SlideShare a Scribd company logo

vulnerability-response-implementation.pptx

Download as PPTX, PDF
D
DronadulaVenkataSuma

Hi

Data & Analytics
1 of 20
Implement ServiceNow Vulnerability Response
2 © 2021 ServiceNow, Inc. All Rights Reserved. Implement ServiceNow Vulnerability Response (VR) Introduction An effective vulnerability management program is one of the best ways to prevent a security breach. More than half of breaches are the result of known vulnerabilities that patches are available for. A study conducted by ServiceNow and Ponemon Institute showed that an average of 12 days are lost for every vulnerability patched due to team coordination challenges. When vulnerability response is handled with spreadsheets and email, it’s hard to get up-to- date visibility on the organization’s current risk exposure. ServiceNow Vulnerability Response workflow: ServiceNow® Vulnerability Response (VR) is an application that helps you respond faster and more efficiently to vulnerabilities, connect security and IT teams, and provide real-time visibility. It connects the workflow and automation capabilities of the Now Platform® with vulnerability scan data from leading vendors (Qualys, Rapid7, Tenable) to give your teams a single platform for response that can be shared between security and IT.
3 © 2021 ServiceNow, Inc. All Rights Reserved. Implement ServiceNow VR (Continued) Intended use This checklist provides:  The recommended process for implementing ServiceNow VR Stage 1 of maturity (as shown in the maturity model below)  A high-level list of actions for implementation of ServiceNow VR, to be completed with the assistance of a ServiceNow partner certified in the SecOps product suite (including training in the Vulnerability application) or ServiceNow Expert Services  An outline of the lessons learned from previous ServiceNow VR implementations and suggestions to avoid common pitfalls through Practitioner Insights Key steps ServiceNow Vulnerability Response Stages of Maturity Achieving Stage 1 of maturity—automated prioritization—is the recommended first step to quickly realizing value from ServiceNow VR. The benefits of using a readiness checklist are:  Faster implementation and time to value  Awareness of key implementation risks and guidance to avoid them  Enhanced efficiency and quality of the design to ensure the best possible value from your ServiceNow VR 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
4 © 2021 ServiceNow, Inc. All Rights Reserved. Your vision, business objectives, and measures of success for Vulnerability Management drive support from leadership and stakeholders and ensures your implementation creates measurable value. Begin by getting the right people involved and build a good understanding of the capabilities of ServiceNow Vulnerability Response. Then establish a vision of where you want to be after implementation. Step 1: Set your VR vision and outcomes Identify the right people and teams  Product and process owners:  ServiceNow platform team – The ServiceNow platform team will own and maintain ServiceNow VR. Some organizations elect a member or members from the vulnerability response team to own the VR administration duties.  Vulnerability Response technical administrators – These administrators responsible for the administration and configuration of ServiceNow VR and third-party vulnerability response applications (like Qualys, Rapid7, and Tenable).  Vulnerability Response business process owner – This person is responsible for vulnerability response policies and procedures.  Vulnerability Response analysts – Conduct day-to-day vulnerability response activities, such as assigning remediation activities, tracking remediation progress, and acting as an escalation point for remediation teams.  Remediation teams – These teams handle the remediation activities, like patching, on identified vulnerabilities.  Key additional stakeholders to involve in planning:  CISO (or CSO) – Frequently acts as the executive sponsor and must support the implementation for it to be successful  Change management team – Provides critical support for the remediation team when working through the change management process to perform remediation  ServiceNow Configuration Management Database (CMDB) team – Provides expertise on the setup and maintenance of your ServiceNow CMDB for integration with ServiceNow VR 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
5 © 2021 ServiceNow, Inc. All Rights Reserved. Step 1: Set VR vision and outcomes (Continued) Answer the following questions to generate a clear, measurable definition of your vision and desired business outcomes for Vulnerability Response:  What business outcomes do we want to achieve? Many organizations often cite one or more of these objectives: Review VR’s features and functionality  Read the ServiceNow VR overview on the ServiceNow website. Take note of the features, functionality, and benefits of ServiceNow VR.  Review the VR Success Map to understand the processes and best practices you’ll need to implement and maintain to get maximum value.  Review the ServiceNow VR product docs. These resources are more technical and provide additional functionality detail.  Watch this webinar: Ask the Experts: Vulnerability Response. 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation  Singe system of record and/or action  Automated vulnerability assignment and prioritization  Improved visibility  Greater accountability  Increased productivity  Risk-based prioritization  What current challenge is associated with this outcome? For example, your vulnerability triage may be time consuming and error prone.  What problems or obstacles are keeping us from realizing our desired business outcomes? One problem could be that your vulnerabilities are assessed manually, so you often rely on tribal knowledge to determine their correct owner, and some tickets transfer between multiple owners.  What future state can we envision to realize our desired business outcome? For example, you may envision automating vulnerability assessment, prioritization, and assignment by matching vulnerability items with configuration items from the CMDB and risk-based prioritization rules.  What measurable success criteria can define whether we’ve achieved our desired business outcomes? This might be something like 90% assignment accuracy, with tickets assigned to the right team the first time, within one year of implementing Vulnerability Management.
6 © 2021 ServiceNow, Inc. All Rights Reserved. Step 2: Assess team readiness Assess your team’s current state of readiness  Identify your project management resources (including a dedicated project manager) to support implementation.  Confirm that your executive sponsor is committed and fully engaged.  Find out if the people and teams identified in Step 1 have completed the relevant training:  Systems administrators and technical team members who will be involved in implementation and post go-live maintenance should complete the ServiceNow Fundamentals, Security Operations Fundamentals, and Vulnerability Response Implementation trainings before you design.  The platform owner, ServiceNow VR product owner, and process owners should complete the ServiceNow Fundamentals and Security Operations Fundamentals trainings.  Make sure that your system administrators and developers have access to Now Learning and Now Creators for continued skill development.  Use the ServiceNow Customer Success Center for an additional assessment and action plan to support your readiness. There are many processes involved in implementing ServiceNow VR. It’s important for the people involved in implementation to take advantage of the training ServiceNow offers to learn the terminology, functionality, and technical solutions of ServiceNow VR. 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
7 © 2021 ServiceNow, Inc. All Rights Reserved. Step 3: Choose an implementation partner  Define your strategy for choosing a partner (Use the outcomes and team readiness determined in Step 1.)  List the skills, experience, and resources you have and those you need.  List the ongoing support you expect the partner to provide.  Document your expectations on outcomes (and include in the statement of work, if possible).  Define your performance and success metrics.  Search for candidates  If you previously worked with a partner to implement ServiceNow, meet with that partner.  Consider other subject matter experts, such as your:  ServiceNow team (product line sales, local alliances)  Peers (Take advantage of Now Community)  Use ServiceNow Partner Finder While you can implement Vulnerability Management on your own, we strongly advise you to work with a ServiceNow SecOps-certified partner (or ServiceNow Expert Services). There’s no substitute for experience when it comes to ensuring you achieve the desired business outcomes you set in Step 1. Our data shows that customers working with an implementation partner realize value faster than customers that go it alone. It’s critical to pick the right partner—one that has experience with Vulnerability Management.  Evaluate your candidates  Review their customer satisfaction scores.  Evaluate their practice and platform experience.  Look at your partner’s implementation team’s experience. For example, their years of security, ServiceNow SecOps and ServiceNow implementation experience, ServiceNow certification, etc. Practitioner insight: Don’t go it alone. Find a partner with ServiceNow Security Operations experience, not just ServiceNow ITSM experience, as well as expertise in managing organizational change. Make sure to plan 90-, 180-, and 360-day check-ins with your partner to keep things on track and to avoid surprises. 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
8 © 2021 ServiceNow, Inc. All Rights Reserved. Create an implementation governance committee  Assign your designated ServiceNow platform owner, process owners (vulnerability managers, remediation teams), partner representative, project manager, and other business stakeholders as required. Your executive sponsor should chair this committee.  Define a meeting cadence, standard agenda, and decision process. In addition to standard project tracking, meetings should include:  Project objectives – Clearly identify and prioritize your objectives, such as improvements to process performance, technical usability, etc.  A review of your organizational change management (OCM) activities – See Slide 10 (next) for OCM plan development.  Work with your executive sponsor and ServiceNow platform owner to develop a responsibility assignment matrix (RACI) to establish a common, documented understanding of the decision rights for your migration project.  Make sure that your governance team is prepared to define measures of success for enterprise, security, and operational objectives. These measures of success should come from the goals and metrics discovered in Step 1. Include implementation governance and post-implementation governance as part of your ServiceNow VR journey. Implementation governance you implement successfully, and post- implementation governance helps you achieve long-term success. Your implementation governance team should form your post-implementation governance team. Step 4a: Create a structure for governance Establish a technical governance subcommittee  Assign technical stakeholders, including the staff responsible for support, administration, and integration. Your designated ServiceNow platform owner should chair this subcommittee, supported by your project manager.  Define a meeting cadence, standard agenda, and decision process. In addition to standard project tracking, meetings should include:  Identifying technical obstacles and strategies for resolution  Reviewing requests for new ServiceNow VR functionality  Note: New functionality should require a business justification process.  Your technical governance subcommittee should report to your migration governance committee or steering group. Establish the decision rights between your migration governance committee and technical governance subcommittee in a RACI. Practitioner insight: The governance structure you establish for implementation should set an initial baseline for the governance you’ll need for post go-live maintenance, especially to manage demand. See support on ServiceNow Governance for additional details. 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
9 © 2021 ServiceNow, Inc. All Rights Reserved. For effective adoption and long-term success, take OCM activities into consideration throughout your planning and implementation processes. OCM is critically important for implementing ServiceNow VR since many process owners are unlikely to have been involved in the purchase decisions and initially may not understand the benefits of moving to new processes and a new vulnerability response application. Step 4b: Create a structure for an OCM plan Build an OCM plan:  Make sure you have leadership and executive sponsor support for OCM, including the budget for an OCM program lead and/or ServiceNow expert support. This should also include an explicit definition from leadership on what good OCM looks like for your organization.  Conduct an initial stakeholder analysis and prepare to update it biweekly. See our resources on change management* for more details.  Conduct an OCM readiness assessment* to measure how ready your stakeholders are for the organizational change needed to support ServiceNow VR. Conduct this assessment before your design discussions. Based on your readiness assessment, use our Success Checklist to create an OCM plan* and develop an OCM impact analysis and risk assessment. *Tailor these resources to your use of ServiceNow VR and your business environment. 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
10 © 2021 ServiceNow, Inc. All Rights Reserved. The Now Create methodology is a proven methodology developed from thousands of ServiceNow implementations. It’s the recommended approach to implementation. Step 4c: Review the ServiceNow implementation methodology, Now Create 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation • Understand the business objectives • Establish program governance • Establish the project team • Formally kick off the project Initiate • Conduct process, platform, and integration workshops • Define, review, and prioritize the product backlog • Plan the release • Finalize the project timeline • Document the test strategy • Set up the environment Plan • Run agile scrum cycles • Define support processes and Hypercare approach • Execute communications and awareness roadshows • Plan for UAT and system testing Execute • Perform system testing and UAT • Plan the go-live • Operational Readiness • Train users • Go live Deliver • Operational handoff • Hypercare support • lessons learned • Measure value and champion success • Formally close the project Close
11 © 2021 ServiceNow, Inc. All Rights Reserved. Step 4d: Evaluate your current VR processes  What is your current vulnerability management team structure? (Select one.)  A dedicated team assigned to only vulnerability management responsibilities  Team members are split between other security operations duties and vulnerability management  An internal team running vulnerability management  An external or hybrid team running vulnerability management  How do you handle vulnerability assignment and ownership?  Are any existing groups using ServiceNow to perform vulnerability remediation activities, such as patching or system hardening?  What logic do you use to assign ownership of remediation efforts, in other words, do you have Assignment Rule Conditions? For example, for Windows Server OS vulnerabilities identified on exchange servers, would the Windows Server team own remediation? Answer the following questions about your current state of VR  What is your vulnerability exception process?  Is there a current process by which vulnerability items are deemed as “risk accepted” today? This might be, for example, an inability to fix due to its impact on a mission-critical system.  Who is the approving authority?  How are risk exceptions managed and tracked? For example, are they tracked manually with spreadsheets or with a third-party solution such as a GRC tool, etc.?  Are there any current processes to handle vulnerabilities or exposures deemed to be false positives?  What are the required SLA time(s) for addressing and/or closing identified vulnerabilities? How does the SLA differ by severity, in other words, High/Medium/Low? The implementation design process involves multiple teams, collaborative decision-making, and a thorough understanding of your current processes and technical environment. Because of this, your design phase can often take weeks or longer as you collect the necessary information, coordinate the right people, and solidify decisions. The action items in Step 2 help you proactively collect your design-related information and initiate engagement with the required stakeholders. This will enhance and expediate the design process. 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
