Major Security Incident Management

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Major Security Incident Management

    Major Security Incident Management (MSIM) enhances the resolution of significant security incidents within ServiceNow by integrating with the existing Security Incident Response capabilities. It enables security analysts to escalate standard security incidents to major incidents, facilitating a structured remediation process. Analysts can propose, promote, reject, or link security incidents to a major security incident, allowing for coordinated management of related incidents.

    Show full answer Show less

    Key Features

    • Dedicated Workspace: A customized interface designed for Major Security Incident Managers to efficiently oversee major incidents.
    • Multi-Incident Organization: Ability to organize and track response tasks across multiple child security incidents linked to a major incident.
    • Collaboration Automation: Automatic creation and archival of collaboration folders and chat channels upon major incident creation and closure.
    • Artifact Management: File explorer integrated with Microsoft SharePoint to organize and track incident-related files and artifacts.
    • Communication Integration: Chat channel manager and activity stream components integrated with Microsoft Teams to streamline communication among security, IT, and functional teams.

    Workspace Components

    The product includes new user interface components such as:

    • A dedicated major incident management workspace tailored for the Major Security Incident Manager role.
    • Automated collaboration tools linked to Microsoft SharePoint and Microsoft Teams for artifact management and communication.
    • Tools to manage multiple child security incidents and coordinate their remediation activities.

    Supported Versions and Requirements

    • Requires ServiceNow AI Platform® Rome release or later.
    • Supports Microsoft Teams as part of Microsoft Office 365 for integrated chat communication.
    • Requires installation and activation of Security Incident Response and related Security Operations plugins in a specified order to ensure smooth setup.

    Next Steps for ServiceNow Customers

    • Install and activate the necessary Security Incident Response plugins from the ServiceNow Store if not already present.
    • Leverage the dedicated workspace to streamline major incident management and collaboration.
    • Utilize Microsoft Teams and SharePoint integrations to enhance communication and artifact tracking.
    • Assign appropriate roles, especially the Major Security Incident Manager, to effectively use the MSIM capabilities.

    Track and manage various activities that are typically part of resolving a major security incident through Major Security Incident Management. Through an intuitive workspace, incident managers and those working on an incident can propose and promote incidents to major incidents, track major security incident activities, and easily collaborate with colleagues.

    Overview

    The major security incident management capabilities work in conjunction with the existing security incident response product capabilities. This includes an ability for a security analyst to escalate a standard security incident to a major security incident, so that the new product capabilities are available to support the remediation process.

    After you install on your ServiceNow instance, a security incident analyst can:

    • Propose a security incident to major security incident candidate to initiate a review process on the need to create a major security incident.
    • Directly promote a security incident to a major security incident without the need for an additional review process.
    • Reject a security incident that is proposed as a major security incident (MSI).
    • Link a security incident as a child incident to the major security incident (MSI) so that all security incidents can be worked.

    Key features

    Major Security Incident Management (MSIM) improves the major security incident remediation process with the following features:

    • Dedicated workspace for managing major security incidents designed for the major security incident manager user role.
    • Organize response tasks across multiple 'child' security incidents.
    • Automate creation of collaboration folders and chat communication channels after a major security incident is created, as well as archival as part of incident closure.
    • File explorer component to organize and track the collection of artifacts (files) related to the major security incident via a Microsoft SharePoint integration.
    • Chat channel manager and activity stream components to manage communications across multiple security, IT, and functional groups via a Microsoft Teams integration.

    Workspace Components

    The Major Security Incident Management product contains several new workspace components and user interface pages that deliver the key features functionality:

    • Dedicated workspace for managing major security incidents specifically designed for the major Security Incident Manager user role.
    • Organize response tasks across multiple child security incidents.
    • Automate creation of collaboration folders and chat communication channels after a major security incident is created, as well as archival as part of incident closure.
    • File explorer component to organize and track the collection of artifacts (files) related to the major security incident via a Microsoft SharePoint integration.
    • Chat channel manager and activity stream components to manage communications across multiple security, IT, and functional groups via a Microsoft Teams integration.

    Supported Major Security Incident Management versions

    Major Security Incident Management (MSIM) requires ServiceNow AI Platform® Rome version.

    This feature supports Microsoft Teams, which is a chat-centered workspace in the Microsoft Office 365 suite. Earlier Microsoft Teams was a separate installation from Microsoft Office 365 applications.

    Supported ServiceNow AI Platform versions

    This feature is supported on Rome and later releases.

    The following Security Operations applications are the standard Security Incident Response plugins that will likely be installed for most of the users if they’re using already Security Incident Response (SIR). If not installed, you must install and activate from ServiceNow Store. Install and then activate one application at a time in the order mentioned to ensure a smooth installation:
    1. Security Incident Response: com.snc.si_dep is the dependent plugin. Installing this plugin activates the other Security Operations applications.
    2. Security Integration Framework
    3. Security Support Common
    4. Security Support Common Orchestration