The verinice.TEAM at SerNet GmbH has published verinice 1.10. The new version of the open source tool to support an information security management system (ISMS) brings along some innovations. These include the IT Baseline Protection Manual of the BSI in English and the new edition of the VDA IS-Assessment in version 2.x. The server version verinice.PRO received some new features, too: Single sign-on with Active Directory, an improved import of persons from the AD in verinice and an optimized task view for a better distribution of work in teams. All new features are described in the release notes.
With version 1.10 the full text of the IT Baseline Protection Catalogs of the Federal Office for Security in Information Technology (BSI) in English is included in verinice for the first time. This simplifies working with the IT Baseline Protection in international teams. Advantages also arise for users applying ISO 27001:2013. "For them, the comprehensive compilation of risks and controls is of significant benefit," says Alexander Koderman, verinice team lead at SerNet. The (English) Baseline Protection Catalogs could be considered as a supplementary database on specific topics like Windows or SAP and could be used in a risk assessment or risk treatment. All risks can be implemented as scenarios in an individual risk analysis. Simply drag-n-drop any or all components into the risk model. Koderman: "Modeling specific scenario may be easier for everyone operating mainly in English, from small businesses up to multinational corporations." In addition the more than 1,500 basic controls can be put to use for risk treatment. As specific controls, they supplement the generic requirements of ISO / IEC 27002:2013. The controls are easy to drag-n-drop in the ISM-risk model as well.
The English IT Baseline Protection Catalogs correspond to the 13th catalog update version from the BSI. Koderman: "Special thanks go out to our verinice.PARTNER Alexander von Ossowski for assistance with including more than 4,200 pages or 240,000 comprehensive lines into verinice." This cooperation illustrates how the verinice partner program enriches the project in the long term.
verinice 1.10 also supports the new edition of the IS-assessment catalog of the German Association of the Automotive Industry (VDA) in its version 2.x - thus the novelty of last year will be continued systematically. Among other things, the method of calculating the averages and the "Total Security Figure" was adjusted. The consolidator for the transition to the new version has been improved again. Daniel Murygin, verinice development manager, promises: "This allows data and results that were established by the Standard 1.x, to be easily transferred." The questionnaire is interesting for users outside of the automotive sector, as it allows a guided self-assessment of the state of information security within the company and thus a first insight into the subject of information security management.
Other major changes include the server and multi-user version verinice.PRO. On Windows clients, it now supports single sign-on: the logged-in system user is automatically used to log on to the verinice.PRO Server. It is not required to re-enter the username and password anymore. At the same time, the import from an Active Directory to verinice has been improved. The optimized task view also simplifies working in teams: Tasks are now loaded not only faster - a new search form enables you to find specific tasks that can be sorted by group, person, process, task type, start and end date.
The next version - verinice 1.11 - is likely to appear in two months already. The major new feature to be expected: An indexed full text search of all the elements in the database. "We'd like to make this feature available to all users as soon as possible," concludes Murygin.
On February 26th and 27th 2015 Berlin will be the venue for the Domain pulse 2015 (conference location at andel's Hotel). The SerNet GmbH will participate at this annual meeting of the domain industry as well.
The Domain pulse is the joint conference of DENIC, nic.at and SWITCH. SerNet will host a booth and give information about IT security as well as verinice, SerNets own OpenSource ISMS tool.
verinice 1.9 is available for download. The open source tool for the management of information security (ISMS) now integrates the updated VDA 2.0 questionnaire. In addition, the verinice team at Göttingen based SerNet GmbH made creating reports, managing users, groups, and permissions a lot easier.
"The catalog of the Association of the Automotive Industry (German VDA) for an Information Security Assessment (ISA), is included since verinice 1.2 and proved to be very popular," says verinice team lead Alexander Koderman. The VDA catalog has now been completely revised and adjusted to the new requirements of ISO 27001: 2013. As VDA ISA Standard 2.0 it is implemented in verinice 1.9. All changes were made in close cooperation with the working group of the VDA. Koderman: "When it comes to the conformity of the standard in verinice to the questionnaire, we can guarantee 100% accuracy."
"The catalog is also of interest outside the automotive industry," notes Koderman. The term 'Auto' is not mentioned once, he says with a wink. "Instead, the catalog grants easy access to information security management, even for beginners." Especially for smaller companies who don't want to work with ISO 27001 or basic protection, this is attractive. "At it-sa 2014 in September we again experienced how high the demand for such opportunities actually is." So he's confident that the ISA standard VDA 2.0 in verinice will adress a wide audience.
Another bonus: If you have worked with the previous version, you can import the results into the ISA standard VDA 2.0. Koderman: "It was important to us that existing users may experience as little effort as possible for the update and the re-evaluation." Thanks to the so-called 'unify function' users do not have to start from scratch.
The central report repository makes vDesigner generated reports available for all users of verinice.PRO. Even in offline mode, the reports are accessible. In addition, reports can be stored local - e.g. for confidential evaluations. Output formats (DOC, XLS, PDF ...) can be arbitrarily set - in addition can now be individually stored on company policy templates customized server-wide default.
As of now verinice 1.8 is ready for download. The new version of the open source tool for your information security management (ISMS) has been put together with the users comfort and ease in mind.
Among the innovations in verinice 1.8, which has been published by SerNet GmbH, are: The management of deadlines for tasks, removing no longer needed objects with repeated imports, new rules for access permissions, breadcrumbs in the object representation, automated addressing (CC / BCC) in mails and the ability to specify a source for report templates.
Seemingly small changes - that have great effect. Alexander Koderman, team lead of Certs & Audit at SerNet, says: "The new version primarily increases the comfort for the user." In his opinion information security management is already a complex field that will further increase in necessity as well as in complexity. "The original idea of verinice always was to make ISMS easier." And that's exactly what version 1.8 tries to accomplish.
In accordance verinice development manager Daniel Murygin stresses: "With verinice 1.8 we have consistently continued on the path to provide a well-to-use ISMS tool that maps complex relationships - and is still a full-grown open source software." For planned versions the mission statement is to further simplify working with the ISMS tool and make it more comfortable. Koderman: "Of course we benefit greatly from the feedback of verinice users who were also the basis for version 1.8." These suggestions are a valuable asset to optimize the ISMS tool in the future.
For more information about the update see the release notes at http://www.verinice.org/verinice-support/release-notes/
At it-sa you'll get to know everything new about our ISMS tool verinice. You want to know about just released features? You want to know, if verinice is the right Tool for you? You want to express you're thoughts about verinice? We're looking forward to meeting you at our booth. Appointment can be arranged beforehand.