vendors/suppliers explaining Service Level Agreements (SLA) definition, measurement and reporting.

98. Organizations’ increasing reliance on physical protection systems, coupled with the increasing scale and complexity of these systems, requires careful consideration of maintenance requirements.(POA: Physical Security (Kindle Locations 8091-8093). ASIS International. Kindle Edition)When contracting for maintenance services, the customer and the contractor should do the following: Agree on the basis of the contract document.Document in detail the components of the systems that are to be maintained.Set out the service levels for each component or subsystem.

99. Define roles and responsibilities of the parties to the agreement.Agree on pricing and payments.Set out how the agreement will be managed and administered. The customer and the contractor will jointly need to develop a support plan and the appropriate service level and response times for each component. Components whose failure has a high impact on the system require a higher level of support. The customer should consider and specify service levels that are realistic, measurable, and in accord with the organization’s specific business needs, particularly if travel is involved.

100. The costs for guaranteed response times of less than four hours can escalate rapidly due to the staff hours, travel, and equipment required. Define roles and responsibilities of the parties to the agreement.Agree on pricing and payments.Set out how the agreement will be managed and administered. The customer and the contractor will jointly need to develop a support plan and the appropriate service level and response times for each component. Components whose failure has a high impact on the system require a higher level of support.

101. The customer should consider and specify service levels that are realistic, measurable, and in accord with the organization’s specific business needs, particularly if travel is involved. The costs for guaranteed response times of less than four hours can escalate rapidly due to the staff hours, travel, and equipment required. The costs for guaranteed response times of less than four hours can escalate rapidly due to the staff hours, travel, and equipment required. . Service levels and costs depend on the location of the system in relation to the supplier and on the ability to diagnose and fix problems remotely.

102. Using a remedial maintenance provider based in another city may significantly extend response times. Requiring support outside normal business hours also affects service levels and costs. The major goal of system maintenance agreements is to ensure that the security system operates at its optimum capability with minimum downtime. Roles and responsibilities of all of the parties providing services must be clearly defined, documented, and agreed upon with the system maintenance supplier.Costs usually based on a scale of of fees (POA: Physical Security (Kindle Locations 8155-8158). ASIS International. Kindle Edition. )

103. POA LEGAL ISSUES 4.2.1 CONTRACT LAW A contract may be defined as “an agreement between two or more persons that creates an obligation to do or not do a particular thing”. Contracts may be express or implied, written or oral. They may involve a single act or omission or multiple acts or omissions. They may exist between natural persons, corporations, and partnerships, or between any of those parties and the government. Task 2.6.3 Provide advice and assistance to management and others in developing performance requirements and contractual terms for security vendors/suppliers explaining contract law, indemnification, and liability insurance principles.

104. Express contract is one whose terms and conditions have been stated in words. If a vendor promises to sell and deliver a specific model of camera at a price of $ 500 on a certain date to a buyer, and the buyer promises to buy the camera and take delivery on that date, there is an express contract between the buyer and seller. An implied contract is one whose terms and conditions have not been stated in words but are added or supplied on the theory that the parties really intended such terms and conditions. A contract may be implied in law or implied in fact. A contract implied in law imposes an obligation on the part of one who has obtained a benefit at the expense of another to do some act or refrain from doing something. A contract implied in fact is based on the involved parties’ conduct, even if formal words of agreement are absent.

105. It is best to avoid oral arrangements and rely on written documentation whenever possible. Certain kinds of agreements (such as those not completed within one year or those touching on real property) will not be enforced unless in writing. When an agreement has been reduced to writing, it generally may not be changed on the basis of oral statements. The subject matter of a contract, oral or written, must be lawful or the alleged contract will not be enforced. Warranties – statements by persons that state products or services rendered by them are as described when purchased. (The manufacturer or supplier, or both, agree that, for a stated period, the product will perform as described and that if, without fault by the buyer or user, it should fail to perform, it will be repaired at no cost to the buyer or user.)

