Internship Plan










=========================================================================

  1. Experience in customizing and configuring Incident, Problem, and Change Management modules.

  2. Core Platform Configuration: Table creation, field configuration, reference qualifiers, and dictionary overrides.

  3. Client-Side Scripting: Proficient in Client Scripts and UI Policies.

  4. Server-Side Scripting: Hands-on experience with Business Rules, Script Includes, Fix Scripts, Background Scripts, and Data Policies.

  5. Service Catalog: Designed and developed Service Catalog Items, Order Guides, and Record Producers. Built workflows using Workflow Editor and Flow Designer.

  6. Performance Analytics: Created PA dashboards, indicators, breakdowns, widgets, automated data collection, and insights for SLA/operational metrics.

  7. SLAs & Notifications: Configured Response and Resolution SLAs. Managed email notifications using Email Digest, push messages, and email scripts.

  8. Integrations: Worked with REST APIs, SAP integrations, Inbound/Outbound integrations, and Virtual Agent (HGPT).

  9. Data Management: Experience with Import Sets, Transform Maps, data mapping, and Inbound Email Actions.

  10. Security: Configured Access Control Rules (ACLs) for record- and field-level security.

  11. Reporting & Automation: Built custom reports and implemented Scheduled Jobs for automation.

  1. Production Movement: Managed migration of update sets between environments and resolved migration errors.

===============================================================


🎓 End-to-End ServiceNow IRM Training with RAM & Real-Time Project

🧭 Module 1: Introduction to IRM

Goal: Understand what IRM is and how it fits into enterprise risk management.

  • What is IRM?

  • IRM vs GRC

  • IRM architecture in ServiceNow

  • Key tables: Risk Register, Risk Statement, Entity, Control, Indicator

  • RAM overview: how risk is scored using Likelihood × Impact × Control Effectiveness

🔍 Module 2: Risk Identification

Goal: Learn how to identify and document risks.

  • Define business entities (e.g., departments, services)

  • Create risk categories (Operational, Compliance, Strategic, IT)

  • Add risk statements to the Risk Register

  • Link risks to entities

  • RAM Connection: Identification sets the stage for RAM scoring — risks must be clearly defined to assess them

🧪 Demo Data:

  • Entity: “Payments Department”

  • Risk: “Unauthorized access to payment gateway”

📊 Module 3: Risk Assessment

Goal: Assess risks using RAM scoring models.

  • Define risk criteria: Likelihood, Impact, Velocity

  • Create scoring profiles (Inherent & Residual Risk)

  • Configure RAM formulas:

    • Inherent Risk = Likelihood × Impact

    • Residual Risk = Inherent Risk × (1 – Control Effectiveness)

  • Create assessment templates with weighted questions

🧪 Demo Data:

  • Likelihood: High (4)

  • Impact: Critical (5)

  • Inherent Risk Score: 4 × 5 = 20

  • Control: MFA (Effectiveness: 80%)

  • Residual Risk Score: 20 × (1 – 0.8) = 4

🛡️ Module 4: Risk Response

Goal: Decide how to treat risks based on RAM scores.

  • Response types: Accept, Avoid, Transfer, Mitigate

  • Create mitigation tasks

  • Link controls to risks

  • Assign owners and deadlines

  • RAM Connection: RAM scores guide which risks need mitigation and how urgently

🧪 Demo Data:

  • Response: Mitigate

  • Task: “Implement MFA for payment gateway”

  • Control: “MFA Policy”

🔁 Module 5: Risk Review

Goal: Periodically review and update risks.

  • Risk lifecycle stages: Identified → Assessed → Responded → Reviewed

  • Risk Watch List

  • Risk Aging and Exceptions

  • RAM Connection: Reassess risks using RAM when indicators change or controls fail

🧪 Demo Data:

  • Review Frequency: Quarterly

  • Exception: “MFA rollout delayed”

📈 Module 6: Risk Monitoring

Goal: Monitor risks using indicators and dashboards.

  • Create indicators (e.g., % of MFA coverage, # of failed logins)

  • Link indicators to risks and controls

  • Set thresholds and alerts

  • Build dashboards for executives

  • RAM Connection: Indicators trigger reassessments using RAM scoring logic

🧪 Demo Data:

  • Indicator: “Failed login attempts”

  • Threshold: >100/week triggers reassessment

🧮 Module 7: Risk Calculation & Scoring

Goal: Customize risk scoring using RAM formulas.

  • Manual vs automated scoring

  • Weighting factors: Likelihood (40%), Impact (60%)

  • Configure risk matrix

  • Use scoring profiles to calculate risk levels

  • RAM Connection: Students build and apply RAM formulas to calculate scores

🧪 Demo Data:

  • Risk Matrix: 5×5 grid

  • Score: 20 = “Very High Risk”

⚙️ Module 8: Risk Automation

Goal: Automate IRM workflows and reassessments.

  • Scheduled assessments

  • Workflow triggers (e.g., indicator breach)

  • Notifications and escalations

  • Integration with Security Incidents

  • RAM Connection: RAM logic is embedded in automation rules

🧪 Demo Data:

  • Workflow: “Reassess risk if MFA coverage < 80%”

  • Notification: “Send alert to Risk Manager”

🧪 Final Real-Time Project: IRM for FinTech Company

Scenario: A FinTech startup wants to manage cybersecurity and compliance risks using IRM.

Steps:

  1. Define entities: Payments, Lending, IT

  2. Identify risks: API breach, insider threat

  3. Assess risks using RAM scoring

  4. Respond with mitigation plans

  5. Monitor with indicators

  6. Automate reassessments

  7. Report via dashboards

============================================================


Comments

Post a Comment

Popular posts from this blog

Workflow

Image
  IRM / Policy Exception, Questionnaire, Assessment, Attestation 1. Policy Exception [ Policy Record ] ( grc_policy ) → stores policies ↓ [ Exception Request] ( grc_policy_exception ) → user requests exception ↓ [Review & Approval] → policy owner approves/rejects ↓ [Implementation] → apply approved exception ↓ [Closure] → attach evidence and close request 2. Questionnaire [ Assessment Template ] ( asmt_metric_type ) → defines questionnaire ↓ [ Questions / Metrics ] ( asmt_metric ) → individual questions ↓ [ Assessment Instance ] ( asmt_assessment_instance ) → triggers questionnaire ↓ [ Responses Collected ] ( asmt_assessment_instance_question ) → vendor/user answers ↓ [ Review & Score ] → evaluator reviews and scores responses 3. Assessment [Assessment Record] ( grc_assessment ) → assessment initiated ↓ [Assign Assessor] → responsible person evaluates ↓ [Collect Evidence] → gather supporting docu...
Read more

SCRIPTING BR

  1. Auto-Create Problem When Incident Reaches Certain Priority Q: How to automatically create a problem record when incident priority is Critical (1)? if (current. priority == 1 && current. state == 2 ) { // In Progress var pr = new GlideRecord ( 'problem' ); pr. initialize (); pr. short_description = current. short_description ; pr. incident = current. sys_id ; pr. insert (); } Steps: After Update BR on incident Condition: priority = 1 and state = In Progress Script: above Tables: incident.priority , problem.incident 2. Link Problem to All Related Incidents Q: How to link multiple incidents to a problem automatically? var gr = new GlideRecord ( 'incident' ); gr. addQuery ( 'category' , current. category ); gr. addQuery ( 'state' , '!=' , 7 ); // Not Closed gr. query (); while (gr. next ()){ gr. problem_id = current. sys_id ; // current = problem gr. update (); } Steps: ...
Read more