Leveraging the Cybersecurity Executive Dashboard

Eliz Skogquist · ‎11-18-2024

Andy Ojha, Principal Outbound Product Manager/SecOps, Elizabeth Skogquist, Sr. Product Success Manager/SecOps, and Vinod Laxmeshwar, Sr, Product Success Manager/Risk, highlight the new Cybersecurity Executive Dashboard. This dashboard combines the information across Security Operations and Integrated Risk Management in one experience for Senior Leadership. This solution provides a consolidated view of all security and risk metrics allowing executives to drive decisions based on the organization's cybersecurity and risk posture. During this session we will provide a content review, with insights on how to get this dashboard benefitting your organization. During the webinar, we will also offer live Q&A with our Product Management teams.

Learn more about how the Cybersecurity Executive Dashboard presents Vulnerability Response (IVR, AVR, CVR, CC, OT), Security Incident Response, Major Security Incident Response, Integration Risk Management, Third-party Risk Management, Operational Resilience and Privacy Management information in a unified view.

Agenda:

Why?
What? (including Demo)
Access
Configurations
Comparison against other Dashboards

The webinar recording can be viewed here (suggestion to download the attached pdf of the slides, for clearer viewing):

Supporting Resource Links:

ServiceNow Documentation

ServiceNow Support

KB0596715 ServiceNow|Benchmarks

ServiceNow Community

About ServiceNow Benchmarks

Questions & Answers:

Question	Answer
How does the roll-up to Business Critical Services happen? Along the CMDB / CSDM structure? Or along the Entity structure in IRM?	That will be along the CMDB if its defined
Where does the Employee Readiness come from, will that require integration to a phishing training platform?	Yes. We have out of the box integrations with KnowBe4 and Microsoft Defender for O365.
Does the dashboard need to be enabled before it can be searched?	The dashboard requires ‘Cybersecurity Executive Dashboard’ plugin to be installed and the user must have CISO user/CISO admin/Sys admin role. Developed with UI Builder, is does not surface when searching in Dashboards, you need to access via the module in the Classic UI, or make it accessible via your company portal.
Does is require a separate license?	If you have Pro and Enterprise license for SecOps(VR or SIR) or IRM, you can activate this plugin to leverage the dashboard.
Basically how long does a typical setup and implementation take customers?	The dashboard being presented is completely out of the box and can be easily turned on. If your organization needs configuration and customization, the setup will depend on the amount of that work. With the supporting applications configured with PA and workspaces, the data will be at the ready for use in Cybersecurity Executive Dashboard.
How it is different from existing CISO dashboard?	This has all the data from IRM and Security collated
Can we add this cybersecurity executive dashboard as a default dashboard in the dashboard section in risk workspace ?	Risk specific dashboard is already available in Workspace. CSE Dashboard in entirety is not in any specific workspace as it contains data from multiple products and is targeted for executives that require organization view.
Am I right in thinking that enabling this plugin will not cause any performance issues on the platform? This dashboard is a way of presenting the data from the applications and PA jobs that are currently already running?	That is correct.
Are there plans to turn this dashboard into a workspace at some stage in the future?	This is targeted for Cybersecurity Executives and has data from multiple products. Any specific Workspace are you expecting to see the dashboard in?
Is there benchmark information on the Security training tab?	Benchmarks are not available for Security Trainings yet.
Is there the ability to show comparison intervals above? So we could show 2023 vulnerability levels vs current in 2024 for example?	The trend charts should help get this information.
We had problems with the job which was rolling up the services impacted by vulnerabilities. Does this dashboard use the same PA jobs which are currently in use with the existing CISO dashboard?	Yes. It is using the same PA jobs for the Vulnerabilities roll-up. The job may have to be optimized for your environment to ensure it runs without failures.
If we do not have a specific role then that specific report may not be visible right ?	Yes. That’s right roles are required for viewing the dashboard, and the widgets used on the dashboard.
What does scan coverage mean? ours is low at ~2%	Scan coverage is the percentage of CIs scanned out of all CIs in CMDB. The CI classes to be considered for scan coverage can be configured. Each widget has an info icon which can be used to get details of the metric.
Is there a best practice highlighting who should be configuring these dashboards and workspaces? We have dedicated teams working on the VR module and supporting the platform. I see issues that the people who know what they want on the dashboard may not have access needed. Are there specific roles which can be applied to analysts to allow them to create/edit these dashboards?	We will cover the roles required shortly, but as a best practice dashboards are generally viewed by the business teams and hence that input should go from them on ‘what to see’ and ‘what not to’
Are these dashboards filterable in anyway (ex. by director, VP, org, etc?) Assuming issues/risks/etc. are assigned to users in Service Now?	These are not filtered and provide complete organization view. You can however choose Risk Methodology and domain you would like to see the data for in the Risk and compliance widgets.
Are there any known limitations for reporting within SNOW in relation to VR? Maybe with large number of vulnerabilities etc?	well, it is reported based on best practice we don’t see any issues. However with very large volumes there can be issues if the slice and dice is done through list reports. refer to this for additional info https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1157979
I'm curious how much configuration is required on initial implementation. Would love to hear about that at the end.	Its fairly simple..we would like to hear your feedback or any further guidance required.
Will there be any further execute dashboard such as GRC executive dashboard ?	These dashboards will be further enhanced in future releases.
A piece of information about the Executive Dashboard: for which ServiceNow Subscription is it available?	You need to either be on VR Pro/ SR Pro or either on IRM Pro, so any of these 3 Pro’s you would be able to access CSED dashboards.
Will there be any possibility to get the Quarter to quarter trend on heatmap ?	We are leveraging the available dashboards from the Privacy workspace, but then you can build your own dashboards and pull it here, using the UI builder
I was told by ServiceNow team not schedule historic jobs only run them once. This sounds like the historic job does need to be scheduled. If so how often?	Yes, historical jobs are optional and only run once, apologies for the confusion. If you are running historical job, you'll also want to have the other applications PA historical jobs run.
Any palns to "fix" the scan coverage calculation to represent that an asset was scanned in the last X period of time as opposed to just a count of updates, this has never been accurate.	The scan coverage counts assets scanned in the last 90 days. We plan to make the number of days configurable but its possible today with minor customization.
Is historical data for trends readily available when the dashboard installed? Is there any action required to configure metrics?	Historical trends will be calculated when the past metrics are available. This depends on whether these metrics have been enabled prior in the environment as part of other dashboards. For completely new metrics, historical trends may not be available immediately and will require time to pass to build the trend.