- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Overview
Keeping your ServiceNow instance secure requires more than checking a few settings after an upgrade. Security Center continues to evolve into a central hub for monitoring your instance, identifying security risks, and helping administrators take action before issues become problems.
This session walks through the latest capabilities available in Security Center v3.3, providing a comprehensive tour of core capabilities and the newest enhancements.
Security Center helps administrators:
- Monitor overall instance security posture
- Track hardening compliance
- Monitor security metrics and threshold alerts
New Risk Acceptance for Hardening
Not every recommended hardening setting can be enabled. Some controls may conflict with busines requirements, integrations or operational processes.
Rather than leaving these items permanently marked as non-compliant, admins can now:
- Review a recommendation
- Document why it cannot be implemented
- Formally accept the associated risk
- Include accepted items in their overall compliance score
This creates a more accurate representation of an organization' security posture while maintaining clear documentation for future reviews and audits.
Access Management Console: Access Findings
Security Center now includes Access Findings, a new interface focused on potential vulnerabilities that were discovered the last time access checks were ran.
The following checks produce findings and are ran every 24 hours:
- Inactive users with assigned roles
- Dormant user accounts
- Access controls on UI Pages
- External users with access to classified data
- Access controls on tables
- Users with direct role assignments (bypassing groups)
- Access controls on client callable script includes
- Empty ACLs
Key Takeaways
- Security Center v3.3 introduces valuable new capabilities for improving instance security.
- The new risk acceptance feature allows organizations to accurately represent acepted business risk within compliance reporting.
- Access Findings simplifies identifying and managing authorization-related risks.
- Keeping Security Center updated ensures access to the latest hardening baselines, security checks, and platform improvements.
Watch Full Session
Want to dive deeper into the topics covered in this recap?
Watch the recording here.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.