12 © 2021 ServiceNow, Inc. All Rights Reserved. Step 4e: Assess your integration needs Document your sources of vulnerability data ServiceNow VR integrates with leading third-party vulnerability scanning tools (Qualys, Tenable, and Rapid7) to bring identified vulnerabilities into ServiceNow to manage vulnerability response.  What vulnerability data sources will be integrated with ServiceNow Vulnerability Response? (Select all that apply.)  Active vulnerability scanners  Passive vulnerability identification tools  Flat file reports  Do you have a copy of the API documentation of your scanning platform?  Are technical staff available who are familiar with the API and scanning platforms?  How often will you perform scans? Set a schedule.  Do you perform a combination of both credentialed and non-credentialed scanning?  What severity ranges (like low, medium, high, critical) of the vulnerabilities identified do you want within ServiceNow?  Do you want to see all IP address network ranges identified by your scanning platform within ServiceNow? (That is, those for development, production, internal, DMZ, external.) Assess your CMDB health ServiceNow VR uses information from configuration items (CIs) in the ServiceNow CMDB to add business context to vulnerabilities. This information helps prioritize and assign ownership for the remediation of that vulnerability.  Assess your CMDB management process against ServiceNow CMDB best practices. If you haven’t set up your CMDB, follow the steps in our Success Playbook on using Discovery to populate your CMDB to do so.  Conduct a CMDB health check.  Document how your CMDB is currently populated with information.  Discovery via network-based tools (if so, what specific tools?)  Manual data-gathering efforts  Vulnerability scanner(s)  Determine if there’s an authoritative source for populating the CMDB with information.  Discovery  Manual data gathering  Vulnerability scanner  Other 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
13 © 2021 ServiceNow, Inc. All Rights Reserved. Creating VR workflows consists of three steps: design, build, and test. Your design phase is focused on generating approved and prioritized stories for development in collaboration with vulnerability management process owners. Begin with a formal kickoff meeting to get everyone on the same page. Step 5a: Conduct a design workshop Conduct a formal kickoff meeting  Include all relevant stakeholders and project team members (including partners and ServiceNow staff). Your executive sponsor should:  Reiterate the business purpose and objectives of the migration project  Reinforce your governance model for the project, including an explicit definition of how decisions will be made  Define the expectations and requirements for all stakeholders and team members involved in the project  Your partner or ServiceNow engagement manager should:  Introduce your partner and ServiceNow delivery team members  Walk through the implementation approach and project plan Practitioner insight: Work to avoid customization. Challenge all requirements for customization using the scorecard method outlined in our resources on avoiding customization pitfalls. 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
14 © 2021 ServiceNow, Inc. All Rights Reserved. Step 5a: Conduct a design workshop (Continued)  Determine your integration requirements – Use the information you collected in Step 2 to:  Determine the vulnerability data to integrate into ServiceNow Vulnerability Management, for example, all data or a subset of data based on severities, findings of certain network segments, etc.)  Develop a strategy to integrate third-party vulnerability solutions—Qualys, Tenable, Rapid7, etc.—including a plan for historical data loads  Work with the ServiceNow CMDB team to make sure the CMDB data is up to date with accurate data and establish CI lookup rules for how vulnerabilities are matched with CIs to aid in remediation.  Define future state Vulnerability Response processes:  Develop rules for assigning vulnerable items (VI) vulnerability grouping to determine how VIs are assigned for remediation.  Design workflows for the vulnerability response lifecycle.  Define risk scoring for VI prioritization.  Detail the exception process and workflows. The design workshop should bring together all relevant stakeholders (identified in Step 1) to: define the future state vulnerability response process and process workflow you’ll use within the Now Platform; design high-level solution architecture and integrations; and define configuration requirements in the form of user stories. In addition, use this workshop to determine your reporting and notifications needs. ServiceNow VR reporting provides visibility into the vulnerabilities in your environment and the status of your vulnerability response workflows.  Select desired reports:  Review examples of the reports you use today.  Using the outcomes defined in Step 1, define your group and organizational goals. For example, you may want to remediate critical VIs within the time frame set by policy.  For each goal, define the question(s) you need answered in order to determine your progress toward that goal. For example, what’s the number of critical VIs currently assigned for remediation within policy? How many critical VIs are currently assigned for remediation outside policy? What’s the number of critical VIs not assigned and/or outside policy?  For each question, define the metric(s) you would gather in order to provide a quantitative answer to that question. For example, SLA – Critical Vulnerable Items closed within 5 business days.  Select or configure the reports you need to provide the metric(s). For example, SLA report on assigned Critical Vulnerable Items or List of unassigned critical vulnerable items showing CI Ownership information. 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
15 © 2021 ServiceNow, Inc. All Rights Reserved. Complete final testing  Complete a full suite of tests after you finish development, including:  A repeat of all unit tests together to confirm functionality  UAT for both end-to-end processes and defined user scenarios – Testers (typically process managers and users) need to understand the intended design fully to avoid raising defects for correct functionality. Step 5b: Build and test your VR workflows Define your development plan  Document and review the stories from your design workshop with process owners. Document your process owners’ approval and agreement that the stories correctly represent the design agreed to in the implementation workshop.  Prioritize the approved stories based on their contribution to your business objectives and available capacity. Have the migration governance committee you established (Step 4a) approve the prioritization.  Assign prioritized stories to defined development sprints. Each sprint should have a defined outcome, such as implementing the core incident management process, and should ideally last two weeks. Make sure these things happen at the end of each sprint:  The process owner demonstrates the functionality built to test the desired outcome and allow for any necessary corrections  Your developers conducts unit tests for each story, ideally using ServiceNow Automated Test Framework and run a sprint scan through HealthScan to make sure that development has aligned with best practices  Your developers report on story completion and test results to your technical governance subcommittee, especially to surface any technical obstacles that may affect additional development Follow an iterative or Agile approach when you build and test and include unit testing. Once you complete development, run a full set of tests, including user acceptance testing (UAT). 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
16 © 2021 ServiceNow, Inc. All Rights Reserved. Step 6: Initiate OCM activities Prepare for train-the-trainer sessions  Assign dedicated internal trainers to your project. ServiceNow experts will provide train-the-trainer sessions to familiarize them with the ServiceNow VR product and support the development of an internal curriculum.  Identify process managers and frontline users—vulnerability response analysts, remediation teams, etc.—who will be good candidates to lead peer-to-peer training. Don’t select these candidates based solely on their seniority and expertise but also on their ability to influence peers. Develop training plans for process users  Using your internal trainers (and peer-to-peer resources), provide training for the staff involved in related processes. Training should focus on establishing clarity around how new processes work in ServiceNow and how to work effectively with them.  Deliver your training in modules so process users can focus on the processes most relevant to their day-to-day work. Perform OCM activities and training should in parallel to your design, build, and test activities so they reinforce each other. Make sure your migration project plan includes adequate investment (including ServiceNow experts and/or internal staff) to support OCM and training so you can avoid any lag between your go-live and target adoption. Practitioner insight: Creating customized content, reviewing and finalizing materials, and preparing internal trainers takes a few weeks at a minimum. Begin planning for training early but defer content creation until go-live data is near to make sure that the content accurately mirrors the final configuration. For additional details, see our Success Quick Answer on the pitfalls to avoid when training process users. Plan go-live communications to support adoption  Create content and for multi-channel communications to announce the go-live. Structures for this established in Step 3, Slide 11.  Capture and promote quick wins to demonstrate early success.  Identify the functionality or features that have wide visibility among process users and end-users that are within scope for implementation. Promote these to drive wider interest in and adoption of ServiceNow.  Identify ServiceNow champions among your process users who can promote quick wins and influence adoption among peers. 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
17 © 2021 ServiceNow, Inc. All Rights Reserved. Step 7: Plan your go-live Plan your go-live support  Make sure you have 24/7 support from a designated response team for at least two days after your go-live.  Task your implementation team with providing hypercare for a period defined by your migration governance committee (typically two weeks) to address any issues or bugs. When you plan your go-live, set your launch data, cutover strategy, support, and transition to “run.” Plan your go-live date  Your technical governance subcommittee nominates a date based on your technical readiness.  Your migration governance committee validates or changes this date based on your business readiness criteria, which includes:  Determining whether enough staff have met the training requirements  Assessing the success of your OCM activities and readiness  Assessing whether there are any competing issues or priorities that will distract the stakeholders  Assessing the readiness of any third parties that support your go-live  Assess whether there will be operational downtime and plan accordingly. Plan your transition to “run”  Transition the ownership of support from the implementation team to your internal ServiceNow platform team and ServiceNow VR owner. Most members of your ServiceNow platform team should be on the implementation team and familiar with the system.  Transition governance to the functions responsible for strategic, portfolio, and technical governance.  Make sure you have processes in place to intake and manage demand for additional configuration and functionality (including enhancements).  Make sure you have processes in place for reporting bugs and providing support and resolution.  Confirm that go-live communications are distributed and elicit feedback to ensure successful adoption. 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
18 © 2021 ServiceNow, Inc. All Rights Reserved. Step 8: Measure your success and adjust Identify (and put tracking in place for) your KPIs and diagnostic metrics  Your governance functions—strategic, portfolio, and technical—should make sure that their kickoff agendas include definitions of relevant KPIs (measuring progress towards objectives) and diagnostic metrics (identifying risks to progress).  Establish a clear line of sight from your business objectives to the KPIs and metrics created at the portfolio and technical level. For example, implementing a specific product or feature may represent a KPI at a technical level that should roll up to a KPI for value realization at a strategic level.  Keep reporting and communications focused on a small number of KPIs that best reflect progress against your objectives and include usage/adoption targets.  Keep your diagnostic metrics actionable. For more information, see our resources on KPIs and diagnostic metrics. Assuming you defined clear business and functional objectives before migration, your next step is to make sure you have the right key performance indicators (KPIs) and diagnostic metrics in place to assess your progress against objectives. Build playbooks that include the actions you can use to respond to any red flags seen in your diagnostic metrics  Set thresholds for risk in your diagnostic metrics that should trigger a response.  Work with your process and service owners to make sure you have the right diagnostic metrics and to develop playbooks. Build dashboards to visualize your progress and support clear decision-making  Create dashboards using the dashboard requirements from your ServiceNow platform owner, service owners, process owners, and executive sponsor and/or senior leaders (established in Step 2). See our Success Quick Answer on creating custom dashboards for additional details. 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
19 © 2021 ServiceNow, Inc. All Rights Reserved. Related resources Success Playbook – Where to start the implementation journey with ServiceNow Success Checklist – Build a phased program plan, identify quick wins Now Community – Security Operations—For New Customers Vulnerability Response Product Documentation Success Map – Vulnerability Response Security Operations Value Calculator
20 © 2021 ServiceNow, Inc. All Rights Reserved. Customer Success Best Practices ServiceNow’s Best Practice Center of Excellence provides prescriptive, actionable advice to help you maximize the value of your ServiceNow investment. Get started today. Visit Customer Success Center. Contact your ServiceNow team for personalized assistance. Definitive guidance on a breadth of topics Management Technical Tactical Strategic Critical processes Expert insights Common pitfalls and challenges Created and vetted by experts Distilled through a rigorous process to enhance your success Based on thousands of successful implementations across the globe Best practiceinsights from customers, partners, and ServiceNow teams Proven to help you transform with confidence Practical Actionable Value- added Expert-validated Designed for: Executive sponsors Platform owners and teams Service and process owners

