Security Incident Response Implementation

Security Incident Response Implementation

ServiceNow NIC-SNO-SIRI

USD 500.00
excl. VAT

In this interactive course, attendees cover the domain knowledge, common implementation, technical aspects, and various processes needed to effectively manage a Security Incident Response (SIR) implementation.

Participants will learn and practice various tactical skills and strategies that will prepare them to implement SIR. Through lectures, group discussions, and hands-on labs, participants build on existing knowledge and skills by applying implementation best practices.

Course Prerequisites

Prerequisites – Mandatory

  • Welcome to ServiceNow
  • ServiceNow Administration Fundamentals
    • Instructor-Led, or
    • On Demand
  • Security Operations Fundamentals or Security Operations Fundamentals On Demand
  • ServiceNow Platform Implementation or ServiceNow Platform Implementation On Demand

Prerequisites – Optional

  • Automated Test Framework (ATF) Fundamentals
  • Common Service Data Model (CSDM) Fundamentals
  • Configuration Management Database (CMDB) Fundamentals
  • Flow Designer Fundamentals
  • Get Started with Now Create
  • IntegrationHub Fundamentals
  • Mobile Development Fundamentals
  • Service Portal Fundamentals

What you will learn

This course covers the below objectives:

Module 1: Security Incident Response Overview and Data Visualization

  • Identify the goals of Security Incident Response (SIR)
  • Discuss the importance of understanding customers and their goals
  • Discuss how Security Incident Response meets customer expectations
  • Explain the different Security Incident Response Dashboards and Reports available on the ServiceNow platform:
  • Performance Analytics

Module 2: Security Incident Creation and Threat Intelligence

  • Explore How to Create Security Incidents
  • Explore Major Security Incident Management (MSIM)
  • MITRE-ATT&CK Framework

Module 3: Security Incident and Threat Intelligence Integrations

  • Explore Threat Intelligence
  • Explore Data Loss Prevention (DLP)
  • Discuss Malware Information Sharing Platform (MISP)
  • Discuss different integration capabilities
  • Express what are the Three Key Security Incident Response  Integrations: Store & Share, Pre-Built, Custom

Module 4: Security Incident Response Management

  • Use the Security Analyst Workspace
  • Explore Standard Automated Assignment Options and Escalation Paths
  • Apply Security Tags
  • Enhance Process Definitions and Selection

Module 5: Risk Calculations and Post Incident Response

  • Identify Calculators and Risk Scores
  • Discuss Post Incident Reviews

Module 6: Automation and Standard Processes

  • Review Security Incident Response Automation capabilities in ServiceNow: Flows and Workflows, Playbooks (Knowledge Articles and Runbooks) and User Reported Phishing v2

Capstone Project

  • Review project requirements

Additional information

It may take two to three business days for course credentials to be provided. Please also note that a Now Learning account with ServiceNow is mandatory in order to use this course. Account details for this are obtained from the customer after the order has been placed.