Risk Calculations Flashcards
Items to consider in the prioritization of security incident tasks for analyst are?
Configuration Item Business Impact - looks at the business criticality for the affected configuration item
User’s Business Impact - this looks at the business criticality for the affected user
Security Incident Business Impact - Looks as the business criticality field
Security Incident Priority - looks at the priority field
Security Incident Severity - looks at the severity field
The risk score is calculated using weights defined in what?
Risk Score Configuration
What are the six factors used in Risk Score Calculation?
Configuration Item Business Impact - 1 most critical - 2 somewhat critical - 3 Less Critical - 4 Non critical
Security Incident Business Impact - 1 Critical - 2 High - 3 Non Critical
Security Incident Priority - 1 Critical 2 High 3 Moderate 4 Low 5 Planning
Security Incident Severity - 1 High 2 Medium 3 Non critical
Users Business impact - 1 Critical 2 High 3 Non critical
Vulnerable Item Business Impact - 1 critical 2 high 3 non critical
To see or change the Risk Score Calculation Navigate to>
Security Incident > Setup > Risk Score Configuration
ServiceNow added two further stages to the NIST/SANS Security Incident Response process which are?
Review - Post incident analysis, lessons Identified and Learned
Prepare - Priorities for action, drivers for change arising from the review, including implementing preventative measures to prevent a recurrence
What functionality provides tools for automating, tracking, auditing, and simplifying reviews?
Post Incident Review
Once a security incident is resolved and moved to the review states, users in the Request Assessment field is assigned what?
Post Incident Questionnaire (generated by the SecurityReviewGenerator Script Include)
When Post Incident questionnaires are completed, the post incident report is automatically generated and displayed where?
Post Incident Review Tab
When closing a security incident, a PDF is created. what is it called?
Post Incident Report
Post Incident Report provides what valuable data?
Initial Incidents that caused the security Incident
Changes requests, problems, and vulnerabilities created or linked to the security incident
Description of the security incident
Activity logs with all work notes, response tasks, and activities
Optional audit log
Post incident questionnaire optional
actions performed by whom and reasoning for doing them