Recommended

service-mapping-readiness.pptx
service-mapping-readiness.pptxservice-mapping-readiness.pptx
service-mapping-readiness.pptxssuser34987b
 
itsm-legacy-to-servicenow (2).pptx
itsm-legacy-to-servicenow (2).pptxitsm-legacy-to-servicenow (2).pptx
itsm-legacy-to-servicenow (2).pptxsantosh Kumar
 
itsm-legacy-to-servicenow.pptx
itsm-legacy-to-servicenow.pptxitsm-legacy-to-servicenow.pptx
itsm-legacy-to-servicenow.pptxPrudhviMadasu2
 
Critical steps in Determining Your Value Stream Management Solution
Critical steps in Determining Your Value Stream Management SolutionCritical steps in Determining Your Value Stream Management Solution
Critical steps in Determining Your Value Stream Management SolutionDevOps.com
 
6 Steps to Confirm Successful Workday Deployment
6 Steps to Confirm Successful Workday Deployment6 Steps to Confirm Successful Workday Deployment
6 Steps to Confirm Successful Workday DeploymentZaranTech LLC
 
Software life cycle ppt
Software life cycle pptSoftware life cycle ppt
Software life cycle pptArsalanAman
 
Software life cycle ppt
Software life cycle pptSoftware life cycle ppt
Software life cycle pptArsalanAman
 