106. POA: Legal Issues Chapter 4.2.1 CONTRACT LAW, Limitations of Liability (Kindle Locations 11104-11105). To protect against liability, insurance, security product and service vendors usually rely on specific language in the contract, service agreement, or purchase memorandum to limit their liability. Agency – whether the actions of one persone representa another person or organization (Security Officer acting on behalf of client)Principal/Agent Relationships:Express agreement – employer tells agent to perform tasks or duties.Vicarious liability - liability for the acts of another without personal fault of the one liable. Contract between a security firm and the client company would include an indemnity or hold- harmless provision by which the security firm agrees to indemnify the company or hold it harmless from any damages arising from the security firm’s performance of its contracted tasks.

107. POA: Security Officer Operations, Chapter 5.5 Administration of the Operating Agreement, (page 124, 125-140)Regularly scheduled meetingsTeam inspections, client and vendorsProcedural audits – 3rd parties – ensure compliance to agreementExamine invoices12.11 TESTING AND WARRANTY ISSUES, POA: Physical Security, Task 2.6.4 Provide advice and assistance to management and others in developing performance requirements and contractual terms for security vendors/suppliers explaining monitoring processes to ensure that organizational needs and contractual requirements are being met.

108. 12.11 TESTING AND WARRANTY ISSUES, POA: Physical Security, (Kindle Locations 7944-7948)Performance testing is designed to determine whether equipment is functional, has adequate sensitivity, and will meet its design and performance objectives. Four types of tests: pre-delivery or factory acceptance tests site acceptance tests reliability or availability tests after-acceptance tests12.11.5 WARRANTY ISSUES The contractor should be required to repair, correct, or replace any defect for a period of 12 months from the date of issue of the certificate of practical completion.

109. The common time for the contractor to report to the job site to address a warranty issue is within four hours of the problem report. Moreover, the contractor should hold a sufficient stock of spares to allow speedy repair or replacement of equipment. Waiting for manufacturers to replace or repair equipment is not acceptable.Will the PPS supplier provide the warranty service, or will a third party do so? Are the service levels of the warranty service consistent with the system maintenance service levels? If items under warranty fail, what will happen?

110. PRACTICE EXAM QUESTIONS

111. When developing a performance measure for evaluating an employee, which of the following BEST describes how they should be measured:How well they do their current jobs and how well they contribute to the growth of the company. How well they perform their current jobs and how well they get along with fellow employees.How they perform compared to other employees.How well they have supported their supervisors and organizational management.

112. When developing a performance measure for evaluating an employee, which of the following BEST describes how they should be measured:How well they do their current jobs and how well they contribute to the growth of the company. How well they perform their current jobs and how well they get along with fellow employees.How they perform compared to other employees.How well they have supported their supervisors and organizational management.POA: Security Management; (Kindle Locations 1334-1335). ASIS International. Kindle Edition.

113. After employees, which of the following is the second most valuable resource, which supports the organizational strategy? Company facilitiesManufactured productsCorporate knowledgeCompany brand

114. After employees, which of the following is the second most valuable resource, which supports the organizational strategy? Company facilitiesManufactured productsCorporate knowledgeCompany brandPOA: Security Management; (Kindle Locations 1351-1352). ASIS International. Kindle Edition.

115. Three financial reports or statements have become accepted as standard and they make it possible to paint a clear picture of a company’s current and prospective financial health. They are: The income statement, profit and loss and cash flow statementsThe income statement, balance sheet, and cash flow statementsThe balance sheet, profit ratio and cash flow statementsThe income sheet, profit ratio and cash flow statements

116. Three financial reports or statements have become accepted as standard and they make it possible to paint a clear picture of a company’s current and prospective financial health. They are: The income statement, profit and loss and cash flow statementsThe income statement, balance sheet, and cash flow statementsThe balance sheet, profit ratio and cash flow statementsThe income sheet, profit ratio and cash flow statementsPOA: Security Management; (Kindle Locations 1419-1421). ASIS International. Kindle Edition.

117. Which of the following BEST describes the document that tells how much money an organization generates (revenue), how much it spends (expenses), and the difference between those figures (net income)?Balance sheetIncome statementExpense sheetCash flow statement

118. Which of the following BEST describes the document that tells how much money an organization generates (revenue), how much it spends (expenses), and the difference between those figures (net income)?Balance sheetIncome statementExpense sheetCash flow statementPOA: Security Management; (Kindle Locations 1428-1429). ASIS International. Kindle Edition.

