Governance & Regulation

• The term used for legal and regulatory frameworks that govern the use and protection of information assets is called?

Regulation

• Health Insurance Portability and Accountability Act (HIPAA) targets which domain for data protection?

Healthcare

• The step that involves periodic evaluation of policies and making changes as per stakeholder's input is called?

Review and update

• A set of specific steps for undertaking a particular task or process is called?

Procedure

• What is the component in the GRC framework involved in identifying, assessing, and prioritising risks to the organisation?

Risk Management

• Is it important to monitor and measure the performance of a developed policy?  (yea/nay)

yea

• What is the maximum fine for Tier 1 users as per GDPR (in terms of percentage)?

4

• In terms of PCI DSS, what does CHD stand for?

cardholder data

• Per NIST 800-53, in which control category does the media protection lie?

Physical

• Per NIST 800-53, in which control category does the incident response lie?

Administrative

• Which phase (name) of NIST 800-53 compliance best practices results in correlating identified assets and permissions?

Map

• Which ISO/IEC 27001 component involves selecting and implementing controls to reduce the identified risks to an acceptable level?

Risk treatment

• In SOC 2 generic controls, which control shows that the system remains available?

Availability

• Click the View Site button at the top of the task to launch the static site in split view. What is the flag after completing the exercise?

THM{SECURE_1001}