The Journey to Mainframe DevOps
The Journey to Mainframe DevOpsThe Journey to Mainframe DevOps
The Journey to Mainframe DevOpsMicro Focus
 

Recommended

service-mapping-readiness.pptx
service-mapping-readiness.pptxservice-mapping-readiness.pptx
service-mapping-readiness.pptxssuser34987b
 
itsm-legacy-to-servicenow (2).pptx
itsm-legacy-to-servicenow (2).pptxitsm-legacy-to-servicenow (2).pptx
itsm-legacy-to-servicenow (2).pptxsantosh Kumar
 
itsm-legacy-to-servicenow.pptx
itsm-legacy-to-servicenow.pptxitsm-legacy-to-servicenow.pptx
itsm-legacy-to-servicenow.pptxPrudhviMadasu2
 
Critical steps in Determining Your Value Stream Management Solution
Critical steps in Determining Your Value Stream Management SolutionCritical steps in Determining Your Value Stream Management Solution
Critical steps in Determining Your Value Stream Management SolutionDevOps.com
 
6 Steps to Confirm Successful Workday Deployment
6 Steps to Confirm Successful Workday Deployment6 Steps to Confirm Successful Workday Deployment
6 Steps to Confirm Successful Workday DeploymentZaranTech LLC
 
Software life cycle ppt
Software life cycle pptSoftware life cycle ppt
Software life cycle pptArsalanAman
 
Software life cycle ppt
Software life cycle pptSoftware life cycle ppt
Software life cycle pptArsalanAman
 
The Journey to Mainframe DevOps
The Journey to Mainframe DevOpsThe Journey to Mainframe DevOps
The Journey to Mainframe DevOpsMicro Focus
 
Enterprise Software Implementation
Enterprise Software ImplementationEnterprise Software Implementation
Enterprise Software Implementationbrh184
 
Credencys_Staff_Augmentation_Processes
Credencys_Staff_Augmentation_ProcessesCredencys_Staff_Augmentation_Processes
Credencys_Staff_Augmentation_ProcessesShawn Rich
 
Development and implementation of hris
Development and implementation of hrisDevelopment and implementation of hris
Development and implementation of hrisVasavi Vedagiri
 
Best Practices for Successful ServiceNow Implementation with DxSherpa Technol...
Best Practices for Successful ServiceNow Implementation with DxSherpa Technol...Best Practices for Successful ServiceNow Implementation with DxSherpa Technol...
Best Practices for Successful ServiceNow Implementation with DxSherpa Technol...DxSherpaTechnologies
 
Asset Finance Systems: Project Initiation "101"
Asset Finance Systems: Project Initiation "101"Asset Finance Systems: Project Initiation "101"
Asset Finance Systems: Project Initiation "101"David Pedreno
 
Appliance Warehouse Service Plan.The discussion focuses on the.docx
Appliance Warehouse Service Plan.The discussion focuses on the.docxAppliance Warehouse Service Plan.The discussion focuses on the.docx
Appliance Warehouse Service Plan.The discussion focuses on the.docxfestockton
 
Appliance Warehouse Service Plan.The discussion focuses on the.docx
Appliance Warehouse Service Plan.The discussion focuses on the.docxAppliance Warehouse Service Plan.The discussion focuses on the.docx
Appliance Warehouse Service Plan.The discussion focuses on the.docxRAHUL126667
 
Sophanic's Company Profile
Sophanic's Company ProfileSophanic's Company Profile
Sophanic's Company ProfileSocrates Okonkwo
 
General checklist for the development project
General checklist for the development projectGeneral checklist for the development project
General checklist for the development projectkeshav2011
 
ServiceNow Implementation process and impact on growing business.pdf
ServiceNow Implementation process and impact on growing business.pdfServiceNow Implementation process and impact on growing business.pdf
ServiceNow Implementation process and impact on growing business.pdfAelum Consulting
 
Risk Management Software Implementation Guide eBook
Risk Management Software Implementation Guide eBookRisk Management Software Implementation Guide eBook
Risk Management Software Implementation Guide eBookGlenn Peake
 
Embarking on Your ServiceNow SecOps Journey: A Secure and Efficient Path
Embarking on Your ServiceNow SecOps Journey: A Secure and Efficient PathEmbarking on Your ServiceNow SecOps Journey: A Secure and Efficient Path
Embarking on Your ServiceNow SecOps Journey: A Secure and Efficient PathAelum Consulting
 
Navigating Excellence with ServiceNow Consulting.pdf
Navigating Excellence with ServiceNow Consulting.pdfNavigating Excellence with ServiceNow Consulting.pdf
Navigating Excellence with ServiceNow Consulting.pdfAelum Consulting
 
Release Management: Managing Your Internal Releases
Release Management: Managing Your Internal ReleasesRelease Management: Managing Your Internal Releases
Release Management: Managing Your Internal ReleasesJoshua Hoskins
 
Sapple systems capability document
Sapple systems capability documentSapple systems capability document
Sapple systems capability documentSapple Systems
 
Sapple systems capability document
Sapple systems capability documentSapple systems capability document
Sapple systems capability documentSubhasit Ratnam
 
Importance of Salesforce Implementation Services in 2024.pdf
Importance of Salesforce Implementation Services in 2024.pdfImportance of Salesforce Implementation Services in 2024.pdf
Importance of Salesforce Implementation Services in 2024.pdfDianApps Technologies
 
Asset Finance Systems: Project Initiation "101"
Asset Finance Systems: Project Initiation "101"Asset Finance Systems: Project Initiation "101"
Asset Finance Systems: Project Initiation "101"David Pedreno
 
Rana Mansoor Ahmed
Rana Mansoor AhmedRana Mansoor Ahmed
Rana Mansoor AhmedRana Mansoor
 
Online Software Testing Course
Online Software Testing CourseOnline Software Testing Course
Online Software Testing Coursejaymicrosoftva
 
PKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptxPKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptxPramod Kumar Srivastava
 
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...Suhani Kapoor
 

More Related Content

Similar to vulnerability-response-implementation.pptx

Enterprise Software Implementation
Enterprise Software ImplementationEnterprise Software Implementation
Enterprise Software Implementationbrh184
 
Credencys_Staff_Augmentation_Processes
Credencys_Staff_Augmentation_ProcessesCredencys_Staff_Augmentation_Processes
Credencys_Staff_Augmentation_ProcessesShawn Rich
 
Development and implementation of hris
Development and implementation of hrisDevelopment and implementation of hris
Development and implementation of hrisVasavi Vedagiri
 
Best Practices for Successful ServiceNow Implementation with DxSherpa Technol...
Best Practices for Successful ServiceNow Implementation with DxSherpa Technol...Best Practices for Successful ServiceNow Implementation with DxSherpa Technol...
Best Practices for Successful ServiceNow Implementation with DxSherpa Technol...DxSherpaTechnologies
 
Asset Finance Systems: Project Initiation "101"
Asset Finance Systems: Project Initiation "101"Asset Finance Systems: Project Initiation "101"
Asset Finance Systems: Project Initiation "101"David Pedreno
 
Appliance Warehouse Service Plan.The discussion focuses on the.docx
Appliance Warehouse Service Plan.The discussion focuses on the.docxAppliance Warehouse Service Plan.The discussion focuses on the.docx
Appliance Warehouse Service Plan.The discussion focuses on the.docxfestockton
 
Appliance Warehouse Service Plan.The discussion focuses on the.docx
Appliance Warehouse Service Plan.The discussion focuses on the.docxAppliance Warehouse Service Plan.The discussion focuses on the.docx
Appliance Warehouse Service Plan.The discussion focuses on the.docxRAHUL126667
 
Sophanic's Company Profile
Sophanic's Company ProfileSophanic's Company Profile
Sophanic's Company ProfileSocrates Okonkwo
 
General checklist for the development project
General checklist for the development projectGeneral checklist for the development project
General checklist for the development projectkeshav2011
 
ServiceNow Implementation process and impact on growing business.pdf
ServiceNow Implementation process and impact on growing business.pdfServiceNow Implementation process and impact on growing business.pdf
ServiceNow Implementation process and impact on growing business.pdfAelum Consulting
 
Risk Management Software Implementation Guide eBook
Risk Management Software Implementation Guide eBookRisk Management Software Implementation Guide eBook
Risk Management Software Implementation Guide eBookGlenn Peake
 
Embarking on Your ServiceNow SecOps Journey: A Secure and Efficient Path
Embarking on Your ServiceNow SecOps Journey: A Secure and Efficient PathEmbarking on Your ServiceNow SecOps Journey: A Secure and Efficient Path
Embarking on Your ServiceNow SecOps Journey: A Secure and Efficient PathAelum Consulting
 