119. assets = liabilities + shareholder equityWhich of the following BEST describes what the above formula is used to develop?Income statementBalance sheetCash flow statementReturn-on-assets ratio

120. assets = liabilities + shareholder equityWhich of the following BEST describes what the above formula is used to develop?Income statementBalance sheetCash flow statementReturn-on-assets ratioPOA: Security Management; (Kindle Location 1456). ASIS International. Kindle Edition.

121. The practice of borrowing capital to purchase assets that can increase revenue is called which of the following?LeveragingAveragingLoaningBanking

122. The practice of borrowing capital to purchase assets that can increase revenue is called which of the following?LeveragingAveragingLoaningBankingPOA: Security Management; (Kindle Locations 1561-1562). ASIS International. Kindle Edition.

123. This examines the company’s ability to cover short-term obligations. It is derived from the following equation: Current Assets/ Current Liabilities This BEST describes which of the following? Quick RatioDebt to Equity RatioCurrent RatioReturn on Assets Ratio

124. This examines the company’s ability to cover short-term obligations. It is derived from the following equation: Current Assets/ Current Liabilities This BEST describes which of the following? Quick RatioDebt to Equity RatioCurrent RatioReturn on Assets RatioPOA: Security Management; (Kindle Locations 1590-1592). ASIS International. Kindle Edition.

125. Where frontline managers, who are involved in the day-to-day operations of their departments or divisions, are their organizations’ best resource for realistic budget information and would set their own budget, is a process referred to as: This is called? Top-down budgetingBottom-up budgetingCombination budgetingZero based budgeting

126. Where frontline managers, who are involved in the day-to-day operations of their departments or divisions, are their organizations’ best resource for realistic budget information and would set their own budget, is a process referred to as: This is called? Top-down budgetingBottom-up budgetingCombination budgetingZero based budgetingPOA: Security Management (Kindle Locations 1639-1640). ASIS International. Kindle Edition.

127. If your organization shows that a US$ 1,500,000 investment in R&D typically returns US$ 630,000 in revenue within five years, what is the ROI? 25%34%42%66%

128. If your organization shows that a US$ 1,500,000 investment in R&D typically returns US$ 630,000 in revenue within five years, what is the ROI? ROI = [Investment Value at End of Period/ Investment Value Beginning of Period] – 125%34%42%66%POA: Security Management; Legal Issues; Security Officer Operations; and Crisis Management (Kindle Locations 1666-1667). ASIS International. Kindle Edition.

129. If your organization shows that a US$ 1,500,000 investment in R&D typically returns US$ 630,000 in revenue within five years, what is the ROI? ROI = [( $ 1,500,000 + $ 630,000)/ $ 1,500,000] – 1 = 42% 25%34%42%66%POA: Security Management; (Kindle Locations 1666-1667). ASIS International. Kindle Edition.

130. If your organization has two options:Option 1: A US$ 1,500,000 investment in R&D typically returns US$ 630,000 in revenue within five years.Option 2: Reduce debt instead by making a US$ 2,000,000 investment in debt reduction that would save the company US$ 772,000 in interest payments over five years.Notwithstanding other issues, what is the BEST option based on ROI? Option 1Option 2Either option 1 or 2Neither option 1 or 2

131. If your organization has two options:Option 1: A US$ 1,500,000 investment in R&D typically returns US$ 630,000 in revenue within five years.Option 2: Reduce debt instead by making a US$ 2,000,000 investment in debt reduction that would save the company US$ 772,000 in interest payments over five years.Notwithstanding other issues, what is the BEST option based on ROI? Option 1 = 42% ROIOption 2 = 39% ROIEither option 1 or 2Neither option 1 or 2

132. A __________ helps establish design requirements for devices, systems, and infrastructure to withstand threats. These specifications make it easier to design systems and sell equipment across borders. StandardSpecificationAssessmentAnalysis

133. A __________ helps establish design requirements for devices, systems, and infrastructure to withstand threats. These specifications make it easier to design systems and sell equipment across borders. StandardSpecificationAssessmentAnalysisPOA: Security Management (Kindle Locations 1763-1765). ASIS International. Kindle Edition.

