- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 09-08-2020 05:03 PM
The Governance, Risk, and Compliance applications
- Risk Management–Detect, and assess the likelihood as well as business impact of an event based on data aggregated across your extended enterprise, and respond to critical changes in risk posture.
- Policy and Compliance Management–Automate best practice lifecycles, unify compliance processes, and provide assurances around their effectiveness.
- Audit Management–Scope and prioritize audit engagements using risk data and profile information to eliminate recurring audit findings, enhance audit assurance, and optimize resources around internal audits.
- Vendor Risk Management–Institute a standardized and transparent process to manage the lifecycle for risks assessments, due diligence, and risk response with business partners and vendors.
The GRC solution can be configured for many scopes, at any level. Yet, keep in mind that SecOps is IT focussed, while GRC is at its best when focussing at the highest Corporate level.
This link gives a very good description of relation between GRC and Security Ops.
Although there can be many relations and applications between GRC and Security ops, the following is one take:
Any SecOps incidents are very confidential by nature. The tracking of those in GRC could allow you to let your Risk and Compliance managers to be aware of sensitive events, without granting access to them to specific confidential details.
Security Operations in a nutshell
The Security Operations ecosystem can be configured in any number of ways, depending on the needs of your company and the Security Operations products you license.
- The first step is to use the ServiceNow Discovery application to find applications and devices on your network, and then update the ServiceNow Configuration Management Database (CMDB).
- Integrate your existing Security Information and Event Manager (SIEM) tools with Security Operations applications to import threat data (via APIs or email alerts), and automatically create prioritized security incidents.
- Use workflows and the Vulnerability Response application to instantly prioritize events, security incidents and vulnerabiliies.
- Enrich data using the Threat Intelligence application, as well as other machine learning or artificial intelligence operations capabilities.
- Use Risk Management and other Governance, Risk, and Compliance applications to identify, assess, respond to, and continuously monitor Enterprise and IT risks that may negatively impact business operations.
- Workflows built into all Security Operations applications take the guesswork and the busywork out of remediation.
- Instantly see detailed information about your security posture using dashboards.
At the heart of the Security Operations ecosystem is the Security Incident Response (SIR) application. Security Incident Response simplifies the process of identifying critical incidents by applying powerful workflow and automation tools that speed up remediation. Integrate your existing Security Information and Event Manager (SIEM) tools with Security Operations applications to import threat data (via APIs or email alerts), and automatically create prioritized security incidents.
- From the Security Incident form
- From events that are spawned internally, or created by external monitoring or vulnerability tracking systems via alert rules, or manually
- From external monitoring or tracking systems
- From the service catalog
Depending on the selected view, you are using (default, Non-IT Security, Security ITIL, and so on), the Security Incident form can show any combination of vulnerabilities, incidents, changes, problems, tasks on the affected CI and affected CI groups. The system can identify malware, viruses, and other areas of vulnerability by cross-referencing the National Institute of Standards and Technology (NIST) database, or other third-party detection software. As security incidents are resolved, you can use any incident to create a security knowledge base article for future reference.
Perform further analysis using a business service map to locate other affected systems or business services that can be infected.
- Review
- Conduct a meeting to discuss the incident and gather responses.
- Write and distribute to those teams who worked on an incident a list of resolution review questions designed for each category or priority of incident.
- Incident managers can write the report and gather information on their own.
- 3,960 Views
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
I like the entire SIM process. Well-done.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Great article, I was trying to explore the security operations and reviewing the Product documentation. This article has given me an overall summary.
Thank you!
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
great help