Navigating Excellence with ServiceNow Consulting.pdf
Navigating Excellence with ServiceNow Consulting.pdfNavigating Excellence with ServiceNow Consulting.pdf
Navigating Excellence with ServiceNow Consulting.pdfAelum Consulting
 
Release Management: Managing Your Internal Releases
Release Management: Managing Your Internal ReleasesRelease Management: Managing Your Internal Releases
Release Management: Managing Your Internal ReleasesJoshua Hoskins
 
Sapple systems capability document
Sapple systems capability documentSapple systems capability document
Sapple systems capability documentSapple Systems
 
Sapple systems capability document
Sapple systems capability documentSapple systems capability document
Sapple systems capability documentSubhasit Ratnam
 
Importance of Salesforce Implementation Services in 2024.pdf
Importance of Salesforce Implementation Services in 2024.pdfImportance of Salesforce Implementation Services in 2024.pdf
Importance of Salesforce Implementation Services in 2024.pdfDianApps Technologies
 
Asset Finance Systems: Project Initiation "101"
Asset Finance Systems: Project Initiation "101"Asset Finance Systems: Project Initiation "101"
Asset Finance Systems: Project Initiation "101"David Pedreno
 
Rana Mansoor Ahmed
Rana Mansoor AhmedRana Mansoor Ahmed
Rana Mansoor AhmedRana Mansoor
 
Online Software Testing Course
Online Software Testing CourseOnline Software Testing Course
Online Software Testing Coursejaymicrosoftva
 

Similar to vulnerability-response-implementation.pptx (20)

Enterprise Software Implementation
Enterprise Software ImplementationEnterprise Software Implementation
Enterprise Software Implementation
 
Credencys_Staff_Augmentation_Processes
Credencys_Staff_Augmentation_ProcessesCredencys_Staff_Augmentation_Processes
Credencys_Staff_Augmentation_Processes
 
Development and implementation of hris
Development and implementation of hrisDevelopment and implementation of hris
Development and implementation of hris
 
Best Practices for Successful ServiceNow Implementation with DxSherpa Technol...
Best Practices for Successful ServiceNow Implementation with DxSherpa Technol...Best Practices for Successful ServiceNow Implementation with DxSherpa Technol...
Best Practices for Successful ServiceNow Implementation with DxSherpa Technol...
 
Asset Finance Systems: Project Initiation "101"
Asset Finance Systems: Project Initiation "101"Asset Finance Systems: Project Initiation "101"
Asset Finance Systems: Project Initiation "101"
 
Appliance Warehouse Service Plan.The discussion focuses on the.docx
Appliance Warehouse Service Plan.The discussion focuses on the.docxAppliance Warehouse Service Plan.The discussion focuses on the.docx
Appliance Warehouse Service Plan.The discussion focuses on the.docx
 
Appliance Warehouse Service Plan.The discussion focuses on the.docx
Appliance Warehouse Service Plan.The discussion focuses on the.docxAppliance Warehouse Service Plan.The discussion focuses on the.docx
Appliance Warehouse Service Plan.The discussion focuses on the.docx
 
Sophanic's Company Profile
Sophanic's Company ProfileSophanic's Company Profile
Sophanic's Company Profile
 
General checklist for the development project
General checklist for the development projectGeneral checklist for the development project
General checklist for the development project
 
ServiceNow Implementation process and impact on growing business.pdf
ServiceNow Implementation process and impact on growing business.pdfServiceNow Implementation process and impact on growing business.pdf
ServiceNow Implementation process and impact on growing business.pdf
 
Risk Management Software Implementation Guide eBook
Risk Management Software Implementation Guide eBookRisk Management Software Implementation Guide eBook
Risk Management Software Implementation Guide eBook
 
Embarking on Your ServiceNow SecOps Journey: A Secure and Efficient Path
Embarking on Your ServiceNow SecOps Journey: A Secure and Efficient PathEmbarking on Your ServiceNow SecOps Journey: A Secure and Efficient Path
Embarking on Your ServiceNow SecOps Journey: A Secure and Efficient Path
 
Navigating Excellence with ServiceNow Consulting.pdf
Navigating Excellence with ServiceNow Consulting.pdfNavigating Excellence with ServiceNow Consulting.pdf
Navigating Excellence with ServiceNow Consulting.pdf
 
Release Management: Managing Your Internal Releases
Release Management: Managing Your Internal ReleasesRelease Management: Managing Your Internal Releases
Release Management: Managing Your Internal Releases
 
Sapple systems capability document
Sapple systems capability documentSapple systems capability document
Sapple systems capability document
 
Sapple systems capability document
Sapple systems capability documentSapple systems capability document
Sapple systems capability document
 
Importance of Salesforce Implementation Services in 2024.pdf
Importance of Salesforce Implementation Services in 2024.pdfImportance of Salesforce Implementation Services in 2024.pdf
Importance of Salesforce Implementation Services in 2024.pdf
 
Asset Finance Systems: Project Initiation "101"
Asset Finance Systems: Project Initiation "101"Asset Finance Systems: Project Initiation "101"
Asset Finance Systems: Project Initiation "101"
 
Rana Mansoor Ahmed
Rana Mansoor AhmedRana Mansoor Ahmed
Rana Mansoor Ahmed
 
Online Software Testing Course
Online Software Testing CourseOnline Software Testing Course
Online Software Testing Course
 

Recently uploaded

PKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptxPKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptxPramod Kumar Srivastava
 
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...Suhani Kapoor
 
Call Girls In Dwarka 9654467111 Escorts Service
Call Girls In Dwarka 9654467111 Escorts ServiceCall Girls In Dwarka 9654467111 Escorts Service
Call Girls In Dwarka 9654467111 Escorts ServiceSapana Sha
 
9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service
9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service
9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort servicejennyeacort
 
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)jennyeacort
 
20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdf20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdfHuman37
 
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...Pooja Nehwal
 
Industrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdfIndustrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdfLars Albertsson
 
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024thyngster
 
9654467111 Call Girls In Munirka Hotel And Home Service
9654467111 Call Girls In Munirka Hotel And Home Service9654467111 Call Girls In Munirka Hotel And Home Service
9654467111 Call Girls In Munirka Hotel And Home ServiceSapana Sha
 
Dubai Call Girls Wifey O52&786472 Call Girls Dubai
Dubai Call Girls Wifey O52&786472 Call Girls DubaiDubai Call Girls Wifey O52&786472 Call Girls Dubai
Dubai Call Girls Wifey O52&786472 Call Girls Dubaihf8803863
 
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Callshivangimorya083
 
INTERNSHIP ON PURBASHA COMPOSITE TEX LTD
INTERNSHIP ON PURBASHA COMPOSITE TEX LTDINTERNSHIP ON PURBASHA COMPOSITE TEX LTD
INTERNSHIP ON PURBASHA COMPOSITE TEX LTDRafezzaman
 
RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998YohFuh
 
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...Florian Roscheck
 
Customer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptxCustomer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptxEmmanuel Dauda
 
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一F La
 

Recently uploaded (20)

PKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptxPKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptx
 
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
 
Call Girls In Dwarka 9654467111 Escorts Service
Call Girls In Dwarka 9654467111 Escorts ServiceCall Girls In Dwarka 9654467111 Escorts Service
Call Girls In Dwarka 9654467111 Escorts Service
 
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
 
9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service
9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service
9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service
 
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
 
20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdf20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdf
 
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
 
Industrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdfIndustrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdf
 
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
 
9654467111 Call Girls In Munirka Hotel And Home Service
9654467111 Call Girls In Munirka Hotel And Home Service9654467111 Call Girls In Munirka Hotel And Home Service
9654467111 Call Girls In Munirka Hotel And Home Service
 
Dubai Call Girls Wifey O52&786472 Call Girls Dubai
Dubai Call Girls Wifey O52&786472 Call Girls DubaiDubai Call Girls Wifey O52&786472 Call Girls Dubai
Dubai Call Girls Wifey O52&786472 Call Girls Dubai
 
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
 
INTERNSHIP ON PURBASHA COMPOSITE TEX LTD
INTERNSHIP ON PURBASHA COMPOSITE TEX LTDINTERNSHIP ON PURBASHA COMPOSITE TEX LTD
INTERNSHIP ON PURBASHA COMPOSITE TEX LTD
 
Decoding Loan Approval: Predictive Modeling in Action
Decoding Loan Approval: Predictive Modeling in ActionDecoding Loan Approval: Predictive Modeling in Action
Decoding Loan Approval: Predictive Modeling in Action
 
RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998
 
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
 
Customer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptxCustomer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptx
 
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
 

vulnerability-response-implementation.pptx

  • 2. 2 © 2021 ServiceNow, Inc. All Rights Reserved. Implement ServiceNow Vulnerability Response (VR) Introduction An effective vulnerability management program is one of the best ways to prevent a security breach. More than half of breaches are the result of known vulnerabilities that patches are available for. A study conducted by ServiceNow and Ponemon Institute showed that an average of 12 days are lost for every vulnerability patched due to team coordination challenges. When vulnerability response is handled with spreadsheets and email, it’s hard to get up-to- date visibility on the organization’s current risk exposure. ServiceNow Vulnerability Response workflow: ServiceNow® Vulnerability Response (VR) is an application that helps you respond faster and more efficiently to vulnerabilities, connect security and IT teams, and provide real-time visibility. It connects the workflow and automation capabilities of the Now Platform® with vulnerability scan data from leading vendors (Qualys, Rapid7, Tenable) to give your teams a single platform for response that can be shared between security and IT.
  • 3. 3 © 2021 ServiceNow, Inc. All Rights Reserved. Implement ServiceNow VR (Continued) Intended use This checklist provides:  The recommended process for implementing ServiceNow VR Stage 1 of maturity (as shown in the maturity model below)  A high-level list of actions for implementation of ServiceNow VR, to be completed with the assistance of a ServiceNow partner certified in the SecOps product suite (including training in the Vulnerability application) or ServiceNow Expert Services  An outline of the lessons learned from previous ServiceNow VR implementations and suggestions to avoid common pitfalls through Practitioner Insights Key steps ServiceNow Vulnerability Response Stages of Maturity Achieving Stage 1 of maturity—automated prioritization—is the recommended first step to quickly realizing value from ServiceNow VR. The benefits of using a readiness checklist are:  Faster implementation and time to value  Awareness of key implementation risks and guidance to avoid them  Enhanced efficiency and quality of the design to ensure the best possible value from your ServiceNow VR 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
  • 4. 4 © 2021 ServiceNow, Inc. All Rights Reserved. Your vision, business objectives, and measures of success for Vulnerability Management drive support from leadership and stakeholders and ensures your implementation creates measurable value. Begin by getting the right people involved and build a good understanding of the capabilities of ServiceNow Vulnerability Response. Then establish a vision of where you want to be after implementation. Step 1: Set your VR vision and outcomes Identify the right people and teams  Product and process owners:  ServiceNow platform team – The ServiceNow platform team will own and maintain ServiceNow VR. Some organizations elect a member or members from the vulnerability response team to own the VR administration duties.  Vulnerability Response technical administrators – These administrators responsible for the administration and configuration of ServiceNow VR and third-party vulnerability response applications (like Qualys, Rapid7, and Tenable).  Vulnerability Response business process owner – This person is responsible for vulnerability response policies and procedures.  Vulnerability Response analysts – Conduct day-to-day vulnerability response activities, such as assigning remediation activities, tracking remediation progress, and acting as an escalation point for remediation teams.  Remediation teams – These teams handle the remediation activities, like patching, on identified vulnerabilities.  Key additional stakeholders to involve in planning:  CISO (or CSO) – Frequently acts as the executive sponsor and must support the implementation for it to be successful  Change management team – Provides critical support for the remediation team when working through the change management process to perform remediation  ServiceNow Configuration Management Database (CMDB) team – Provides expertise on the setup and maintenance of your ServiceNow CMDB for integration with ServiceNow VR 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
  • 5. 5 © 2021 ServiceNow, Inc. All Rights Reserved. Step 1: Set VR vision and outcomes (Continued) Answer the following questions to generate a clear, measurable definition of your vision and desired business outcomes for Vulnerability Response:  What business outcomes do we want to achieve? Many organizations often cite one or more of these objectives: Review VR’s features and functionality  Read the ServiceNow VR overview on the ServiceNow website. Take note of the features, functionality, and benefits of ServiceNow VR.  Review the VR Success Map to understand the processes and best practices you’ll need to implement and maintain to get maximum value.  Review the ServiceNow VR product docs. These resources are more technical and provide additional functionality detail.  Watch this webinar: Ask the Experts: Vulnerability Response. 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation  Singe system of record and/or action  Automated vulnerability assignment and prioritization  Improved visibility  Greater accountability  Increased productivity  Risk-based prioritization  What current challenge is associated with this outcome? For example, your vulnerability triage may be time consuming and error prone.  What problems or obstacles are keeping us from realizing our desired business outcomes? One problem could be that your vulnerabilities are assessed manually, so you often rely on tribal knowledge to determine their correct owner, and some tickets transfer between multiple owners.  What future state can we envision to realize our desired business outcome? For example, you may envision automating vulnerability assessment, prioritization, and assignment by matching vulnerability items with configuration items from the CMDB and risk-based prioritization rules.  What measurable success criteria can define whether we’ve achieved our desired business outcomes? This might be something like 90% assignment accuracy, with tickets assigned to the right team the first time, within one year of implementing Vulnerability Management.
  • 6. 6 © 2021 ServiceNow, Inc. All Rights Reserved. Step 2: Assess team readiness Assess your team’s current state of readiness  Identify your project management resources (including a dedicated project manager) to support implementation.  Confirm that your executive sponsor is committed and fully engaged.  Find out if the people and teams identified in Step 1 have completed the relevant training:  Systems administrators and technical team members who will be involved in implementation and post go-live maintenance should complete the ServiceNow Fundamentals, Security Operations Fundamentals, and Vulnerability Response Implementation trainings before you design.  The platform owner, ServiceNow VR product owner, and process owners should complete the ServiceNow Fundamentals and Security Operations Fundamentals trainings.  Make sure that your system administrators and developers have access to Now Learning and Now Creators for continued skill development.  Use the ServiceNow Customer Success Center for an additional assessment and action plan to support your readiness. There are many processes involved in implementing ServiceNow VR. It’s important for the people involved in implementation to take advantage of the training ServiceNow offers to learn the terminology, functionality, and technical solutions of ServiceNow VR. 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
  • 7. 7 © 2021 ServiceNow, Inc. All Rights Reserved. Step 3: Choose an implementation partner  Define your strategy for choosing a partner (Use the outcomes and team readiness determined in Step 1.)  List the skills, experience, and resources you have and those you need.  List the ongoing support you expect the partner to provide.  Document your expectations on outcomes (and include in the statement of work, if possible).  Define your performance and success metrics.  Search for candidates  If you previously worked with a partner to implement ServiceNow, meet with that partner.  Consider other subject matter experts, such as your:  ServiceNow team (product line sales, local alliances)  Peers (Take advantage of Now Community)  Use ServiceNow Partner Finder While you can implement Vulnerability Management on your own, we strongly advise you to work with a ServiceNow SecOps-certified partner (or ServiceNow Expert Services). There’s no substitute for experience when it comes to ensuring you achieve the desired business outcomes you set in Step 1. Our data shows that customers working with an implementation partner realize value faster than customers that go it alone. It’s critical to pick the right partner—one that has experience with Vulnerability Management.  Evaluate your candidates  Review their customer satisfaction scores.  Evaluate their practice and platform experience.  Look at your partner’s implementation team’s experience. For example, their years of security, ServiceNow SecOps and ServiceNow implementation experience, ServiceNow certification, etc. Practitioner insight: Don’t go it alone. Find a partner with ServiceNow Security Operations experience, not just ServiceNow ITSM experience, as well as expertise in managing organizational change. Make sure to plan 90-, 180-, and 360-day check-ins with your partner to keep things on track and to avoid surprises. 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
  • 8. 8 © 2021 ServiceNow, Inc. All Rights Reserved. Create an implementation governance committee  Assign your designated ServiceNow platform owner, process owners (vulnerability managers, remediation teams), partner representative, project manager, and other business stakeholders as required. Your executive sponsor should chair this committee.  Define a meeting cadence, standard agenda, and decision process. In addition to standard project tracking, meetings should include:  Project objectives – Clearly identify and prioritize your objectives, such as improvements to process performance, technical usability, etc.  A review of your organizational change management (OCM) activities – See Slide 10 (next) for OCM plan development.  Work with your executive sponsor and ServiceNow platform owner to develop a responsibility assignment matrix (RACI) to establish a common, documented understanding of the decision rights for your migration project.  Make sure that your governance team is prepared to define measures of success for enterprise, security, and operational objectives. These measures of success should come from the goals and metrics discovered in Step 1. Include implementation governance and post-implementation governance as part of your ServiceNow VR journey. Implementation governance you implement successfully, and post- implementation governance helps you achieve long-term success. Your implementation governance team should form your post-implementation governance team. Step 4a: Create a structure for governance Establish a technical governance subcommittee  Assign technical stakeholders, including the staff responsible for support, administration, and integration. Your designated ServiceNow platform owner should chair this subcommittee, supported by your project manager.  Define a meeting cadence, standard agenda, and decision process. In addition to standard project tracking, meetings should include:  Identifying technical obstacles and strategies for resolution  Reviewing requests for new ServiceNow VR functionality  Note: New functionality should require a business justification process.  Your technical governance subcommittee should report to your migration governance committee or steering group. Establish the decision rights between your migration governance committee and technical governance subcommittee in a RACI. Practitioner insight: The governance structure you establish for implementation should set an initial baseline for the governance you’ll need for post go-live maintenance, especially to manage demand. See support on ServiceNow Governance for additional details. 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
