Certified Implementation Specialist - Security Incident Response (CIS-SIR) Delta Exam Study Guide
Article
KB0012138

Certified Implementation Specialist - Security Incident Response (CIS-SIR) Delta Exam Study Guide

Article metadata.
This article was updated This article has 1816 views.

Release: Xanadu

Audience

All Learners

Overview

Use this study guide when completing your delta exam in Now Learning. The content presented in this knowledge article is the exam content you will be tested on to maintain your certification. In addition, we always encourage you to review ServiceNow's Product Documentation.

Delta Exam Study Guide Content

The ServiceNow® Security Incident Response (SIR) application helps your organization connect security and IT teams, respond faster and efficiently to threats, and view your organization's security posture. Security Incident Response was enhanced and updated in the Xanadu release.

In the Xanadu release, dedicated Slack channels can be automatically created for Incident Managers to engage with Incident Responders to manage major security incidents with the MSIM Slack integration. Configuring and subscribing to a Slack chat environment, retrieving chat conversations from within specified channels, and archiving the Slack and associated channels are included as part of the incident closure process. A designated Slack environment and related Slack API configuration is required to create individual channels that are specific to a Major Security Incident.

The Xanadu release also features the ability to configure Shift Handover Templates. This allows users to Provide detailed communication of critical information, tasks, and updates between outgoing and incoming personnel for a seamless transition between shifts by using the Shift Handover feature. Improve operational continuity, reduce errors, and increase overall efficiency in the workplace.

Another new feature in this release is the Playbook for Legal Request.  This playbook provides step-by-step guidance on how legal teams can be informed about the latest summary of a major security incident so they can notify the SEC in the 4-day time frame that is required for material breaches. Process Automation Designer (PAD) templates can be used to perform the steps in the Legal Request playbook and inform the Legal team accordingly.

In Xanadu, the Risk score configuration in the Security Incident Response workspace has been enhanced with additional capabilities.  Configurations now include the ability to set up a Risk Score Calculator from either script or condition builders, apply multiple conditions while setting up rule-based scoring and apply weightage to each scoring line (Weights should add up to 100). For rule-based scoring, users can now select table fields and values for setting up a condition. Also, users can now capture conditions and scoring via scripts and manually execute risk score calculators to recalculate after making changes.

Along with these featured Security Incident Response updates, Xanadu also provides the ability to share mobile-friendly Executive Status Reports with users outside a ServiceNow instance, including third-party vendors, other entities, or email distribution lists.

The ServiceNow Threat Intelligence Security Center (TISC) application empowers your organization to connect security and IT teams so you can respond faster and more efficiently to threats. Threat Intelligence Security Center highlights for the Xanadu release includes the ability to organize and manage the creation of observables through the implementation of TISC API 2.0.  Additionally, expiration policies can be defined at a more granular level by creating expiration rules for data source and record type combinations.  In the Security Incident Response Workspace, the TISC Context tab now shows the related information for selected observables.

Lastly, Xanadu provides key DLP changes. Users should be aware that providing a closure code when closing a DLP incident from the DLP IR analyst workspace is now mandatory.