134. This is a nongovernmental organization bringing together stakeholders from the public, private, and not-for-profit sectors. It serves as a central point where standards bodies from around the world— and the organizations that participate in them— can gather to develop standards jointly. It is called:ASIS InternationalAmerican National Standards InstituteInternational Standards OrganizationNational Fire Prevention Association

135. This is a nongovernmental organization bringing together stakeholders from the public, private, and not-for-profit sectors. It serves as a central point where standards bodies from around the world— and the organizations that participate in them— can gather to develop standards jointly. It is called:ASIS InternationalAmerican National Standards InstituteInternational Standards OrganizationNational Fire Prevention AssociationPOA: Security Management; (Kindle Locations 1834-1836). ASIS International. Kindle Edition.

136. The following statement is part of the PDCA Cycle for management systems: “The process is to examine the planning analysis, devise a solution, prioritize next steps, and develop a detailed action plan. The goal is to develop a plan that will be used actively to engage the organization and address problems and their causes, then implement that plan.” What part of the PDCA Cycle is this? PlanningDoCheckAct

137. The following statement is part of the PDCA Cycle for management systems: “The process is to examine the planning analysis, devise a solution, prioritize next steps, and develop a detailed action plan. The goal is to develop a plan that will be used actively to engage the organization and address problems and their causes, then implement that plan.” What part of the PDCA Cycle is this? PlanDoCheckActPOA: Security Management; (Kindle Locations 2025-2028). ASIS International. Kindle Edition.

138. Which world renown standards address quality management and customer satisfaction while meeting regulatory requirements and constantly pursuing quality improvement?:ISO 9000ISO 14000ASIS Global StandardsASIS Global Guidelines

139. Which world renown standards address quality management and customer satisfaction while meeting regulatory requirements and constantly pursuing quality improvement?:ISO 9000ISO 14000ASIS Global StandardsASIS Global GuidelinesPOA: Security Management; (Kindle Location 2042). ASIS International. Kindle Edition.

140. This standard was developed by technical committees in Australia, the Netherlands, and the United States as a management system standard that provides a framework for a comprehensive approach to managing the risks of a disruptive incident by addressing reduction of both likelihood and consequences. This BEST describes:ISO 9001: 2008 Quality Management Systems Requirements.ISO 14001: 2004 Environmental Management Systems.ANSI/ ASIS.SPC. 1: Organizational Resilience: Security, Preparedness and Continuity Management Systems— Requirements with Guidance for Use. ANSI/ASIS: Business Continuity Management Systems Requirements with Guidance for Use.

141. This standard was developed by technical committees in Australia, the Netherlands, and the United States as a management system standard that provides a framework for a comprehensive approach to managing the risks of a disruptive incident by addressing reduction of both likelihood and consequences. This BEST describes:ISO 9001: 2008 Quality Management Systems Requirements.ISO 14001: 2004 Environmental Management Systems.ANSI/ ASIS.SPC. 1: Organizational Resilience: Security, Preparedness and Continuity Management Systems— Requirements with Guidance for Use. ANSI/ASIS: Business Continuity Management Systems Requirements with Guidance for Use.POA: Security Management; (Kindle Locations 1941-1942). ASIS International. Kindle Edition.

142. “This type of ethics is most relevant to business, active and applies ethical concepts in specific business situations. This form of ethics makes specific judgments about right and wrong and prescribe types of behavior as ethical in the context of the activity. It makes claims about what should be done and what may not be done. “ This is BEST described as: Descriptive ethicsAnalytical ethicsApplied ethicsPrescriptive ethicsPOA: Security Management; Legal Issues; Security Officer Operations; and Crisis Management (Kindle Locations 8966-8968). ASIS International. Kindle Edition.

143. “This type of ethics is most relevant to business, active and applies ethical concepts in specific business situations. This form of ethics makes specific judgments about right and wrong and prescribe types of behavior as ethical in the context of the activity. It makes claims about what should be done and what may not be done. “ This is BEST described as: Descriptive ethicsAnalytical ethicsApplied ethicsPrescriptive ethicsPOA: Security Management; (Kindle Locations 8966-8968). ASIS International. Kindle Edition.