  • 9. 9 © 2021 ServiceNow, Inc. All Rights Reserved. For effective adoption and long-term success, take OCM activities into consideration throughout your planning and implementation processes. OCM is critically important for implementing ServiceNow VR since many process owners are unlikely to have been involved in the purchase decisions and initially may not understand the benefits of moving to new processes and a new vulnerability response application. Step 4b: Create a structure for an OCM plan Build an OCM plan:  Make sure you have leadership and executive sponsor support for OCM, including the budget for an OCM program lead and/or ServiceNow expert support. This should also include an explicit definition from leadership on what good OCM looks like for your organization.  Conduct an initial stakeholder analysis and prepare to update it biweekly. See our resources on change management* for more details.  Conduct an OCM readiness assessment* to measure how ready your stakeholders are for the organizational change needed to support ServiceNow VR. Conduct this assessment before your design discussions. Based on your readiness assessment, use our Success Checklist to create an OCM plan* and develop an OCM impact analysis and risk assessment. *Tailor these resources to your use of ServiceNow VR and your business environment. 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
  • 10. 10 © 2021 ServiceNow, Inc. All Rights Reserved. The Now Create methodology is a proven methodology developed from thousands of ServiceNow implementations. It’s the recommended approach to implementation. Step 4c: Review the ServiceNow implementation methodology, Now Create 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation • Understand the business objectives • Establish program governance • Establish the project team • Formally kick off the project Initiate • Conduct process, platform, and integration workshops • Define, review, and prioritize the product backlog • Plan the release • Finalize the project timeline • Document the test strategy • Set up the environment Plan • Run agile scrum cycles • Define support processes and Hypercare approach • Execute communications and awareness roadshows • Plan for UAT and system testing Execute • Perform system testing and UAT • Plan the go-live • Operational Readiness • Train users • Go live Deliver • Operational handoff • Hypercare support • lessons learned • Measure value and champion success • Formally close the project Close
  • 11. 11 © 2021 ServiceNow, Inc. All Rights Reserved. Step 4d: Evaluate your current VR processes  What is your current vulnerability management team structure? (Select one.)  A dedicated team assigned to only vulnerability management responsibilities  Team members are split between other security operations duties and vulnerability management  An internal team running vulnerability management  An external or hybrid team running vulnerability management  How do you handle vulnerability assignment and ownership?  Are any existing groups using ServiceNow to perform vulnerability remediation activities, such as patching or system hardening?  What logic do you use to assign ownership of remediation efforts, in other words, do you have Assignment Rule Conditions? For example, for Windows Server OS vulnerabilities identified on exchange servers, would the Windows Server team own remediation? Answer the following questions about your current state of VR  What is your vulnerability exception process?  Is there a current process by which vulnerability items are deemed as “risk accepted” today? This might be, for example, an inability to fix due to its impact on a mission-critical system.  Who is the approving authority?  How are risk exceptions managed and tracked? For example, are they tracked manually with spreadsheets or with a third-party solution such as a GRC tool, etc.?  Are there any current processes to handle vulnerabilities or exposures deemed to be false positives?  What are the required SLA time(s) for addressing and/or closing identified vulnerabilities? How does the SLA differ by severity, in other words, High/Medium/Low? The implementation design process involves multiple teams, collaborative decision-making, and a thorough understanding of your current processes and technical environment. Because of this, your design phase can often take weeks or longer as you collect the necessary information, coordinate the right people, and solidify decisions. The action items in Step 2 help you proactively collect your design-related information and initiate engagement with the required stakeholders. This will enhance and expediate the design process. 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
  • 12. 12 © 2021 ServiceNow, Inc. All Rights Reserved. Step 4e: Assess your integration needs Document your sources of vulnerability data ServiceNow VR integrates with leading third-party vulnerability scanning tools (Qualys, Tenable, and Rapid7) to bring identified vulnerabilities into ServiceNow to manage vulnerability response.  What vulnerability data sources will be integrated with ServiceNow Vulnerability Response? (Select all that apply.)  Active vulnerability scanners  Passive vulnerability identification tools  Flat file reports  Do you have a copy of the API documentation of your scanning platform?  Are technical staff available who are familiar with the API and scanning platforms?  How often will you perform scans? Set a schedule.  Do you perform a combination of both credentialed and non-credentialed scanning?  What severity ranges (like low, medium, high, critical) of the vulnerabilities identified do you want within ServiceNow?  Do you want to see all IP address network ranges identified by your scanning platform within ServiceNow? (That is, those for development, production, internal, DMZ, external.) Assess your CMDB health ServiceNow VR uses information from configuration items (CIs) in the ServiceNow CMDB to add business context to vulnerabilities. This information helps prioritize and assign ownership for the remediation of that vulnerability.  Assess your CMDB management process against ServiceNow CMDB best practices. If you haven’t set up your CMDB, follow the steps in our Success Playbook on using Discovery to populate your CMDB to do so.  Conduct a CMDB health check.  Document how your CMDB is currently populated with information.  Discovery via network-based tools (if so, what specific tools?)  Manual data-gathering efforts  Vulnerability scanner(s)  Determine if there’s an authoritative source for populating the CMDB with information.  Discovery  Manual data gathering  Vulnerability scanner  Other 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
  • 13. 13 © 2021 ServiceNow, Inc. All Rights Reserved. Creating VR workflows consists of three steps: design, build, and test. Your design phase is focused on generating approved and prioritized stories for development in collaboration with vulnerability management process owners. Begin with a formal kickoff meeting to get everyone on the same page. Step 5a: Conduct a design workshop Conduct a formal kickoff meeting  Include all relevant stakeholders and project team members (including partners and ServiceNow staff). Your executive sponsor should:  Reiterate the business purpose and objectives of the migration project  Reinforce your governance model for the project, including an explicit definition of how decisions will be made  Define the expectations and requirements for all stakeholders and team members involved in the project  Your partner or ServiceNow engagement manager should:  Introduce your partner and ServiceNow delivery team members  Walk through the implementation approach and project plan Practitioner insight: Work to avoid customization. Challenge all requirements for customization using the scorecard method outlined in our resources on avoiding customization pitfalls. 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
  • 14. 14 © 2021 ServiceNow, Inc. All Rights Reserved. Step 5a: Conduct a design workshop (Continued)  Determine your integration requirements – Use the information you collected in Step 2 to:  Determine the vulnerability data to integrate into ServiceNow Vulnerability Management, for example, all data or a subset of data based on severities, findings of certain network segments, etc.)  Develop a strategy to integrate third-party vulnerability solutions—Qualys, Tenable, Rapid7, etc.—including a plan for historical data loads  Work with the ServiceNow CMDB team to make sure the CMDB data is up to date with accurate data and establish CI lookup rules for how vulnerabilities are matched with CIs to aid in remediation.  Define future state Vulnerability Response processes:  Develop rules for assigning vulnerable items (VI) vulnerability grouping to determine how VIs are assigned for remediation.  Design workflows for the vulnerability response lifecycle.  Define risk scoring for VI prioritization.  Detail the exception process and workflows. The design workshop should bring together all relevant stakeholders (identified in Step 1) to: define the future state vulnerability response process and process workflow you’ll use within the Now Platform; design high-level solution architecture and integrations; and define configuration requirements in the form of user stories. In addition, use this workshop to determine your reporting and notifications needs. ServiceNow VR reporting provides visibility into the vulnerabilities in your environment and the status of your vulnerability response workflows.  Select desired reports:  Review examples of the reports you use today.  Using the outcomes defined in Step 1, define your group and organizational goals. For example, you may want to remediate critical VIs within the time frame set by policy.  For each goal, define the question(s) you need answered in order to determine your progress toward that goal. For example, what’s the number of critical VIs currently assigned for remediation within policy? How many critical VIs are currently assigned for remediation outside policy? What’s the number of critical VIs not assigned and/or outside policy?  For each question, define the metric(s) you would gather in order to provide a quantitative answer to that question. For example, SLA – Critical Vulnerable Items closed within 5 business days.  Select or configure the reports you need to provide the metric(s). For example, SLA report on assigned Critical Vulnerable Items or List of unassigned critical vulnerable items showing CI Ownership information. 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
