Governance & Regulation Banner

Governance & Regulation Logo

Governance & Regulation

This guide contains the answer and steps necessary to get to them for the Governance & Regulation room.

Why is it important?
Information Security Frameworks
Governance Risk and Compliance (GRC)
Privacy and Data Protection
NIST Special Publications
Information Security Management and Compliance
Conclusion

Why is it important?

The term used for legal and regulatory frameworks that govern the use and protection of information assets is called?

Click for answer
Regulation
Health Insurance Portability and Accountability Act (HIPAA) targets which domain for data protection?

Click for answer
Healthcare

Information Security Frameworks

The step that involves periodic evaluation of policies and making changes as per stakeholder's input is called?

Click for answer
Review and update
A set of specific steps for undertaking a particular task or process is called?

Click for answer
Procedures

Governance Risk and Compliance (GRC)

What is the component in the GRC framework involved in identifying, assessing, and prioritising risks to the organisation?

Click for answer
Risk Management
Is it important to monitor and measure the performance of a developed policy? (yea/nay)

Click for answer
yea

Privacy and Data Protection

What is the maximum fine for Tier 1 users as per GDPR (in terms of percentage)?

Click for answer
4
In terms of PCI DSS, what does CHD stand for?

Click for answer
Cardholder Data

NIST Special Publications

Per NIST 800-53, in which control category does the media protection lie?

Click for answer
Physical

Per NIST 800-53, in which control category does the incident response lie?

Click for answer
Administrative
Which phase (name) of NIST 800-53 compliance best practices results in correlating identified assets and permissions?

Click for answer
Map

Information Security Management and Compliance

Which ISO/IEC 27001 component involves selecting and implementing controls to reduce the identified risks to an acceptable level?

Click for answer
Risk Treatment
In SOC 2 generic controls, which control shows that the system remains available?

Click for answer
Availability

Conclusion

Click the View Site button at the top of the task to launch the static site in split view. What is the flag after completing the exercise?

Answering these questions shouldn't be too difficult after completing the room.

Click for answer
THM{SECURE_1001}

Table of contents

Why is it important?

The term used for legal and regulatory frameworks that govern the use and protection of information assets is called?

Click for answer
Regulation

Health Insurance Portability and Accountability Act (HIPAA) targets which domain for data protection?

Click for answer
Healthcare

Information Security Frameworks

The step that involves periodic evaluation of policies and making changes as per stakeholder's input is called?

Click for answer
Review and update

A set of specific steps for undertaking a particular task or process is called?

Click for answer
Procedures

Governance Risk and Compliance (GRC)

What is the component in the GRC framework involved in identifying, assessing, and prioritising risks to the organisation?

Click for answer
Risk Management

Is it important to monitor and measure the performance of a developed policy? (yea/nay)

Click for answer
yea

Privacy and Data Protection

What is the maximum fine for Tier 1 users as per GDPR (in terms of percentage)?

Click for answer
4

In terms of PCI DSS, what does CHD stand for?

Click for answer
Cardholder Data

NIST Special Publications

Per NIST 800-53, in which control category does the media protection lie?

Click for answer

Physical

Per NIST 800-53, in which control category does the incident response lie?

Click for answer
Administrative

Which phase (name) of NIST 800-53 compliance best practices results in correlating identified assets and permissions?

Click for answer
Map

Information Security Management and Compliance

Which ISO/IEC 27001 component involves selecting and implementing controls to reduce the identified risks to an acceptable level?

Click for answer
Risk Treatment

In SOC 2 generic controls, which control shows that the system remains available?

Click for answer
Availability

Conclusion

Click the View Site button at the top of the task to launch the static site in split view. What is the flag after completing the exercise?

Answering these questions shouldn't be too difficult after completing the room.

Click for answer
THM{SECURE_1001}