Skip to main content

Tell us whether you accept cookies

We use cookies to collect information about how you use this service. We use this information to make the service work as well as possible and improve this service.

Set cookie preferences

You've accepted all cookies. You can change your cookie settings at any time.

Find apprenticeship training for your apprentice

We're improving Find apprenticeship training. What did you think of this service? (opens in a new tab)

  1. Search
  2. Course search results
Apprenticeship training course

Protective security adviser (level 4)

No training providers available for this course yet

We can ask training providers if they can run Protective security adviser (level 4). If a training provider can offer the course, we'll send you their contact details.

You can use this service if you employ apprentices. You'll need to be signed in to your apprenticeship service account.

Ask if training providers can run this course.

Or you can try searching for another course.

Information about Protective security adviser (level 4)

To provide protective security advice incorporating cyber, personnel, physical and technical disciplines with a converged approach.

Knowledge, skills and behaviours
View knowledge, skills and behaviours

Knowledge

  • Crime and security science theories and how they underpin protective security design to provide a layered security approach and why security matters to protect businesses and society: Routine Activity Theory, Rational Choice Theory, Offender Typologies, Crime Mapping, Broken Windows Theory, the security triangle of detection, response and delay, Situational Crime Prevention, Social Crime Prevention, adversary path analysis, Crime Prevention through Environmental Design and Defence in depth based on National Protective Security Authority (NPSA) deter, detect, delay, mitigate, respond principles.
  • The protective security eco-system, the role played by key organisations and how each National Technical Authority (NTAs) contributes to the protective security of business and society: the Register of Security Engineers and Specialists (RSES) and Chartered Security Professionals (CSyP).
  • How the security convergence of the four main disciplines of protective services Cyber, Personnel, Physical and Technical can mitigate vulnerabilities of the siloed approach to security risk management.
  • Importance of a single overview of risk for senior risk owners by employing security convergence as an effective strategy to manage organisational risk.
  • The main features and how to apply significant law to individual organisations: the Occupiers Liability, Health and Safety, Management of Health and Safety at Work Regulations, Fire Safety, Data Protection, the National Security Act, the National Security Investment Act, the Security Services Act, Common Law and Criminal Law, the Digital Online Resilience Act, UK AI Act, Communications Act, Computer Misuse Act, Data Protection Act, General Data Protection Regulation (GDPR), Network and Information Systems Regulations, Privacy and Electronic Communications Regulation.
  • Principles of good governance, governance structure and protective security oversight of cyber, physical, personnel and technical security including two-way communication channels, security risk registers, an accountable board level risk owner and structure for dissemination of information and decisions.
  • The influence of organisational objectives and differing protective security approaches taken in the context of government, Critical National Infrastructure, multi-nationals, academia, start-ups and emerging technology.
  • The requirements of ISO standards and their application in protective security.
  • The challenges faced by individuals from diverse backgrounds, with differing social-economic and societal perceptions, and people with special educational needs and disabilities when interacting with colleagues and stakeholders.
  • Principles of asset identification and classification: physical, information, people assets and anything that enables a business to operate e.g. a process, system, document or person and brand and reputation.
  • The influence of intent and capability on threat actor actions.
  • Information sources and the types of information of potential threats to security: the National Protective Security Authority (NPSA), National Cyber Security Centre (NCSC), UK National Authority for Counter Eavesdropping (UK NACE), National Counter Terrorism Security Office (NaCTSO), MI5, Police, local crime statistics and external stakeholders.
  • Threat Intelligence Cycle and how to use threat assessments to conduct threat analysis based on a range of threat scenarios that organisations would potentially face based on their assets, services provided and locations.
  • Principles of security risk management including how threat, vulnerability and impact determines the risk posed to an organisation, its assets and people and how mitigating threat, vulnerabilities and impact can be supported with protective security.
  • The principles of quantitative, qualitative and semi-qualitative risk assessment methodologies to develop risk statements including threat actors, assets targeted, attack vectors used, and potential impact aligned to organisational assets, threat, vulnerability and impact.
  • The concepts, main functions and benefits of security risk registers for governance, mitigations, risk tolerance and corporate memory and how they support the production of Operational Requirements.
  • Common security standards to mitigate forcible attack vectors including Loss Prevention Standards (LPS) 1673, LPS 1178 Issue 8, NPSA Marauding Terrorist Attack Standard and NPSA Manual Forced Entry Standards (MFES).
  • The main types of postal and courier attack vectors and mitigations and the principles of the PAS 97: 2021 Mail Screening and Security-Specification.
  • The main types of glazing specification, glazing systems vulnerabilities and mitigation against forcible attack and blast.
  • NPSA principles on threats to security posed by vehicles: Vehicle as a Weapon (VAW), Vehicle Borne Improvised Explosive Device (VBIED) and the Layered Vehicle Attack and the potential risk they provide to organisations, businesses and society and how ISO 22343-1: 2023 Vehicle security barriers supports building resilience for security threats with Hostile Vehicle Mitigation strategies.
  • Methodology used by threat actors during marauding terrorist attacks and NPSA recommended measures to minimise the impact of Marauding Terrorist Attack to save lives.
