Learn about framing, assessing, responding, and monitoring risk.
THM Room : https://tryhackme.com/room/seriskmanagement
TASK 1 Introduction
You decide to carry an extra laptop; if your main laptop fails, the second laptop will be ready. What would you call this response to risk?
Answer : risk reduction
You think your laptop has never failed before, and the chances of failing now are too slim. You decide not to take any extra actions. What do you call this response to risk?
Answer : risk acceptance
TASK 2 Basic Terminology
What do you call the potential for a loss or an incident that may harm the confidentiality, integrity or availability of an organisation’s information assets?
“Risk: the probability of a threat source exploiting an existing vulnerability and resulting in adverse business effects.”
Answer : risk
What do you call a weakness an attacker could exploit to gain unauthorised access to a system or data?
“Vulnerability: a software, hardware, or network weakness that cybercriminals can exploit to gain unauthorised access or compromise a system.”
Answer : vulnerability
What do you consider a business laptop?
“Asset: a valuable resource or component (tangible or intangible) that an organisation relies upon to achieve its objectives.”
Answer : asset
Ransomware has become a lucrative business. From the perspective of legal business, how do you classify ransomware groups?
“Threat: an intentional or accidental event that can compromise the security of an information system. Examples include hacking, phishing attacks, human error, and natural disasters.”
Answer : threat
TASK 3 Risk Assessment Methodologies
What is the name of the risk assessment methodology developed by NIST?
Answer : NIST SP 800-30
TASK 4 Frame Risk
Make sure you have read the above.
No Answer.
TASK 5 Assess Risk
Make sure you have read the above.
No Answer.
TASK 6 Risk Analysis
Ensure you have noted the mathematical formulas and the acronyms presented here, as they will be necessary to conduct quantitative risk analysis in later tasks.
No Answer.
TASK 7 Respond to Risk
Click on View Site. Decide whether each of the suggested safeguards (controls) is justified. Follow the instructions to retrieve the flag.
Answer : THM{Excellent_Risk_Management}
TASK 8 Monitor Risk
You want to confirm whether the new policy enforcing laptop disk encryption is helping mitigate data breach risk. What is it that you are monitoring in this case?
Answer : Effectiveness
You are keeping an eye on new regulations and laws. What is it that you are monitoring?
Answer : Compliance
TASK 9 Supply Chain Risk Management
Make sure that you have read the above.
No Answer.
Click on View Site and follow the instructions to retrieve the flag. Remember that your decision should be based on the value of the safeguard to the organisation, which is calculated as follows:
Flag
Answer : THM{OFFICE_RISK_MANAGED}