Governance & Regulation | TryHackMe Writeup
Solvenite
Introduction
I am ready to start the room.
No answer needed
Why is it important?
A rule or law enforced by a governing body to ensure compliance and protect against harm is called?
Regulation
Health Insurance Portability and Accountability Act (HIPAA) targets which domain for data protection?
Healthcare
Information Security Frameworks
The step that involves monitoring compliance and adjust the document based on feedback and changes in the threat landscape or regulatory environment is called?
Review and update
A set of specific steps for undertaking a particular task or process is called?
Procedure
Governance Risk and Compliance (GRC)
What is the component in the GRC framework involved in identifying, assessing, and prioritising risks to the organisation?
Risk Management
Is it important to monitor and measure the performance of a developed policy? (yea/nay)
yea
Privacy and Data Protection
What is the maximum fine for Tier 1 users as per GDPR (in terms of percentage)?
4
In terms of PCI DSS, what does CHD stand for?
Cardholder data
NIST Special Publications
Per NIST 800-53, in which control category does the media protection lie?
Physical
Per NIST 800-53, in which control category does the incident response lie?
Administrative
Which phase (name) of NIST 800-53 compliance best practices results in correlating identified assets and permissions?
Map
Information Security Management and Compliance
Which ISO/IEC 27001 component involves selecting and implementing controls to reduce the identified risks to an acceptable level?
Risk treatment
In SOC 2 generic controls, which control shows that the system remains available?
Availability
Conclusion
Click the View Site button at the top of the task to launch the static site in split view. What is the flag after completing the exercise?
THM{SEC********}
Subscribe to my newsletter
Read articles from Solvenite directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by