Security Best Practices
Summarize
Summary of Security Best Practices
Security Best Practices in ServiceNow help you implement privacy and security configurations to improve your instance's security posture. The feature offers a structured approach with step-by-step instructions, progress tracking, and task management to ensure effective and measurable security improvements aligned with your organization’s goals.
Show less
Key Features
- Home Page: Displays an overview of your progress, including graphs showing completed best practices overall and by maturity level. You can filter best practices by maturity phase such as "Build a foundation," which focuses on lower impact initial improvements.
- Security Best Practices Table: Allows sorting, filtering, and saving lists of best practices based on fields like maturity level, status, priority, goals, and introduction or change in Security Center versions. This supports customized worklists for different roles or use cases.
- Details Page for Each Best Practice: Shows priority, maturity level, status, and detailed implementation instructions. You can mark best practices as complete or reopen them, and create Security Tasks to delegate or track work.
- Task Steps Tab: Provides step-by-step guidance for implementing each security best practice.
- Activity Tab: Tracks timestamped user and system actions related to each best practice to maintain a clear audit trail.
- Progress Tracking: Visual indicators on progress and completion by maturity level help you monitor security improvements over time.
Practical Use for ServiceNow Customers
By leveraging Security Best Practices, you can systematically strengthen your ServiceNow instance security starting from foundational changes to advanced features. The maturity levels (Build a foundation, Enhance the experience, Optimize the functionality, Add advanced features) guide you through a phased approach to implementing improvements with measurable impact.
You can prioritize best practices based on immediate importance or later scheduling, align security efforts to specific goals such as access control or encryption, and track all activities for accountability and reporting.
The ability to create Security Tasks linked to best practices facilitates collaboration and ensures clear responsibility assignments, helping your team efficiently manage security initiatives.
Expected Outcomes
- Improved visibility into your security posture with actionable insights and progress metrics.
- Structured, guided implementation of security configurations that align with industry best practices.
- Enhanced ability to manage, delegate, and audit security-related work across your organization.
- A phased, prioritized path to systematically reduce security risks and strengthen compliance.
Use Security Best Practices to implement privacy and security configuration tasks on your ServiceNow instance.
Identify best practices to improve your security posture, and follow step-by-step instructions on how to implement them. Security Best Practices provide the following:
- The home page shows an overview of your progress on implementing security best practices. You can also organize and manage lists of security best practices according to your organization's goals.
- The overview page provides details of each security best practice, the steps to implement them, and a record of all activities and comments.
- The task steps page provides you with instructions on how to implement security best practices.
- The activity page tracks the history of the user and system actions related to your security best practices.
Security Best Practices home page
- Completed overall
- Displays a count and trend line of best practices you have completed. Select the card to view the Completed Overall metric page in Security metrics.
- Completed by maturity level
- Displays a chart of completed best practices organized by maturity level (see a description of maturity levels in the proceeding table). Select the card to view the Completed by Maturity Level metric page in Security metrics.
- Build a foundation
- Select the Build a foundation button to filter the table on this page to display only best practices in the Build a foundation maturity level. These are lower impact changes you can make to start improving instance security.
- Create a task
- Use the +Create task button to create a Security Task to track or delegate best practice work. For details on Security Tasks, see Security Tasks.
The table enables you to apply filters so that you can sort and save filtered lists, which you can use as work lists for different use cases or roles. See save a filtered list for more information.
| Name | Description |
|---|---|
| Name | Word used to identify a security best practice. |
| Maturity level | Applications and features that have been arranged by the order of impact to provide you measurable results. The values for maturity levels are:
These can also be thought of as crawl, walk, run, and fly phases. |
| Status | Current state of a best practice:
|
| Priority | Order of importance for implementing a best practice in your organization:
|
| Goals | Security category that a best practice addresses:
|
| First introduced | Which Security Center version the best practice was introduced. |
| Changed | Which Security Center version the best practice was changed. |
| Removed | Which Security Center version the best practice was removed. |
Security Best Practices details page
Select a best practice from the table to view its page. At the top of the details page, you can view general information about the security best practice including priority, maturity level, and status. Use Complete Best Practice button to mark a the practice as complete, or Reopen Best Practice button to mark the practice complete. Use the +Create Task to create a Security Task to track and delegate this task. For details on Security Tasks, see Security Tasks.
This page provides more information on the best practice, divided into tabs:
- Overview
-
This tab contains the Priority drop-down menu, which enables you to specify the security best practices that are important to you at this time and which are not applicable.
The details section provides content about the features associated with the security best practice, and the documentation section provides one or more links where you can find additional information.
The Progress card on the right shows the number of steps completed versus the total number of steps included. Select go to next step to navigate to the next incomplete step.
The best practice update history card provides a snapshot of the release information for the best practice. You can track which ServiceNow Security Center version the security best practice was released in, and which versions it was subsequently last updated in.
- Task Steps
-
This tab provides step-by-step instructions for how to implement this security best practice. See complete a security best practice for more information.
- Activity
-
This tabe displays timestamped activities listed from newest to oldest. Use search and filter to query for information. See apply filters to the security best practices table for more information.