Security Best Practices

  • Release version: Xanadu
  • Updated August 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Security Best Practices

    Security Best Practices in ServiceNow enable you to implement privacy and security configurations effectively to enhance your instance's security posture. They provide a structured approach with recommendations from ServiceNow, prioritizing the most impactful security improvements. The framework guides you through step-by-step instructions to apply these practices, helping you organize, manage, and track security tasks aligned with your organization's goals.

    Show full answer Show less

    Key Features

    • Home Page: Displays progress visuals such as graphs showing total and maturity-level based completion of security best practices. It includes a comprehensive table listing all available best practices, which can be filtered and saved to create customized work lists for different roles or use cases.
    • Security Best Practices Table: Contains fields such as Name, Maturity Level (from foundational to advanced phases), Status (Open, In progress, Completed), Priority (Immediate, Later, Not applicable), Goals (security categories addressed), and version history (introduced, changed, removed).
    • Overview Page: Presents detailed information about each best practice including priority settings, maturity level, status, feature descriptions, documentation links, progress tracking, and version update history.
    • Task Steps Page: Provides clear, step-by-step instructions to implement the security best practice efficiently.
    • Activity Page: Tracks and displays a chronological, timestamped history of user and system actions related to each security best practice. It supports search and filtering for precise activity analysis.

    Practical Application

    • Completing Best Practices: Follow guided steps to implement security recommendations on your instance, improving security posture systematically.
    • Tracking Progress and Activity: Monitor completion status and review detailed audit trails of actions taken, supporting transparency and accountability.
    • Filtering and Saving Lists: Customize views and create targeted work lists, enabling focused security efforts tailored to organizational priorities and roles.

    Benefits for ServiceNow Customers

    By using Security Best Practices, you can effectively prioritize and implement key security improvements, track progress in real time, and maintain a clear record of all security-related activities. This structured approach helps ensure compliance with security standards, reduces vulnerabilities, and enhances overall instance security.

    Use Security Best Practices to implement privacy and security configuration tasks on your ServiceNow instance.

    Use Security Best Practices to review security suggestions by ServiceNow, identify those that would most improve your security posture, and follow step-by-step instructions on how to implement them.

    Security Best Practices provide the following:

    • The home page shows an overview of your progress on implementing security best practices. You can also organize and manage lists of security best practices according to your organization's goals.
    • The overview page provides details of each security best practice, the steps to implement them, and a record of all activities and comments.
    • The task steps page provides you with instructions on how to implement security best practices.
    • The activity page tracks the history of the user and system actions related to your security best practices.

    Security Best Practices home page

    The home page includes graphs that represent the total number of security best practices completed overall, the number of best practices completed by maturity level, and a table with all the security best practices available.

    The table enables you to apply filters so that you can sort and save filtered lists, which you can use as work lists for different use cases or roles. See save a filtered list for more information.

    The following are explanations of the fields related to the security best practices table.
    Table 1. Summary of fields used in the security best practices table
    Name Description
    Name Word used to identify a security best practice.
    Maturity level Applications and features that have been arranged by the order of impact to provide you measurable results. The values for maturity levels are:
    • Build a foundation
    • Enhance the experience
    • Optimize the functionality
    • Add advanced features

    These can also be thought of as crawl, walk, run, and fly phases.
    Status Current state of a security best practice:
    • Open
    • In progress
    • Completed
    Priority Order of importance for implementing a security best practice in your organization:
    • Immediate
    • Later
    • Not applicable
    Goals Security category that a security best practice addresses:
    • Address initial security configurations
    • Secure emails
    • Monitoring logs
    • Manage access controls
    • Protect with encryption
    • Keep instances up to date
    First introduced Security Center version in which the security best practice was introduced.
    Changed Security Center version in which the security best practice was last changed.
    Removed Security Center version in which the security best practice was removed.

    Security Best Practices overview page

    When you select a security best practice from the security best practices table, you will go to a page with the following subtabs: Overview, Task steps, and Activity.

    At the top of the overview page, you can view general information about the security best practice including priority, maturity level, and status.

    The Priority drop-down menu enables you to specify the security best practices that are important to you at this time and which are not applicable.

    The details section provides content about the features associated with the security best practice, and the documentation section provides one or more links where you can find additional information.

    The Progress card on the right shows the number of steps completed versus the total number of steps included. Select go to next step to navigate to the next incomplete step.

    The best practice update history card provides a snapshot of the release information for the best practice. You can track which ServiceNow Security Center version the security best practice was released in, and which versions it was subsequently last updated in.

    Security Best Practices task steps page

    When you select the subtab task steps, you’ll be taken to a page that provides you with step-by-step instructions for how to implement the security best practice. See complete a security best practice for more information.

    Security Best Practices activity page

    The activities are listed from newest to oldest so that you can analyze the most recent activity first. Each update to an activity is timestamped, and you can use search and filter to query for information. See apply filters to the security best practices table for more information.