Security Operations (SECOPS) Fundamentals

Course Duration

2 Days

Audience

Employees of federal, state and local governments; and businesses working with the government.

Prerequisites

ServiceNow Administration Fundamentals (SNAF) or equivalent ServiceNow administration experience is recommended. A background in security operations or IT security is also helpful.

Course Description

This course teaches ServiceNow administrators and security professionals how to configure and administer the ServiceNow Security Operations (SecOps) applications. Students learn to manage security incidents and vulnerabilities, integrate with security tools, and build automated response workflows to accelerate the security operations lifecycle.

Learning Objectives

• Discuss the Current State of Security
• Explain the Security Operations Maturity levels
• Describe Security Incident Response Components and Configuration
• Demonstrate the Baseline Security Incident Response Lifecycle
• Identify Security Incident Response Workflow-Based Responses
• Configure Vulnerability Assessment and Management Response tools
• Explore the ServiceNow Threat Intelligence application
• Employ Threat Sources and Explore Attack Modes and Methods
• Define Observables, Indicators of Compromise (IOC) and IoC Look Ups
• Discuss Security Operations Common Functionality
• Use Security Operations Integrations
• Demonstrate how to view and analyze Security Operations data

Course Outline

• 1.1 Current State of Security and Security Operations Maturity Levels
• 1.2 Introducing ServiceNow Security Operations
• 1.3 Essential Platform and Security Administration Concepts
• Lab 1.3 Security Operations User Administration
• 1.4 Security Operations Common Functionality
• Lab 1.4.1 Security Operations Common Functionality
• Lab 1.4.2 Email Parser
• 2.1 Vulnerability Response Overview
• Lab 2.1 Explore the Vulnerability Response Application
• 2.2 Vulnerability Classification and Assignment
• Lab 2.2 Explore Vulnerable Items and Vulnerability Groups
• 2.3 Vulnerability Management
• Lab 2.3 Vulnerability Groups (for Grouping Vulnerable Items)
• 2.4 Configuration Compliance
• Lab 2.4 Vulnerability Remediation
• 3.1 Security Incident Response Overview
• 3.2 Security Incident Response Components and Configuration
• Lab 3.2 Security Incident Response Configuration
• 3.3 Baseline Security Incident Response Lifecycle
• Lab 3.3 Creating Security Incidents
• 3.4 Security Incident Response Workflow-Based Responses
• 4.1 Threat Intelligence Definition
• 4.2 Threat Intelligence Terminology
• 4.3 Threat Intelligence Toolsets
• Lab 4.3.1 Review and Update an Existing Attack Mode or Method
• Lab 4.3.2 Working with Indicators of Compromise (IOC) Lookups
• Lab 4.3.3 Automated Lookups in Security Incidents
• 4.4 Trusted Security Circles
• 5.1 Work with Security Operations
• Lab 5.1 Navigating Security Operations Integrations