Physical Security Flashcards
What are the two primary purposes of a physical security program?
Prevention and Protection
What is the ATWG?
Antiterrorism Working Group
Responsible for assessing requirements for physical security;
recommending and developing policy;
preparing planning documents, and;
conducting criticality, vulnerability, and risk assessments.
What is the ATEC?
Antiterrorism Executive Committee
Develops and refines antiterrorism program guidance, policy, and standards.
Acts upon recommendations of the Antiterrorism Working Group and Threat Working Group.
What is the ISO?
Information System Owner
Responsible for the security of information systems.
Develops contingency plans for the protection of the information systems.
What is the TWG and who is in it?
Threat Working Group. This group is comprised of an: 1) Antiterrorism Officer 2) CI representative 3) Law enforcement representative 4) OPSEC officer 5) Information operations representative 6) Chemical, biological, radiological, nuclear, and high yield explosive representative.
Name 3 of the 6 key individuals associated with a physical security program.
1) Installation Commander/Facility Director
2) Antiterrorism Officer
3) CI Support Personnel
4) Law Enforcement Officials
5) Operations Security (OPSEC) Officer
6) Physical Security Officer
How is Site Design important in creating a physical security program?
Properly designed facilities provide a physical and psychological deterrence to intruders. Poor facility design can also make a facility a possible target for intruders.
List 3 ways you would station Security Forces.
1) Access control points
2) Static observation posts
3) Roving patrols
4) Response forces
5) Security systems monitors
6) Dispatch and control centers
7) Escorts
What is the purpose of an IDS?
To deter, detect, document, and deny or delay intrusion.
List 2 Physical Security Systems.
IDS ACS Closed Circuit TV Screening Equipment 2-Way Radios
How would you determine which type of access control system to install?
Based on risk management: defining the criticality, vulnerability, and the threat to DoD assets.
In a Physical Security Program, what is a CAC an example of?
Access Control
What should you know about your keys?
At a minimum, lock and key control procedures should include a key register to list keys, document their issuance, return, and/or disposition.
Another control measure would be to have a list of personnel who are authorized access to keys and key records.
What are the levels FPCONs?
FPCON NORMAL applies when a general global threat of possible terrorist activity exists and warrants a routine security posture.
FPCON ALPHA applies when there is an increased general threat of possible terrorist activity against personnel or facilities; the nature and extent of which are unpredictable.
FPCON BRAVO indicates an increased or more predictable threat of terrorist activity exists.
FPCON CHARLIE applies when an incident occurs or intelligence is received indicating some form of terrorist action or terrorist targeting against U.S. personnel or DoD assets is likely.
FPCON DELTA applies in the immediate area where a terrorist attack has occurred or when intelligence has been received that terrorist action against a specific location or person is imminent.
What is the purpose of a security inspection?
Verify policy compliance, promote cost effective security, serve as an opportunity for security education, establish and/or enhance good working relationships, identify existing or potential program weaknesses, and promote quality performance of security functions.
What are the 2 types of inspection?
1) Compliance
2) Self-Inspection
Supplemental protection is not required for Secret information that is stored by defense contractors in a closed area.
False.
If Top Secret information is stored in a vault or secure room, the alarm response time must be within ______ minutes if the area is covered by security-in-depth.
15
What labels should you find on a GSA approved container?
GSA-approved label, test certification label, cabinet identification label, number label, and warning label.
Who is defines the security requirements for a SCIF? Who accredits them?
Security requirements for SCIFs are established by the Director of National Intelligence (DNI). However, the Defense Intelligence Agency (DIA) is responsible for their accreditation.
What’s the difference between SRC I and SRC IV
SRC I is the highest risk category. SCR IV is the lowest.
What does DoDM 5100.76, Physical Security of Sensitive Conventional Arms, Ammunition, and Explosives, state about AA&E?
It must be categorized, consolidated and demilitarized/disposed of.
How long must an AA&E storage facility be resistant to forced entry
10 minutes.
Approved exceptions to construction standard policy must be reviewed every ___ years?
3
This lighting method is intended to display a silhouette of any person passing between the light source and the building or to show the contrast of a person inside the building.
Surface Lighting
What are the 3 components of a Lock?
The locking device (the bolt), the switching device (keys or combos), and the operating mechanism (the cylinder).
Who analyzes threats to assets and their vulnerabilities?
OPSEC officer
Who is responsible for the safety of people and property under their command?
Installation Commander/ Facility Director
Who is charged with the management, implementation, and direction of all physical security programs?
Physical Security Officer
Who is responsible for mitigating risks against Defense Critical Infrastructure assets that support the mission of an installation or facility?
The Defense Critical Infrastructure Program (DCIP) Officer
What tools does DoD use against terrorist attack?
DoD Terrorist Threat Levels and Force Protection Conditions (FPCONs)
Relate Terrorist Threat Levels and Force Protection Conditions (FPCONs).
Threat level assessments, which are based on Terrorist Threat Levels, are provided to senior leaders to assist them in determining the appropriate local FPCONs.
What is Security in Depth? What’s an Enclave?
Layered, and complimentary. In some cases, security-in-depth can be obtained by designating islands of extreme or high security within a sea of moderate security. This is known as enclaving.
Rapidly flowing rivers are considered active barriers.
False.
What should you consider when selecting and IDS?
Asset criticality, environment, location, perceived threat.
What are the operational phases of an IDS?
The operational phases of an IDS are detection, reporting, dispatch, and response and assessment.
What are the three types of IDS monitoring?
They are local, proprietary, and central station monitoring.
