Which category of physical security activities is primarily concerned with managing incidents and restoring normalcy?

The category of physical security activities that focuses on managing incidents and restoring normalcy is response and recovery. This involves implementing plans and actions once an incident has occurred, which includes assessing the damage, coordinating responses, managing communication among various stakeholders, and taking steps to recover from the incident. The goal of response and recovery activities is to minimize disruption and restore services to normal operation as quickly as possible.

This category is critical because effective response can greatly reduce the impact of security incidents, whether they are due to natural disasters, human error, or malicious attacks. It encompasses not just immediate actions taken during an incident, but also long-term strategies for recovery and lessons learned to prevent future occurrences.

The other categories, while important to the overall physical security framework, do not directly focus on the incident management aspect. Obstacles and prevention are more about thwarting potential incidents before they happen. Surveillance and notification involve monitoring and alerting for potential threats, whereas security training equips personnel with the knowledge to handle incidents but does not directly manage the incident response or recovery process.