Question 157 - CIS-HAM discussion

According to the ServiceNow Hardware Asset Management documentation, advanced risk assessment is a process of identifying, analyzing, and evaluating the risks associated with hardware assets and configuration items (CIs) in the configuration management database (CMDB)1.Advanced risk assessment uses the Advanced Risk Assessment engine, which is built to address risk through an integrated risk framework2.The advanced risk assessment process consists of the following steps1:

Create a risk assessment scope: This step defines the scope and criteria of the data to be assessed, such as the asset class, category, or attribute. The risk assessment scope also specifies the frequency and duration of the assessment.

Create a risk assessment schedule: This step determines when and how often the assessment runs, based on the risk assessment scope. The risk assessment schedule also defines the assessment owner, who is responsible for overseeing the assessment process and approving the results.

Assign the assessment tasks: This step assigns the assessment tasks to the appropriate assessors, who are the users or groups who have the knowledge and authority to evaluate and update the data. The assessment tasks can be assigned manually or automatically, based on predefined rules or workflows.

Run the assessment: This step executes the assessment process, which involves sending notifications and reminders to the assessors, displaying the data to be assessed in a user-friendly interface, allowing the assessors to review and modify the data, and tracking the progress and status of the assessment tasks.

Review the assessment results: This step allows the assessment owner to verify and approve the results of the assessment, before applying the changes to the CMDB. The assessment owner can also view the risk scores, risk indicators, and risk heat maps of the assessed data.

Handle the risk response: This step involves creating and managing risk response tasks to address the identified risks. Risk response tasks are records that track the actions taken to mitigate, transfer, avoid, or accept the risks. Risk response tasks can be created manually by the assessment owner or automatically by the system based on predefined rules or workflows.

For advanced risk assessment, risk response can be handled in the following ways:

Create multiple risk response tasks: This option allows the assessment owner to create more than one risk response task for each assessed data, depending on the complexity and severity of the risk.For example, the assessment owner can create a mitigation task to reduce the impact or likelihood of the risk, and a transfer task to shift the responsibility or ownership of the risk to another party3.

Create at least one risk response task: This option requires the assessment owner to create at least one risk response task for each assessed data, regardless of the complexity and severity of the risk.This ensures that every risk is addressed and documented in the system3.

The other options are not correct because:

Skipped entirely based on attributes defined in the RAM: This option is not a valid way to handle risk response for advanced risk assessment.The RAM (Risk Assessment Matrix) is a tool that helps to calculate the risk score and risk indicator of the assessed data, based on the impact and likelihood attributes defined in the risk assessment scope1. The RAM does not determine whether to skip the risk response or not.

Must create a mitigation response task: This option is not a mandatory way to handle risk response for advanced risk assessment. A mitigation response task is one of the possible types of risk response tasks, but not the only one.Depending on the risk appetite and strategy of the organization, the assessment owner can choose other types of risk response tasks, such as transfer, avoid, or accept3.

ServiceNow Hardware Asset Management: Advanced Risk Assessment

ServiceNow Hardware Asset Management: Risk response tasks

ServiceNow Hardware Asset Management: ServiceNow Risk Management