  • Principles of the NPSA Surreptitious Threat Mitigation Process (STaMP) employing NPSA Surreptitious Attack Protective Security Philosophy.
  • Principles of the Cyber Assurance Physical Security Systems (CAPSS).
  • Governmental, Independent and third-party certification of physical security products and standards e.g. NPSA Catalogue of Security Equipment (CSE), Redbook LIVE.
  • How organisations can manage potential insider threat, insider risk and insider events: leadership, governance, pre-employment screening and vetting, ongoing personnel security, employee monitoring and assessment, investigation and disciplinary practices, a security culture with security focused behaviour embedding NPSA's 5 Es, effective and line management, organisational insider threat stakeholder group utilising the NPSA ten steps of insider risk assessment and isomorphic learning.
  • How the threat landscape and societal challenges influence motivations and methods used by insiders and insider event typologies: unauthorised disclosure of sensitive information, process corruption, unauthorised provision of third-party access to organisational assets, financial gain through financial corruption and workplace violence.
  • The integration of personnel, cyber, physical and technical security controls to mitigate insider risk.
  • Principles of hostile reconnaissance and hostile planning stages, and how protective security can be used to disrupt hostile reconnaissance employing the principles of NPSA DENY, DETECT and DETER strategy and the integration of Security Minded Communications, See Check and Notify (SCaN) and Project Servator.
  • The role individuals can play to ensure their personal security and safety when working for an organisation: personal situational awareness, online vigilance, maintain residential security, planning prior to travel, managing own digital footprint, protect sensitive information, follow organisational personal security emergency procedures.
  • The principles of technical security and why and how organisations may be targeted.
  • The required elements of a technical surveillance device.
  • The principles of information egress via spatial, physical and conductive methods used during standoff and close access technical collection operations.
  • How existing protective security may encourage threat actors to employ technical attack vectors.
  • The convergence of physical, personnel and people security to mitigate standoff attacks and close access technical collection operations.
  • The technical security attack vectors: overt access of visitors and contractors, commercial off the shelf 'quick plant' products, human interface devices, mobile telephones, smart devices, long lensing, drones, laser microphones and deep plant devices, 'man-in-the-middle', Telecommunications Electronics Materials Protected from Emanating Spurious Transmissions (TEMPEST) attacks, and lip-reading attack vectors.
  • How to mitigate against technical attacks during 'overt access': quick plant devices, human interface devices, remote access trojans, international mobile subscriber Identification catchers, man-in-the-middle, vulnerabilities created by smart devices, long lensing, lip reading, drones, laser microphones and deep plants.
  • The concept and applicability of Confidentiality, Integrity and Availability (CIA) for cyber security.
  • The main features of malware and how it can be used to access a computer via human and technical factors.
  • The threat vectors used by threat actors and the mitigations that can be applied: phishing, spam, spoofing, click-fraud and botnets and attacks on 'End of Life' software, anti-virus software, sandboxes and code-signing.
  • The principles of how the internet works including Transmission Control Protocol (TCP), Internet Protocol (IP), datagrams, packets, and the principles of wireless Local Access Networks.
  • The methods employed by threat actors to gain data including employing Wi-Fi hotspots, packet sniffing and man-in-the middle attacks.
  • The principles of encryption, cryptography, asymmetric cryptography, encryption keys, secure web browsing, and methods to protect data on the network.
  • The vulnerabilities of short encryption keys, and the Network Intrusion Detection Systems and Host Intruder Detection Systems.
  • The consequences of common network security threats and insider threats on data loss: recreating lost data, purchasing new hardware, purchasing new software, cost of continuing without the available data, the cost involved with informing others of the data loss.
  • How cyber security supports authentication and access to organisational systems including good password practice, salting in collaboration with hashing, use of hardware tokens.
  • Attack vectors used, including hashes and brute force attack.
  • The principles of incident response and incident management.
  • The principles of investigation for security incidents including gathering and grading information to be used in investigations, processing information and making recommendations for decision making.
  • The principles of a Return on Security Investment (ROSI) and cost benefit analysis, its alignment with organisational aims and objectives and impact on security decision making.
  • The concept of organisational resilience and learning and its interdependency with protective security to enable organisational resilience in a changing environment.
  • The principles to promote sustainable working practices in protective security.
  • How glazing systems can impact the carbon footprint of buildings: laminated glass, annealed and float glass, tough and tempered glass, heat strengthened glass, laminated glass sandwich and polycarbonate.
  • The use of reflective practice theories and techniques to inform professional development of an individual and improve approaches to own practice and operational activities.
  • Techniques for managing challenging communications using language and style that reflect the situation and audience.
  • The use of digital technology to support investigations and assist decision making.
  • Problem solving tools and techniques.
  • Principles of influencing techniques to achieve goals and objectives.
  • Methods for reporting, in accordance with organisational procedure.
  • Presentation methods for different audiences using communication skills and strategies to maximise understanding of intended purpose.
  • The role of key stakeholders and how they interact with the protective security adviser in protective security planning.

