The correct answer is B. The legal, statutory, and regulatory impacts of capturing this type of data or information.

In the ASIS PSP Body of Knowledge, video surveillance is specifically included under electronic security systems. The PSP Body of Knowledge also identifies legal and regulatory considerations for security applications, including video surveillance, privacy issues, personally identifiable information, and life safety.

Video surveillance captures images of people, activities, movements, and sometimes sensitive operational details. Before deploying cameras, the security professional must evaluate whether recording is legally permitted, what notices are required, where cameras may or may not be placed, how long recordings may be retained, who may access the footage, and whether privacy or labor rules apply.

Option A is important because recorded video must be protected from unauthorized access, but storage security comes after determining whether the organization is legally permitted to capture and retain the footage. Option D is also relevant, especially in workplaces, but employee privacy expectations are part of the broader legal and regulatory evaluation. Option C is a business benefit, not the primary security or compliance concern.

Therefore, the most important factor to evaluate when considering video surveillance is B.

The correct answer is C. Equipment performance testing.

In PSP physical security implementation, testing is used to verify that installed security equipment and systems actually perform according to required functional and performance objectives. The ASIS PSP Body of Knowledge includes functional requirements, performance requirements, success metrics, commissioning, and final acceptance testing as part of physical security system design and implementation.

Equipment performance testing is the specific type of testing used to determine whether equipment or a system is functional, has adequate sensitivity, and meets its design and performance objectives. This matches the wording of the question directly. Physical security testing guidance also describes security system performance testing as determining whether security equipment is functional, has adequate sensitivity, and meets design and performance objectives under operating conditions.

The other options are not the best answer:

A. Factory acceptance testing is normally conducted before delivery or installation to verify equipment at the factory or vendor stage.

B. Reliability performance testing focuses more on dependability, availability, or continued operation over time.

D. Site acceptance testing verifies the installed system at the actual site, but the wording about functionality, sensitivity, and design/performance objectives specifically describes equipment performance testing.

Therefore, the correct answer is C. Equipment performance testing.

Infrared beam sensors are typically used to detect movement across open areas and are line-of-sight devices. They are not well-suited for enclosed or small, solid objects like safes. They can be easily bypassed or may not be triggered when tampering with a safe that doesn’t break the beam.

A, B, and D are more effective around physical objects:

Capacitance can detect touch or presence.

Microwave can detect motion or disturbance.

Fiber optic cable can detect physical interaction or tampering.

Ethernet was developed in the early 1970s by Robert Metcalfe and his team at Xerox Corporation’s Palo Alto Research Center (PARC). It became the foundational technology for local area networks (LANs) and remains widely used in networking today.

IBM (B) developed other networking technologies but not Ethernet.

Microsoft (C) is a software company and did not develop Ethernet.

Self-assumption of risk means the organization accepts the financial responsibility for certain risks without transferring them to an insurer. This may involve setting aside internal reserves or using other contingency planning methods to absorb potential losses.

References from PSP: ASIS POA – Risk Financing Techniques; PSP Guide – Self-Insured Risk Models

Crisis management plans are primarily concerned with:

Crisis management team structure (A)

Disaster operations and coordination (B)

Media communication strategies (C)

While vital records (D) are important to business continuity planning, they are not a core function of crisis management, which focuses more on command, communication, and high-level decision-making during emergencies.

Effective risk mitigation requires proportional countermeasures. As threats become more advanced or sophisticated, security measures must also be upgraded accordingly. If not, the residual risk must be transferred, avoided, or accepted.

A and B are incorrect because they imply static or uniform responses to dynamic threats.

C is overly narrow; system performance depends on multiple factors, not just departmental capability.

The four main types of invasion of privacy recognized under civil law are:

Misappropriation of name or likeness for commercial use (A)

False light (B) — misrepresenting someone publicly

Intrusion upon seclusion (D) — unauthorized intrusion into someone’s private space or affairs

Public disclosure of private facts — not “private disclosure of public facts” as stated in option C

Option C is incorrect because “private disclosure of public facts” is not a valid tort; it reverses the recognized tort, which is “public disclosure of private facts.”

Best practices for data backup recommend redundancy and geographical separation to ensure recovery in various disaster scenarios. Ideally, four sets of backup files should be maintained:

One on-site for quick access and recovery,

Three off-site (including possibly in different physical locations or cloud storage) for protection against local disasters like fire or floods.

X.25 is a standard protocol suite developed by the Consultative Committee for International Telephone and Telegraph (CCITT), now known as ITU-T. It is one of the earliest protocols used for WAN communications, enabling reliable data transfer across public networks using packet switching.

XA.10 (B), CXA 1.23 (C), and X.20 (D) are not recognized standards for WAN protocols.