UUSE CSE CAASE GUSE GUIIDDEE When an incident is discovered, Security Incident Response can use automation to prioritize the incident using a risk score calculator and orchestration for quick enrichment with threat intelligence. Then Prepare your security analyst The next phase helps you proactively reduce the risk of an attack. Harden your can follow the attack surface by reducing weaknesses due to vulnerabilities or misconfigurations. Use ServiceNow Vulnerability Response to prioritize vulnerabilities using severity, correct playbook to business criticality from your CMDB, and exploitability. Assign remediation tasks to review and select IT owners automatically using machine learning and use orchestration to apply response options patches efficiently. Use MITRE ATT&CK to find vulnerabilities related to ransomware or other high-profile to take quick attacks. Don’t forget application vulnerabilities and weaknesses found through action to contain penetration testing. or remediate the You’ll also need strong security controls and policies. With Continuous Monitoring, you can harvest key risk indicators from vulnerabilities to track additional business risk, ransomware attack. whether due to a critical vulnerability or a missed remediation target. Vendors should also be assessed, as they may have sensitive information or privileged access to your systems. Collect vendor assessments via a self-service portal to ensure vendors are compliant with ServiceNow Vendor Risk Management. Assessments are scored automatically based on a weighted scoring framework backed by a configurable scoring methodology and risk engine. You can associate issues to risks, controls, and risk ratings at a questionnaire and assessment level to track vendor risk alongside internal risks. Respond Reducing your attack surface consequently reduces your risk of attack, but you must be prepared to respond to anything that makes it through your defenses. Security playbooks allow you to build a response plan. When an incident is discovered, Security Incident Response can use automation to prioritize the incident using a risk score calculator and orchestration for quick enrichment with threat intelligence. Then your security analyst can follow the correct playbook to review and select response options to take quick action to contain or remediate the ransomware attack. They can also use the MITRE ATT&CK Navigator to understand tactics and techniques related to ransomware to help with with aligning the appropriate response to each threat as well as defense. In parallel, activate the business continuity and disaster recovery plans you created in the anticipate phase. Whether you need to implement emergency changes with IT using IT Service Management or restart operations with IT Operations Management, working from a single platform lets you centrally manage your recovery efforts. ServiceNow also handles communication to business stakeholders to ensure all necessary parties stay informed, whether it’s through Slack, Microsoft Teams, text messages, email, or mobile apps. 1818