Proactively managing risk and security

  • Solutions
  • Cybersecurity and Risk
  • Barbara Kay
  • 2021
October 22, 2021

Managing risk and security: A woman sits on a bench using a laptop at a train station.

As a result of the COVID-19 pandemic, organizations have realized the importance of proactively managing risk and security to build resilience and to emerge from a crisis stronger. These best practices and tools can help you shift your risk management program into high gear.

Staying ahead of cybercriminals

Taking a progressive, visionary approach to risk and security—such as with ServiceNow workflows built on top of the Now Platform®—lets you direct resources where they deliver the greatest impact on your risk and security posture with the greatest efficiency.

For instance, most organizations are working to take advantage of MITRE ATT&CK® to operationalize their threat management and response practices. This framework for adversarial tactics, techniques, and procedures (TTPs) offers deep insights into an attacker’s actions on each attack to help security analysts stay ahead of cyber criminals.

ServiceNow® Security Incident Response includes integrated threat intelligence tools and automated workflows to accelerate this plan. The MITRE ATT&CK knowledge base enables you to prioritize your security investments based on TTPs. After mapping a security incident to a MITRE tactic, security analysts use ServiceNow ATT&CK Navigator to create a roadmap for subsequent steps. A dashboard shows how your security approach fares against attacks.

Integrating security operations into workflows

The University of Southern California (USC), a research university with almost 80,000 people in its customer base, is mandated by the government to protect everything from student and personal information to research data.

When USC assessed its security posture, it found that almost 30% of its IT security efforts were related to phishing. Already using ServiceNow ITSM, USC integrated ServiceNow Security Operations into the Now Platform to improve insight into the university's security posture and processes.

Since the integration, USC has saved at least 40 hours a week, allowing the equivalent of one full-time employee's time each week to be redirected to other investigations.

Leveraging a common data model and platform

Bupa Australia and New Zealand, a global healthcare insurance provider that serves more than 32 million customers across 190 countries, also found great value in adding security operations workflows onto its ServiceNow implementation. When the organization wanted to improve visibility and control of its security practices, it chose the ServiceNow Vulnerability Response and Security Incident Response products.

“We already had a number of ServiceNow modules within our environment, namely ITSM and CMDB,” says Jonathan Milton, Bupa’s head of cybersecurity. “But when you get that integration, that’s where you get that exponential value.”

The value Bupa found was improved ability to protect not only customer data, but also service delivery, enabling its security and IT teams to address the right risks, in the right order.

Boosting operational resilience

Bolstering your security posture is only part of the equation. The other part is strengthening your business resilience as disruptions can impact your brand and reputation. ServiceNow has identified four pillars for achieving resilience:

  • Technology and data

  • Employees and customers

  • Facilities and their safety and compliance

  • Third parties

The Now Platform protects all four pillars.

Fast time to risk management value

When a healthcare organization that operates a dozen hospitals wanted to strengthen its risk management, it partnered with cybersecurity and risk management services organization Edgile. Edgile got ServiceNow Vendor Risk Management and Integrated Risk Management workflows up and running in only 12 weeks. The new solution dramatically improved quality consistency for the healthcare organization.

Learn more about how your organization can proactively manage risk and security in our Risk and Security Workflows Book of Knowledge.

© 2021 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.


  • RPA: group of workers gathered around a conference table looking at a laptop
    AI and Automation
    Forrester report: ServiceNow debuts as a Strong Performer in RPA
    In our very first year of entry, ServiceNow has been named a Strong Performer in The Forrester Wave: Robotic Process Automation, Q1 2023. Find out why.
  • Generative AI capabilities: man in glasses looking intently at open laptop
    Now on Now
    How ServiceNow is using generative AI capabilities across its operations
    Generative AI capabilities can deliver rich experiences and unlock the potential of technology, people, and processes. Find out how we use them at ServiceNow.
  • Vancouver release: Put AI to work with the Now Platform
    Now Platform
    Meet the Now Platform Vancouver release: GenAI, security, and agility
    The Now Platform Vancouver release delivers innovation and GenAI, security, and agility solutions to maximize efficiency, optimize processes, and reduce costs.

Trends & Research

  • RPA: group of workers gathered around a conference table looking at a laptop
    AI and Automation
    Forrester report: ServiceNow debuts as a Strong Performer in RPA
  • #1 in ITSM, AIOps and IT Operations Market Share: Organizations around the world count on ServiceNow in times of change.
    IT Management
    ServiceNow is No. 1 for AIOps, IT operations, and IT service management categories by market share
  • ESG technology: green surrounding a river, woman smiling, 2 government employees in conversation
    Cybersecurity and Risk
    Survey says ESG technology drives results