Security Incident Response Implementation

In this interactive course, attendees cover the domain knowledge, common implementation, technical aspects, and various processes needed to effectively manage a Security Incident Response (SIR) implementation.

Participants will learn and practice various tactical skills and strategies that will prepare them to implement SIR. Through lectures, group discussions, and hands-on labs, participants build on existing knowledge and skills by applying implementation best practices.

Prerequisites – Mandatory

• Welcome to ServiceNow
• ServiceNow Administration Fundamentals
  • Instructor-Led, or
  • On Demand
• Security Operations Fundamentals or Security Operations Fundamentals On Demand
• ServiceNow Platform Implementation or ServiceNow Platform Implementation On Demand

Prerequisites – Optional

• Automated Test Framework (ATF) Fundamentals
• Common Service Data Model (CSDM) Fundamentals
• Configuration Management Database (CMDB) Fundamentals
• Flow Designer Fundamentals
• Get Started with Now Create
• IntegrationHub Fundamentals
• Mobile Development Fundamentals
• Service Portal Fundamentals

This course covers the below objectives:

Module 1: Security Incident Response Overview and Data Visualization

• Identify the goals of Security Incident Response (SIR)
• Discuss the importance of understanding customers and their goals
• Discuss how Security Incident Response meets customer expectations
• Explain the different Security Incident Response Dashboards and Reports available on the ServiceNow platform:
• Performance Analytics

Module 2: Security Incident Creation and Threat Intelligence

• Explore How to Create Security Incidents
• Explore Major Security Incident Management (MSIM)
• MITRE-ATT&CK Framework

Module 3: Security Incident and Threat Intelligence Integrations

• Explore Threat Intelligence
• Explore Data Loss Prevention (DLP)
• Discuss Malware Information Sharing Platform (MISP)
• Discuss different integration capabilities
• Express what are the Three Key Security Incident Response  Integrations: Store & Share, Pre-Built, Custom

Module 4: Security Incident Response Management

• Use the Security Analyst Workspace
• Explore Standard Automated Assignment Options and Escalation Paths
• Apply Security Tags
• Enhance Process Definitions and Selection

Module 5: Risk Calculations and Post Incident Response

• Identify Calculators and Risk Scores
• Discuss Post Incident Reviews

Module 6: Automation and Standard Processes

• Review Security Incident Response Automation capabilities in ServiceNow: Flows and Workflows, Playbooks (Knowledge Articles and Runbooks) and User Reported Phishing v2

Capstone Project

• Review project requirements

It may take two to three business days for course credentials to be provided. Please also note that a Now Learning account with ServiceNow is mandatory in order to use this course. Account details for this are obtained from the customer after the order has been placed.