Study materials, free tools, research reports, webinars, and external references, organized for the CRE security practitioner. Filter by what you need.
Annual analysis of attack patterns, incident trends, and control gaps across commercial real estate portfolios. Covers the 312% rise in OT/BAS incidents, ransomware group attribution in CRE, Qilin and LockBit activity, and the top 10 control gaps identified across 240+ buildings assessed in 2025.
The authoritative reference for all 7 exam domains. 300+ pages of CRE-specific content with OT/BAS architecture, physical-cyber convergence, tenant risk, REIT compliance, and 7 real-world case studies. The exam is written from this document.
Condensed exam-focused companion to the CBK. All 7 domains summarized with key concepts, exam tips, and 30 practice questions with full explanations and CBK references. Built for active recall.
Full 80-question practice exam matching the real exam's domain weighting and format. Timed mode (120 min), domain filter, flag for review, instant feedback. Candidates scoring 80%+ have an 87% first-attempt pass rate.
350 digital flashcards covering key terms, framework mappings, and protocol definitions across all 7 domains. Especially useful for BAS protocol characteristics and NIST CSF function definitions. Anki-compatible export included.
Foundation-level study guide for the CRA-RE credential, open to all real estate professionals. Covers the 5 awareness domains: Phishing, Password Hygiene, Physical Security, Incident Reporting, and Building System Awareness. 11 practice questions included.
Structured incident response playbook for commercial real estate, containment decisions that balance OT safety, tenant impact, and evidence preservation. Includes decision trees, communication templates, and a post-incident review checklist.
Practical segmentation guidance for commercial buildings, from basic VLAN separation (Bronze-B) through firewall-enforced zero-trust (Gold-B). Reference network diagrams for Class A office, industrial, and mixed-use properties included.
Editable policy template governing OT/BAS vendor remote access, credential provisioning, session monitoring, MFA requirements, and de-provisioning. Structured to satisfy Bronze-B and Silver-B vendor access management requirements.
120-control checklist covering all four B Series tiers, color-coded by tier. Use it to self-assess your building's current posture before engaging with the formal certification process. Scoring built in.
Detailed analysis of an internet-exposed Apache Guacamole gateway used to pivot from IT into WebCTRL BAS servers and Avigilon surveillance. Covers the attack chain, detection failures, containment decisions, and 14 remediation items. Anonymized from a real 2025 incident.
Analysis of Qilin ransomware group targeting CRE environments, RDP brute force as initial access, lateral movement through flat OT networks, and double extortion against REIT operators. MITRE ATT&CK ICS mapped throughout.
Analysis of vendor account persistence and shared credential exposure across 85 commercial buildings. Covers the "Engineer" account pattern, BACnet default credential exposure, and a framework for vendor access lifecycle management.
Live session covering top attack vectors against BAS systems in Class A office, BACnet exposure, Niagara Framework vulnerabilities, and practical segmentation that doesn't break building operations. Q&A included.
Material incident thresholds, 4-day Form 8-K requirements, annual 10-K disclosures, and what your audit committee needs from the security team. Specifically structured for REIT operators and CRE security leaders.
Recorded walkthrough of the B Series certification process, what the assessment involves, what documentation is required, how to read your gap analysis, and how to structure your remediation roadmap. Includes Q&A with a past certification client.
Essential reading for Domains 1 and 6 of the CCP-CRE exam. Understand all six CSF 2.0 functions (Govern, Identify, Protect, Detect, Respond, Recover) as they apply to CRE organizations. Exam questions directly reference CSF 2.0 tiers and functions.
The ICS ATT&CK matrix covering techniques most relevant to BAS attacks, Initial Access via internet-facing applications, OT lateral movement, Inhibit Response Function tactics. Domain 2 exam questions reference ATT&CK ICS directly.
CISA's ongoing ICS vulnerability advisories, filter for BACnet, Niagara, Tridium, and BAS vendors. Staying current with CISA ICS advisories is part of a mature OT vulnerability management program and is referenced in the Gold-B assessment framework.
Register for the CCP-CRE exam and get immediate access to the CBK, study guide, and practice exam simulator.