  • 15. 15 © 2021 ServiceNow, Inc. All Rights Reserved. Complete final testing  Complete a full suite of tests after you finish development, including:  A repeat of all unit tests together to confirm functionality  UAT for both end-to-end processes and defined user scenarios – Testers (typically process managers and users) need to understand the intended design fully to avoid raising defects for correct functionality. Step 5b: Build and test your VR workflows Define your development plan  Document and review the stories from your design workshop with process owners. Document your process owners’ approval and agreement that the stories correctly represent the design agreed to in the implementation workshop.  Prioritize the approved stories based on their contribution to your business objectives and available capacity. Have the migration governance committee you established (Step 4a) approve the prioritization.  Assign prioritized stories to defined development sprints. Each sprint should have a defined outcome, such as implementing the core incident management process, and should ideally last two weeks. Make sure these things happen at the end of each sprint:  The process owner demonstrates the functionality built to test the desired outcome and allow for any necessary corrections  Your developers conducts unit tests for each story, ideally using ServiceNow Automated Test Framework and run a sprint scan through HealthScan to make sure that development has aligned with best practices  Your developers report on story completion and test results to your technical governance subcommittee, especially to surface any technical obstacles that may affect additional development Follow an iterative or Agile approach when you build and test and include unit testing. Once you complete development, run a full set of tests, including user acceptance testing (UAT). 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
  • 16. 16 © 2021 ServiceNow, Inc. All Rights Reserved. Step 6: Initiate OCM activities Prepare for train-the-trainer sessions  Assign dedicated internal trainers to your project. ServiceNow experts will provide train-the-trainer sessions to familiarize them with the ServiceNow VR product and support the development of an internal curriculum.  Identify process managers and frontline users—vulnerability response analysts, remediation teams, etc.—who will be good candidates to lead peer-to-peer training. Don’t select these candidates based solely on their seniority and expertise but also on their ability to influence peers. Develop training plans for process users  Using your internal trainers (and peer-to-peer resources), provide training for the staff involved in related processes. Training should focus on establishing clarity around how new processes work in ServiceNow and how to work effectively with them.  Deliver your training in modules so process users can focus on the processes most relevant to their day-to-day work. Perform OCM activities and training should in parallel to your design, build, and test activities so they reinforce each other. Make sure your migration project plan includes adequate investment (including ServiceNow experts and/or internal staff) to support OCM and training so you can avoid any lag between your go-live and target adoption. Practitioner insight: Creating customized content, reviewing and finalizing materials, and preparing internal trainers takes a few weeks at a minimum. Begin planning for training early but defer content creation until go-live data is near to make sure that the content accurately mirrors the final configuration. For additional details, see our Success Quick Answer on the pitfalls to avoid when training process users. Plan go-live communications to support adoption  Create content and for multi-channel communications to announce the go-live. Structures for this established in Step 3, Slide 11.  Capture and promote quick wins to demonstrate early success.  Identify the functionality or features that have wide visibility among process users and end-users that are within scope for implementation. Promote these to drive wider interest in and adoption of ServiceNow.  Identify ServiceNow champions among your process users who can promote quick wins and influence adoption among peers. 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
  • 17. 17 © 2021 ServiceNow, Inc. All Rights Reserved. Step 7: Plan your go-live Plan your go-live support  Make sure you have 24/7 support from a designated response team for at least two days after your go-live.  Task your implementation team with providing hypercare for a period defined by your migration governance committee (typically two weeks) to address any issues or bugs. When you plan your go-live, set your launch data, cutover strategy, support, and transition to “run.” Plan your go-live date  Your technical governance subcommittee nominates a date based on your technical readiness.  Your migration governance committee validates or changes this date based on your business readiness criteria, which includes:  Determining whether enough staff have met the training requirements  Assessing the success of your OCM activities and readiness  Assessing whether there are any competing issues or priorities that will distract the stakeholders  Assessing the readiness of any third parties that support your go-live  Assess whether there will be operational downtime and plan accordingly. Plan your transition to “run”  Transition the ownership of support from the implementation team to your internal ServiceNow platform team and ServiceNow VR owner. Most members of your ServiceNow platform team should be on the implementation team and familiar with the system.  Transition governance to the functions responsible for strategic, portfolio, and technical governance.  Make sure you have processes in place to intake and manage demand for additional configuration and functionality (including enhancements).  Make sure you have processes in place for reporting bugs and providing support and resolution.  Confirm that go-live communications are distributed and elicit feedback to ensure successful adoption. 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
  • 18. 18 © 2021 ServiceNow, Inc. All Rights Reserved. Step 8: Measure your success and adjust Identify (and put tracking in place for) your KPIs and diagnostic metrics  Your governance functions—strategic, portfolio, and technical—should make sure that their kickoff agendas include definitions of relevant KPIs (measuring progress towards objectives) and diagnostic metrics (identifying risks to progress).  Establish a clear line of sight from your business objectives to the KPIs and metrics created at the portfolio and technical level. For example, implementing a specific product or feature may represent a KPI at a technical level that should roll up to a KPI for value realization at a strategic level.  Keep reporting and communications focused on a small number of KPIs that best reflect progress against your objectives and include usage/adoption targets.  Keep your diagnostic metrics actionable. For more information, see our resources on KPIs and diagnostic metrics. Assuming you defined clear business and functional objectives before migration, your next step is to make sure you have the right key performance indicators (KPIs) and diagnostic metrics in place to assess your progress against objectives. Build playbooks that include the actions you can use to respond to any red flags seen in your diagnostic metrics  Set thresholds for risk in your diagnostic metrics that should trigger a response.  Work with your process and service owners to make sure you have the right diagnostic metrics and to develop playbooks. Build dashboards to visualize your progress and support clear decision-making  Create dashboards using the dashboard requirements from your ServiceNow platform owner, service owners, process owners, and executive sponsor and/or senior leaders (established in Step 2). See our Success Quick Answer on creating custom dashboards for additional details. 1. Set VR vision and outcomes 2. Assess team readiness 3. Choose an implementation partner 5. Design, build, and test VR workflows 6. Initiate OCM activities 7. Plan go-live 8. Measure success and adjust 4. Plan for implementation
  • 19. 19 © 2021 ServiceNow, Inc. All Rights Reserved. Related resources Success Playbook – Where to start the implementation journey with ServiceNow Success Checklist – Build a phased program plan, identify quick wins Now Community – Security Operations—For New Customers Vulnerability Response Product Documentation Success Map – Vulnerability Response Security Operations Value Calculator
  • 20. 20 © 2021 ServiceNow, Inc. All Rights Reserved. Customer Success Best Practices ServiceNow’s Best Practice Center of Excellence provides prescriptive, actionable advice to help you maximize the value of your ServiceNow investment. Get started today. Visit Customer Success Center. Contact your ServiceNow team for personalized assistance. Definitive guidance on a breadth of topics Management Technical Tactical Strategic Critical processes Expert insights Common pitfalls and challenges Created and vetted by experts Distilled through a rigorous process to enhance your success Based on thousands of successful implementations across the globe Best practiceinsights from customers, partners, and ServiceNow teams Proven to help you transform with confidence Practical Actionable Value- added Expert-validated Designed for: Executive sponsors Platform owners and teams Service and process owners

Editor's Notes

  1. ServiceNow customers aspire to exceptional business outcomes. They expect not only great products, but prescriptive guidance and insight to accelerate their journey to value. ServiceNow’s Best Practice Center of Excellence delivers this guidance through our Customer Success Center, a free resource available to all our customers and partners.   On the CSC, you’ll find best practices answering top customer questions on a range of topics from how to define your strategic roadmap to tactical questions like how to assess CMDB health. We comprehensively answer technical and management questions, whether you want to know how to manage customization or how to build your ServiceNow team. No matter what your role is, you’ll find resources that save you time and money. We create these insights by working with ServiceNow experts from customers, partners, and our own teams. Think of these resources as the collective advice of the ServiceNow ecosystem, extending the power to your team. Customers like you are using these practical, actionable resources to save time and give them decision-making confidence.   I invite you visit the Customer Success Center today. Let’s make a plan on how you and your team can use it on your journey.