144. In most cultures this is closest thing to a universal guideline or Golden Rule: to treat others the way one would want to be treated. This guiding principle works for both individuals and organizations. This BEST describes which of the following?Business ethicsGovernment regulationsCorporate lawCivil law

145. In most cultures this is closest thing to a universal guideline or Golden Rule: to treat others the way one would want to be treated. This guiding principle works for both individuals and organizations. This BEST describes which of the following?Business ethicsGovernment regulationsCorporate lawCivil lawPOA: Security Management; (Kindle Locations 9056-9058).

146. Which of the following is NOT considered a problem encountered by an organization with a culture of unethical behavior?Decrease in company sales and stock pricesDecrease in productivity, both organizational and personalIncrease in risk of scandalIncrease in communication and trust

147. Which of the following is NOT considered a problem encountered by an organization with a culture of unethical behavior?Decrease in company sales and stock pricesDecrease in productivity, both organizational and personalIncrease in risk of scandalIncrease in communication and trustPOA: Security Management; (Kindle Locations 9039-9040). ASIS International. Kindle Edition.

148. The organization should always follow these concepts in implementing its ethics code and program: Have a well written code of ethical conductEstablish a partnership with another company with an ethics codeEnsure the organization’s Board of Directors have signed an ethics agreementMake the ethics policy and program flexible to account for errors

149. The organization should always follow these concepts in implementing its ethics code and program: Have a well written code of ethical conductEstablish a partnership with another company with an ethics codeEnsure the organization’s Board of Directors have signed an ethics agreementMake the ethics policy and program flexible to account for errorsPOA: Security Management; (Kindle Locations 9144-9145). ASIS International. Kindle Edition.

150. Ethics problems are not confined to the business world; they can be found in almost any field of endeavor. What are the three factors that psychologists indicate commonly motivate individuals to commit unethical or dishonest acts? Determination, access and lack of ethicsDesire, justification and lack of ethicsDetermination, justification and lack of ethicsDesire, rationalization, and opportunity

151. Ethics problems are not confined to the business world; they can be found in almost any field of endeavor. What are the three factors that psychologists indicate commonly motivate individuals to commit unethical or dishonest acts? Determination, access and lack of ethicsDesire, justification and lack of ethicsDetermination, justification and lack of ethicsDesire, rationalization, and opportunityPOA: Security Management; (Kindle Locations 8941-8943). ASIS International. Kindle Edition.

152. Which of the following would be considered one of the GREATEST legal liabilities an organization faces with security officers? Lack of honestyPoor reputationIssued a deadly weaponSafety training

153. Which of the following would be considered one of the GREATEST legal liabilities an organization faces with security officers? Lack of honestyPoor reputationIssued a deadly weaponSafety trainingPOA: Security Management (Kindle Locations 16636-16637). ASIS International. Kindle Edition.

154. “The absorptive and adaptive capacity of an organization in a complex and changing environment”, is a definition for business ________.ContingencyContinuityResilienceConvergence

155. “The absorptive and adaptive capacity of an organization in a complex and changing environment”, is a definition for business ________.ContingencyContinuityResilienceConvergenceASIS Int’l, ANSI ORM Security & Resilience in Organizations and Their Supply Chains (2017), page x

156. “Possible source of danger or conditions (physical or operational) that have a capacity to produce a particular type of adverse effect”, is the definition for a ______________.RiskThreatHazardDisaster

157. “Possible source of danger or conditions (physical or operational) that have a capacity to produce a particular type of adverse effect”, is the definition for a ______________.RiskThreatHazardDisasterASIS Int’l, ANSI ORM Security & Resilience in Organizations and Their Supply Chains (2017), page 5

158. The ASIS/ANSI ORM Security & Resilience in Organizations and Their Supply Chains (2017) outlines a risk assessment process. Which of the following describes the process?Asset identification; risk identification; risk analysis; and risk evaluation.Asset identification; vulnerability assessment; threat assessment; and risk evaluation.Threat identification; vulnerability assessment; risk analysis; and risk evaluation. Threat identification; vulnerability assessment; risk assessment; and risk evaluation.