Skills

  • Utilise crime and security science knowledge and theory in the planning of organisational protective security to address protective security requirements and meet organisational needs.
  • Apply the principles of security convergence to protective security planning.
  • Comply with legislation, local and national policies and practice within limits of own role.
  • Engage and influence the governance process to enable security risk decisions.
  • Interpret organisational needs in the application of protective security.
  • Follow ISO standards within limits of own role with consideration of the implications of non-compliance.
  • Support individuals with differing social-economic and diverse backgrounds who are faced with challenges when interacting with colleagues and stakeholders.
  • Produce asset registers for organisations, applying asset identification and classification principles.
  • Produce 'Threat Analysis' based on an organisation's assets, services and location, applying asset identification and classification principles.
  • Assess vulnerability and impact to the organisation within protective security risk documentation.
  • Produce a security risk assessment.
  • Develop physical security mitigations for forcible attack vectors.
  • Develop physical security mitigations for surreptitious attack vectors.
  • Utilise assured products to mitigate protective security risk.
  • Develop measures to mitigate against organisational insider risk.
  • Develop mitigations against hostile reconnaissance.
  • Apply personal security and safety protocols in the work environment.
  • Develop mitigations, using converged security, to mitigate technical security attack vectors.
  • Develop mitigations for technical security attack vectors.
  • Review identified vulnerabilities that could be exploited by malware in organisational assets to develop mitigations to protect confidentiality, integrity and availability of data.
  • Develop mitigations to prevent data loss within organisations.
  • Utilise organisational cyber security approaches for authentication and access with full consideration of password good practise mitigations and for potential attack vectors.
  • Review Incident Response and Incident Management plans to ensure efficiency contributing to organisational resilience.
  • Review information gathered through investigations to make recommendations for decision making.
  • Make recommendations to senior leadership for protective security.
  • Utilise organisational learning to enhance protective security and resilience.
  • Incorporate sustainable practice when designing security mitigations.
  • Engage in self-reflection, feedback and professional development activities to improve own professional practice.
  • Manage challenging communications using language and style that reflect the situation and audience.
  • Assess information gained through digital technology to inform decisions.
  • Apply logical thinking and problem-solving tools and techniques, identifying issues and proposing solutions to problems.
  • Apply influencing techniques to achieve goals and objectives.
  • Follow organisational reporting protocols.
  • Create and deliver presentations using communication skills and strategies to maximise understanding of intended purpose.
  • Liaise with cross-functional security teams for protective security planning.

Behaviours

  • Committed to supporting a strong security posture.
  • Works independently and takes responsibility working diligently with personal resilience regardless of supervision levels.
  • Effective time management.
  • Embraces Equality, Diversity and Inclusion treating everyone with dignity and respect.
Apprenticeship category (sector)
Protective services
Qualification level
4
Equal to higher national certificate (HNC)
Course duration
21 months
Funding
£9,000
Maximum government funding for
apprenticeship training and assessment costs.
Job titles include
  • Security consultant
  • Security contract manager
  • Security manager
  • Security practitioner
  • Security specialist
  • Senior security supervisor
  • Deputy security adviser
  • Security adviser

View more information about Protective security adviser (level 4) from the Institute for Apprenticeships and Technical Education.