Security Incident Response Implementation
- Offered byServiceNow
Security Incident Response Implementation at ServiceNow Overview
Duration | 13 hours |
Mode of learning | Online |
Schedule type | Self paced |
Difficulty level | Intermediate |
Credential | Certificate |
Security Incident Response Implementation at ServiceNow Course details
- Identify the goals of Security Incident Response (SIR)
- Discuss the importance of understanding customers and their goals
- Discuss how Security Incident Response meets customer expectations
- Explore How to Create Security Incidents
- Explore Major Security Incident Management (MSIM)
- Explore Threat Intelligence
- Explore Data Loss Prevention (DLP)
- Discuss Malware Information Sharing Platform (MISP)
- Use the Security Analyst Workspace
- Explore Standard Automated Assignment Options and Escalation Paths
- In this interactive course, attendees cover the domain knowledge, common implementation, technical aspects, and various processes needed to effectively manage a Security Incident Response (SIR) implementation
- Participants will learn and practice various tactical skills and strategies that will prepare them to implement SIR
- Through lectures, group discussions, and hands-on labs, participants build on existing knowledge and skills by applying implementation best practices
Security Incident Response Implementation at ServiceNow Curriculum
Introduction
Introduction to Security Incident Response Implementation
Module1: Security Incident Response Overview and Data Visualization
Introducing Security Incident Response
Security Incident Response Maturity Matrix
Security Incident Lifecycle
Lab 1.1 Initial Application Setup
Lab 1.1 Initial Application Setup - Recap
Data Visualization
Understanding the Customer's Goals and Meeting Customer Expectations
Security Incident Personas and Roles
SIRI Knowledge Check Module 1 (Tokyo)
Module 1: Key Takeaways
Module 2: Security Incident Creation and Threat Intelligence
Explore How to Create Security Incidents
How to Create Security Incidents using the Service Catalog
How to Create Security Incidents via Email Parsing
Lab 2.1 Manual Creation of Security Incidents
Major Security Incident Response
Lab 2.2 Major Security Incident Response
Understanding Threat Intelligence
MITRE-ATT&CK Framework
Lab 2.4 Build Smarter Security with MITRE ATT&CK
SIRI Knowledge Check Module 2 (Tokyo)
Module 2: Key Takeways
Module 3: Security Incident and Threat Intelligence Integrations
Integrations - Questions to Ask
ServiceNow Store and Share
Lab 3.1 ServiceNow Store and Share
Managing Pre-Built Integrations
Capability Framework Gold Standard
Microsoft Defender - Endpoint Management
Data Loss Prevention
Malware Information Sharing Platform
Creating a Custom Integration
Lab 3.3 Custom Security Incident Integration
SIRI Knowledge Check Module 3 (Tokyo)
Module 3: Key Takeaways
Module 4: Security Incident Response Management
Analyst Workspace
Standard Automated Assignment Options and Escalation Paths
Major Security Incident Management
Security Tags
Lab 4.3 Configuring Security Tags
Process Definitions and Selection & Lab 4.4 Security Incident Process Selection
SIRI Knowledge Check Module 4 (Tokyo)
Module 4: Key Takeaways
Module 5: Risk Calculations and Post Incident Response
Security Incident Calculator Groups and Risks Scores
Post Incident Reviews & Lab 5.2 Post Incident Reviews
SIRI Knowledge Check Module 5 (Tokyo)
Module 4: Key Takeaways
Module 6: Automation and Standard Processes
Automate Security Incident Response Overview
Security Incident Automation using Flows and Workflows
Playbook Automation (Knowledge Articles and Runbooks)
Use Case: User Reported Phishing v2
SIRI Knowledge Check Module 6 (Tokyo)
Module 6: Key Takeaways
Take Home Capstone Project
Summary and Conclusion
Certified Implementation Specialist – Security Incident Response Voucher Info
Other courses offered by ServiceNow
Student Forum
Anything you would want to ask experts?