SerNet's verinice.TEAM released version 1.11 of the ISMS tool verinice. New features include the Elasticsearch framework integration and significant GSTOOL-Import improvements
Elasticsearch now enriches verinice and verinice.PRO with a performant as well as flexible full-text search. The decision in favour for the open source framework, which e.g. Wikimedia uses, is explained by verinice team lead Alexander Koderman: "In our tests Elasticsearch proved to be very fast. Virtually every request could be processed within a few milliseconds." Elasticsearch also allows to offer all search functions in full for each database. Koderman: "verinice supports various databases such as Oracle, PostgreSQL and DerbyDB. These may differ in their full-text indexing behavior and features." Also, with the now implemented solution users of the free verinice single-user version with offline database receive the same search function quality as verinice.PRO users .
The verinice.TEAM has carried out numerous and extensive improvements to the GSTOOL import. In verinice 1.11 for example speed and disk space consumption have been optimized by large. GSTOOL is the official but now deprecated software tool published by the German BSI for its IT-Baseline standard.
More detailed information about the new features, other new features and improvements included in the release notes for verinice 1.11. An update to version 1.11.1 is also already available and fixes a problem with the automatic language setting. The download is available directly through verinice.org.
From October 6th - 8th 2015 SerNet GmbH will be present at the IT security trade fair it-sa in Nuremberg. The verinice team is located at 12.0 / 12.0-339.
SerNet is accompanied by the verinice.PARTNERS SILA Consulting, IT-InfoSec, Carmao and by Greenbone. Together they present verinice in its latest version and demonstrate the possibilities of the ISMS tool for ISO 27001, VDA ISA etc. as well as specific scenarios, such as the vulnerability management coupled with the Greenbone Security Manager. In addition, the partners inform about their services such as the design, implementation and optimization of a management system for information security, as well as certification and trainings.
You want to learn about verinice or certain functions? You want to know if verinice is the right tool for you? Or just give us feedback on the software? You want to get to know some verinice.PARTNERS and their services? We look forward to welcoming you at our booth. For appointments send us an mail to firstname.lastname@example.org.
Get your free ticket
SerNet has some free tickets in store - just visit www.it-sa.de/voucher/ and enter the coupon code A310119. Those tickets are valid on any day starting on 9 am.
The verinice.TEAM at SerNet GmbH has published verinice 1.10. The new version of the open source tool to support an information security management system (ISMS) brings along some innovations. These include the IT Baseline Protection Manual of the BSI in English and the new edition of the VDA IS-Assessment in version 2.x. The server version verinice.PRO received some new features, too: Single sign-on with Active Directory, an improved import of persons from the AD in verinice and an optimized task view for a better distribution of work in teams. All new features are described in the release notes.
With version 1.10 the full text of the IT Baseline Protection Catalogs of the Federal Office for Security in Information Technology (BSI) in English is included in verinice for the first time. This simplifies working with the IT Baseline Protection in international teams. Advantages also arise for users applying ISO 27001:2013. "For them, the comprehensive compilation of risks and controls is of significant benefit," says Alexander Koderman, verinice team lead at SerNet. The (English) Baseline Protection Catalogs could be considered as a supplementary database on specific topics like Windows or SAP and could be used in a risk assessment or risk treatment. All risks can be implemented as scenarios in an individual risk analysis. Simply drag-n-drop any or all components into the risk model. Koderman: "Modeling specific scenario may be easier for everyone operating mainly in English, from small businesses up to multinational corporations." In addition the more than 1,500 basic controls can be put to use for risk treatment. As specific controls, they supplement the generic requirements of ISO / IEC 27002:2013. The controls are easy to drag-n-drop in the ISM-risk model as well.
The English IT Baseline Protection Catalogs correspond to the 13th catalog update version from the BSI. Koderman: "Special thanks go out to our verinice.PARTNER Alexander von Ossowski for assistance with including more than 4,200 pages or 240,000 comprehensive lines into verinice." This cooperation illustrates how the verinice partner program enriches the project in the long term.
verinice 1.10 also supports the new edition of the IS-assessment catalog of the German Association of the Automotive Industry (VDA) in its version 2.x - thus the novelty of last year will be continued systematically. Among other things, the method of calculating the averages and the "Total Security Figure" was adjusted. The consolidator for the transition to the new version has been improved again. Daniel Murygin, verinice development manager, promises: "This allows data and results that were established by the Standard 1.x, to be easily transferred." The questionnaire is interesting for users outside of the automotive sector, as it allows a guided self-assessment of the state of information security within the company and thus a first insight into the subject of information security management.
Other major changes include the server and multi-user version verinice.PRO. On Windows clients, it now supports single sign-on: the logged-in system user is automatically used to log on to the verinice.PRO Server. It is not required to re-enter the username and password anymore. At the same time, the import from an Active Directory to verinice has been improved. The optimized task view also simplifies working in teams: Tasks are now loaded not only faster - a new search form enables you to find specific tasks that can be sorted by group, person, process, task type, start and end date.
The next version - verinice 1.11 - is likely to appear in two months already. The major new feature to be expected: An indexed full text search of all the elements in the database. "We'd like to make this feature available to all users as soon as possible," concludes Murygin.
On February 26th and 27th 2015 Berlin will be the venue for the Domain pulse 2015 (conference location at andel's Hotel). The SerNet GmbH will participate at this annual meeting of the domain industry as well.
The Domain pulse is the joint conference of DENIC, nic.at and SWITCH. SerNet will host a booth and give information about IT security as well as verinice, SerNets own OpenSource ISMS tool.
verinice 1.9 is available for download. The open source tool for the management of information security (ISMS) now integrates the updated VDA 2.0 questionnaire. In addition, the verinice team at Göttingen based SerNet GmbH made creating reports, managing users, groups, and permissions a lot easier.
"The catalog of the Association of the Automotive Industry (German VDA) for an Information Security Assessment (ISA), is included since verinice 1.2 and proved to be very popular," says verinice team lead Alexander Koderman. The VDA catalog has now been completely revised and adjusted to the new requirements of ISO 27001: 2013. As VDA ISA Standard 2.0 it is implemented in verinice 1.9. All changes were made in close cooperation with the working group of the VDA. Koderman: "When it comes to the conformity of the standard in verinice to the questionnaire, we can guarantee 100% accuracy."
"The catalog is also of interest outside the automotive industry," notes Koderman. The term 'Auto' is not mentioned once, he says with a wink. "Instead, the catalog grants easy access to information security management, even for beginners." Especially for smaller companies who don't want to work with ISO 27001 or basic protection, this is attractive. "At it-sa 2014 in September we again experienced how high the demand for such opportunities actually is." So he's confident that the ISA standard VDA 2.0 in verinice will adress a wide audience.
Another bonus: If you have worked with the previous version, you can import the results into the ISA standard VDA 2.0. Koderman: "It was important to us that existing users may experience as little effort as possible for the update and the re-evaluation." Thanks to the so-called 'unify function' users do not have to start from scratch.
The central report repository makes vDesigner generated reports available for all users of verinice.PRO. Even in offline mode, the reports are accessible. In addition, reports can be stored local - e.g. for confidential evaluations. Output formats (DOC, XLS, PDF ...) can be arbitrarily set - in addition can now be individually stored on company policy templates customized server-wide default.