Risk Calculations Flashcards

1
Q

Items to consider in the prioritization of security incident tasks for analyst are?

A

Configuration Item Business Impact - looks at the business criticality for the affected configuration item

User’s Business Impact - this looks at the business criticality for the affected user

Security Incident Business Impact - Looks as the business criticality field

Security Incident Priority - looks at the priority field

Security Incident Severity - looks at the severity field

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The risk score is calculated using weights defined in what?

A

Risk Score Configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the six factors used in Risk Score Calculation?

A

Configuration Item Business Impact - 1 most critical - 2 somewhat critical - 3 Less Critical - 4 Non critical

Security Incident Business Impact - 1 Critical - 2 High - 3 Non Critical

Security Incident Priority - 1 Critical 2 High 3 Moderate 4 Low 5 Planning

Security Incident Severity - 1 High 2 Medium 3 Non critical

Users Business impact - 1 Critical 2 High 3 Non critical

Vulnerable Item Business Impact - 1 critical 2 high 3 non critical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

To see or change the Risk Score Calculation Navigate to>

A

Security Incident > Setup > Risk Score Configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

ServiceNow added two further stages to the NIST/SANS Security Incident Response process which are?

A

Review - Post incident analysis, lessons Identified and Learned

Prepare - Priorities for action, drivers for change arising from the review, including implementing preventative measures to prevent a recurrence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What functionality provides tools for automating, tracking, auditing, and simplifying reviews?

A

Post Incident Review

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Once a security incident is resolved and moved to the review states, users in the Request Assessment field is assigned what?

A

Post Incident Questionnaire (generated by the SecurityReviewGenerator Script Include)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

When Post Incident questionnaires are completed, the post incident report is automatically generated and displayed where?

A

Post Incident Review Tab

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When closing a security incident, a PDF is created. what is it called?

A

Post Incident Report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Post Incident Report provides what valuable data?

A

Initial Incidents that caused the security Incident

Changes requests, problems, and vulnerabilities created or linked to the security incident

Description of the security incident

Activity logs with all work notes, response tasks, and activities

Optional audit log

Post incident questionnaire optional

actions performed by whom and reasoning for doing them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly