Hi guys!!!

So this is the second article of the VR series and if you have not skimmed through the first article of the series then just [click here](https://community.servicenow.com/community?id=community%5Farticle&sys%5Fid=69fe151cdbf05c104819fb243996190d) and come back. Sequence is important. In this article will try to create a clear understanding of **maturity levels for Sec-Ops** and then will just touch base on importance of **Service Asset & Configuration Management in Sec-ops**.

At the end I have some memory refresher for **Pokemon Fans**!!! But don’t go directly to the end !!!!!

Ok so, lets start this up with this:

_What was known as **IT Security** became **Data Security**, with focus less upon **who** did it and more about **what** was being secured with the understanding that security is **everyone’s responsibility**_

Not all organisations are mature in their approach to business security. However, it must be remembered that customers whom have contacted you for assistance with deploying the **Servicenow Security Operations** suite therefore not only understand their current weak position, but also seek to strengthen it.

Before moving to the discussion on maturity level for Sec-Ops there is one thing which I want to highlight and that is true for all modules:

Although discussions may revolve around what particular maturity level they(client) hope to achieve, It is recommended to exercise diplomacy and be realistic about organisational expectations, something the **Statement Of Work** and **Engagement Manager** should clarify.

Let’s move on to the maturity levels for Sec-ops(A journey from NooB to PRO)

Level 1: **Basic Operations**:

* _Basic Incident Ticketing_
* _Incident response Definition_
* _Integrated with Core security systems_
* _Process and Accountability Defined_
* _Most are here _

Level 2: **Visibility & Performance**

* _Value Based Prioritization(by impact, cost etc.)_
* _KPI’s, Reporting and SLAs_
* _Noise Reduction_

Level 3: **Context and Enrichment**

* _Automated Data Gathering Task_
* _Threat Intelligence Integration with IR_
* _Time to Detect per event reduced_

Level 4: **Automated Remediation**

* _Compress the time to contain and remediate incidents_
* _Enable visibility for changes and task fulfillment across teams_
* _Easily handle common attacks to improve response closure_

Level 5: **Real-Time Risk Visualization**

* _Security Information Network for intel and attack method updates_
* _Automated querying of Internal and supplier environment_
* _Educational expert systems and best practice sharing_

Proper **Service Asset & Configuration Management** is essential to effective security. Deviations in normal expected behavior of an individual Configuration Item requires the business to understand the wider impact upon the overall infrastructure in order to correctly categorize and prioritize the response.

Lack of an accurate CMDB leads to misunderstanding the “bigger picture” in which the business value of assets and how they all interrelate is unclear:

* Security teams lack insight into **mission-critical** business services and applications aligned to underlying infrastructure
* Business-critical system components going offline (either scheduled or unplanned) can cost dearly from huge **business disruption**
* Lack of asset ownership information **hampers investigation** and lines of communication
* SLAS are missed due to misunderstood impact and priority

A small fault in a seemingly insignificant area may be overlooked (for over 200 days!) and quickly become a very expensive data breach, with large fines per day the breach remains uncontained (7 days), leading to:

* **Loss of trust and faith** **internally**, retarding morale and eroding productivity,
* **Loss of reputation externally**, affecting an organization’s ability to continue in business partnerships.

In the ServiceNow platform, the CMDB and Ci relationships help determine of how **vulnerability affect the infrastructure**. Not only can vulnerabilities be represented visually, but configuration information can be baked directly into the Vulnerability Response process.

Time for understanding Service Operations Product Tiers:

**Safe Harbor Notice:** This can change for most updated information in regards to licensing connect with your Account Representative!!

This is my way of Introducing clients with different tiers of products.

**Charmender Tier**: ServiceNow calls it as a ‘Good/Standard’ tier**.** It has two options:

* Standard Security Incident Response: It comes with Security event ingestion, Trusted Circles -Starter and Basic reporting

OR

* Standard Vulnerability Response: It comes with Vulnerability scan ingestion, Vulnerability Re-scan and Basic Reporting

**Charmeleon Tier:** Servicenow calls it as a ‘Better/Professional’ tier.

* Includes both standard offerings(SIR & VR)
* Threat Intelligence and enrichment(Lookup & Feed support)
* Case management\*\*
* Event management\*\*
* PA for advance Reporting\*\*

**Charizard Tier:** Servicenow calls it as a ‘Best/Enterprise’

* Includes Professional Offerings
* Advanced invesigation & containment use cases including Baseline orchestration and automation\*\* & Python based integrations\*\*
* Trusted Security Circles Advanced \*\*

For things marked as \*\* please consult your account representatives

So, its the end of our introduction part2\. From next article we will only focus on vulnerability response starting with Terminologies and PUBG connection. it was important to understand this before starting deep dives in VR.

REQUEST:

If you find the article helpful, please **mark article as helpful** and since it has lot’s of useful links do remember to **bookmark** this article.

In case you need any help, please do connect with me. It will be my pleasure to help you.

Happy Learning Guys!!!

—–>**[Dhruv Gupta](https://www.linkedin.com/in/dhruvceh/?originalSubdomain=in)**