Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close
Home Kingston Security Incident Management Security Operations Security Incident Response Security Incident Response flow templates Security Incident Web/BBS Defacement flow template
  • Versions
  • Products

Contents

Security Incident Web/BBS Defacement flow template

SAVE AS PDF
Other

Security Incident Web/BBS Defacement flow template

The Security Incident - Web/BBS Defacement - Template allows you to perform a series of tasks designed to handle vandalism directed against one of your organization's BBS or web sites.

Before you begin

Role required: sn_si.write

About this task

This flow is triggered when the Category in a security incident is set to Web/BBS defacement.

Procedure

  1. Open the security incident for this occurrence of web or BBS defacement, or create a new security incident.
  2. In Category, select Web/BBS defacement.
  3. Save the record.
  4. Scroll down and open the Response Tasks related list.
    The first of a series of response tasks appears. Each time the record is saved, your response to the previous task either causes the next response task to be created or the flow to end.
    Table 1. Response tasks in Web/BBS Defacement Template
    Response task Action Results
    Security incident assignment Create a security incident for each reported incident of website or BBS defacement. The next response task is executed.
    Defacement verified? Determine whether the website or BBS has in fact been defaced.

    In the task, select Yes or No in Outcome.

    		 If you select Yes, the following response tasks are executed:
    • PR process
    • Law enforcement process
    • Determine and eradicate root cause
    If you select No, the flow ends.
    PR process Perform the steps necessary to notify the public that the website or BBS has been defaced.

    When you are finished with the PR process, set the state of the task to Complete or Incomplete as appropriate.

    		 The Lessons learned meeting task is executed.
    Law enforcement process Perform the steps required to engage the appropriate law enforcement agencies regarding the attack.

    When you are finished, set the state of the task to Complete or Incomplete as appropriate.

    		 The Lessons learned meeting task is executed.
    Determine and eradicate root cause Perform the steps necessary to discover and eliminate the root cause of the defacement.

    Update the State field in the task as appropriate.

    		 If you changed the state of the task to Closed Complete or Cancelled, the next response task is executed.
    Restore site from backup Perform the steps required to back up and restore the website or BBS.

    Update the State field in the task as appropriate.

    		 If you changed the state of the task to Closed Complete or Cancelled, the next response task is executed.
    Test and verify site is restored Verify that the site is restored.

    When you are finished, set the state of the task to Complete or Incomplete as appropriate.

    		 The Lessons learned meeting task is executed.
    Lessons learned meeting Conduct a lessons learned meeting to triage the work performed for this website/BBS defacement incident.

    Update the State field in the task as appropriate.

    		 If you change the state of the task to Closed Complete or Cancelled, the Set state to review task is executed.
    Set state to review No action required. The State of the security incident is changed automatically to Review.

    The flow ends.

Changes to site functionality will be made starting around 6am on January 21st (Pacific Time) and lasting approximately 6 hours.  The site may be intermittently unavailable.