159. The ASIS/ANSI ORM Security & Resilience in Organizations and Their Supply Chains (2017) outlines a risk assessment process. Which of the following describes the process?Asset identification; risk identification; risk analysis; and risk evaluation.Asset identification; vulnerability assessment; threat assessment; and risk evaluation.Threat identification; vulnerability assessment; risk analysis; and risk evaluation. Threat identification; vulnerability assessment; risk assessment; and risk evaluation.ASIS/ANSI ORM Security & Resilience in Organizations and Their Supply Chains (2017) page 18.

160. The _______ plan is set out in writing by a business unit’s top leadership, not focusing on day-to-day operations but providing direction that defines and supports long-term goals. OperationalStrategicTacticalFinancial

161. The _______ plan is set out in writing by a business unit’s top leadership, not focusing on day-to-day operations but providing direction that defines and supports long-term goals. OperationalStrategicTacticalFinancialPOA: Security Management; (Kindle Locations 1192-1194). ASIS International. Kindle Edition.

162. A SWOT is often used as an assessment tool for developing an organizational strategy, SWOT stands for which of the following:Strategy, Weaknesses, Opportunities, ThreatsStrategy, Weaknesses, Operations, ThreatsStrengths, Weaknesses, Opportunities, ThreatsStrengths, Weaknesses, Operations, Threats

163. A SWOT is often used as an assessment tool for developing an organizational strategy, SWOT stands for which of the following:Strategy, Weaknesses, Opportunities, ThreatsStrategy, Weaknesses, Operations, ThreatsStrengths, Weaknesses, Opportunities, ThreatsStrengths, Weaknesses, Operations, ThreatsPOA: Security Management; (Kindle Locations 1208). ASIS International. Kindle Edition.

164. “A specific description of where the business will be in the long-term, that conveys a general understanding of the business, its culture, and its future goals.” This concept is BEST referred to as:A Mission StatementA Vision StatementA Strategic PlanAn Organizational Strategy

165. “A specific description of where the business will be in the long-term, that conveys a general understanding of the business, its culture, and its future goals.” This concept is BEST referred to as:A Mission StatementA Vision StatementA Strategic PlanAn Organizational StrategyPOA: Security Management; (Kindle Locations 1223-1224). ASIS International. Kindle Edition.

166. “This communicates business functionality and operational methods. It specifies a business’ types of products or services, level of quality, and other tangible aspects of the business and its plans.” is BEST referred to as:A Mission StatementA Vision StatementA Strategic PlanAn Organizational Strategy

167. “This communicates business functionality and operational methods. It specifies a business’ types of products or services, level of quality, and other tangible aspects of the business and its plans.” is BEST referred to as:A Mission StatementA Vision StatementA Strategic PlanAn Organizational StrategyPOA: Security Management; (Kindle Locations 1225-1226). ASIS International. Kindle Edition.

168. “This statement includes the specific details that all involved parties can understand what needs to be done, highlighting specific goals the organization wants units to achieve.” This BEST describes:Mission StatementsVision StatementsStrategic PlansOrganizational Objectives

169. “This statement includes the specific details that all involved parties can understand what needs to be done, highlighting specific goals the organization wants units to achieve.” This BEST describes:Mission StatementsVision StatementsStrategic PlansOrganizational ObjectivesPOA: Security Management; (Kindle Locations 1225-1226). ASIS International. Kindle Edition.

170. When designing objectives or goals, they must be SMART. This acronym stands for which of the following:Strategic; Measurable; Accountable; Relevant; Time-boundStrategic; Measurable; Accountable; Relevant; Time-boundSpecific; Measurable; Accountable; Relevant; Time-boundSpecific; Measurable; Attainable; Relevant; Time-bound

171. When designing objectives or goals, they must be SMART. This acronym stands for which of the following:Strategic; Measurable; Accountable; Relevant; Time-boundStrategic; Measurable; Accountable; Relevant; Time-boundSpecific; Measurable; Accountable; Relevant; Time-boundSpecific; Measurable; Attainable; Relevant; Time-boundPOA: Security Management; (Kindle Locations 1225-1226). ASIS International. Kindle Edition.

172. Dennis Shepp, CPPBUSINESS PRINCIPLES AND PRACTICES (13%)October 20172DOMAIN