Security Incident Response Implementation

Security Incident Response Implementation


USD 500.00
excl. VAT

In this interactive course, attendees cover the domain knowledge, common implementation, technical aspects, and various processes needed to effectively manage a Security Incident Response (SIR) implementation.

Participants will learn and practice various tactical skills and strategies that will prepare them to implement SIR. Through lectures, group discussions, and hands-on labs, participants build on existing knowledge and skills by applying implementation best practices.

Course Prerequisites

Prerequisites – Mandatory

  • Welcome to ServiceNow
  • ServiceNow Administration Fundamentals
    • Instructor-Led, or
    • On Demand
  • Security Operations Fundamentals or Security Operations Fundamentals On Demand
  • ServiceNow Platform Implementation or ServiceNow Platform Implementation On Demand

Prerequisites – Optional

  • Automated Test Framework (ATF) Fundamentals
  • Common Service Data Model (CSDM) Fundamentals
  • Configuration Management Database (CMDB) Fundamentals
  • Flow Designer Fundamentals
  • Get Started with Now Create
  • IntegrationHub Fundamentals
  • Mobile Development Fundamentals
  • Service Portal Fundamentals

What you will learn

This course covers the below objectives:

Module 1: Security Incident Response Overview and Data Visualization

  • Identify the goals of Security Incident Response (SIR)
  • Discuss the importance of understanding customers and their goals
  • Discuss how Security Incident Response meets customer expectations
  • Explain the different Security Incident Response Dashboards and Reports available on the ServiceNow platform:
  • Performance Analytics

Module 2: Security Incident Creation and Threat Intelligence

  • Explore How to Create Security Incidents
  • Explore Major Security Incident Management (MSIM)
  • MITRE-ATT&CK Framework

Module 3: Security Incident and Threat Intelligence Integrations

  • Explore Threat Intelligence
  • Explore Data Loss Prevention (DLP)
  • Discuss Malware Information Sharing Platform (MISP)
  • Discuss different integration capabilities
  • Express what are the Three Key Security Incident Response  Integrations: Store & Share, Pre-Built, Custom

Module 4: Security Incident Response Management

  • Use the Security Analyst Workspace
  • Explore Standard Automated Assignment Options and Escalation Paths
  • Apply Security Tags
  • Enhance Process Definitions and Selection

Module 5: Risk Calculations and Post Incident Response

  • Identify Calculators and Risk Scores
  • Discuss Post Incident Reviews

Module 6: Automation and Standard Processes

  • Review Security Incident Response Automation capabilities in ServiceNow: Flows and Workflows, Playbooks (Knowledge Articles and Runbooks) and User Reported Phishing v2

Capstone Project

  • Review project requirements

Additional information

It may take two to three business days for course credentials to be provided. Please also note that a Now Learning account with ServiceNow is mandatory in order to use this course. Account details for this are obtained from the customer after the order has been placed.
Write Your Own Review

Only registered users can write reviews. Please Sign in or create an account