verinice.XP is the conference for users of the OpenSource ISMS tool verinice. On February 24 and 25, 2021, it will take place for the first time in a new format as an online event. Tickets for the conference as well as for the preceding workshops on February 23 can be booked at verinicexp.org. Please consider that the conference language is German.
The organizing committee decided to switch to the new format due to the corona situation. Nadine Dreymann, who is responsible for verinice.XP at organizer SerNet, says: "Unfortunately, we have to do without in-person networking this time, but overall we see many advantages in a digital conference." Besides the obvious security factor, a virtual event opens up more flexible participation options. Speakers give their presentations live via zoom, so that participants can follow and engage in the conference from any location via the Internet. Dreymann: "Of course we will come up with ideas to make verinice.XP the usual high-quality and also buoyant experience".
Early-bird tickets for the online edition of verinice.XP 2021 are available at a price of 66 Euro. From December 12, 2020, the regular ticket will be available for 99 Euro.
The Call for Papers will run until December 11, 2020. Well-founded presentations and reference projects are still accepted for the agenda: IT security, data protection (EU-DSGVO) as well as KRITIS and industry standards will provide the participants with two days of information. Pioneering innovations in verinice will also have their place in the online program.
The workshops scheduled for the day before the conference (February 23) will also be held remotely. The topics are available for selection:
- Implementation of modernized IT baseline protection in verinice (workshop with Ulf Riechen, Riechen Consulting)
- Modernized IT baseline protection – the ultimate perspective (Workshop with Dirk Brand, Sila Consulting)
The costs for a workshop participation are 199 Euro. Further details on the contents can be found on the conference website at verinicexp.org.
For the ISMS tool verinice, the sector-specific standard B3S Krankenhaus (hospital) is now available. It supports hospitals in implementing requirements for the protection of their information infrastructure. Users can apply the standard in the IT baseline protection or in the ISM/ISO perspective. The standard is published by the German Hospital Federation. As additional content for verinice, it can be purchased via the verinice.SHOP or downloaded from the verinice.PRO repository. Please note: This B3S is only available in German.
Hospitals with more than 30,000 inpatient cases per year are considered "critical infrastructures". They are subject to special legal requirements to protect their information infrastructure. To support this, the German Hospital Federation has developed the industry-specific security standard for hospital healthcare (B3S Krankenhaus). The verinice.TEAM at SerNet has prepared this standard for verinice: For the perspective of the modernized IT baseline protection all requirements are listed as well as sector-specific threats, which can be modeled in verinice on the IT organizations. In addition, a model of a sample hospital is available, which contains sample structures and thus facilitates the introduction. For the ISM/ISO perspective, an example organization has been created, which contains all central contents of the security standard (for the exact contents see the store at https://shop.verinice.com/de/content/).
Michael Flürenbrock, verinice-Product-Owner: "We are convinced that the combination of verinice and the sector-specific standard is a great help for hospitals in securing their information infrastructure". In addition, a data protection module could be used and this sensitive area for hospitals could also be covered by verinice. SerNet managing director Reinhild Jung also points out that verinice is 100% open source and 100% "Made in Germany". SerNet GmbH is the publisher of verinice and pursues an open source strategy with completely disclosed source code. Jung: "This in particular is an important contribution to security management for critical infrastructures.
Ulf Riechen and Dirk Brand (Sila Consulting) were actively involved in the implementation of the B3S Krankenhaus for verinice. Both are long-standing verinice.PARTNERs and experts. The verinice.TEAM was able to create the now available additional content based on their work and would like to thank them explicitly for their commitment! The verinice partners are an important part of the verinice ecosystem. With their proven expertise, they advise customers, among others with specialization in the healthcare sector, and help to continuously develop verinice according to customer experiences and requirements.
About verinice: verinice is the only tool for the management of information security under OpenSource license. It is used in 4 federal states and in more than 40 federal authorities, as well as in a large number of municipalities, public utilities and other public institutions, especially for critical infrastructures. For the industrial sector, verinice supports the ISO 27001 in addition to theIT baseline protection of the BSI and is in use here at companies throughout Europe as well as at the Council of the European Commission and European National Banks. SerNet, as the publisher of verinice, also holds the trust seals "IT security made in Germany" and "IT security made in EU".
SerNet GmbH uses the seal "IT Security made in EU" from now on. The trust mark is an initiative of TeleTrusT, the German IT Security Association, and complements the already established "IT Security made in Germany".
To be allowed to use the trust mark "IT Security made in EU", companies must commit themselves to binding criteria. These include, among other things, that offered products may not contain any hidden access points (no "backdoors") and that the requirements of the EU General Data Protection Regulation are respected. Further details on the initiative and the criteria can be found on the TeleTrust website.
TeleTrusT is, according to its own statement, the largest competence association for IT security in Germany and Europe. SerNet is a member since 2015. Currently, 60 TeleTrusT members have applied to use the "IT Security made in EU" mark.
The City of Berlin has extended its contract with SerNet GmbH for the use of the ISMS tool "verinice". For another four years, the state administration institutions will thus use this widely used OpenSource tool for managing information security. The contractual partner on the side of German's capital is the IT Service Center "ITDZ - IT-Dienstleistungszentrum Berlin". The ITDZ Berlin also uses verinice for its own purposes and was the first company to receive the BSI certificate according to the modernized IT base line security "IT-Grundschutz" in 2018.
Besides the use for the management of information security, verinice is also used for data protection management. For this purpose, the Berliners use a SerNet data protection module specially designed for the modernized IT-Grundschutz. The tool can be used in all Berlin state institutions - the institutions in the immediate vicinity of the Berlin state administration with main and 11 district administrations, including the 9 senate administrations and their subordinate authorities, institutions and companies - such as Berlin's vocational schools.
Karsten Pirschel is IT Security Officer at ITDZ Berlin and welcomes the continued cooperation: "We are able to enable the rapid adaptation of the modernized IT-Grundschutz and the possibility of using it from school operations to KRITIS environments via a central tool in the City of Berlin".
Michael Flürenbrock, verinice Product Owner, is excited about the continuation and expansion of the long-standing cooperation: "verinice is mainly created at the SerNet location in Berlin - 100% made in Germany. We are particularly pleased that our product is to be used throughout the country, especially here". SerNet managing director Reinhild Jung adds: "It is great that the state of Berlin is also following our open source strategy: Fully disclosed source code is an important contribution to security management".
About verinice: verinice is the only tool for the management of information security under Open Source license. It is used in 4 German federal states and in more than 40 federal authorities, as well as in a large number of municipalities, public utilities and other public institutions, especially for critical infrastructures. For the industrial sector, verinice supports ISO 27001 in addition to IT-Grundschutz and is in use here at companies throughout Europe and also at the Council of the European Commission or European National Banks.
Unfortunately, a traditional date in the verinice calendar has to be cancelled this year due to the Corona pandemic: The it-sa. After extensive deliberations, NürnbergMesse decided that the changed conditions would be too much of a hindrance to an it-sa in autumn 2020. This includes the presentation of a new verinice version at it-sa and the intensive personal exchange between the verinice team, partners and users on site.
According to a statement by NürnbergMesse, the cancellation "reflects the wishes of the industry, which is questioning the dialogue between exhibitors and visitors, which is characterized by intensive technical discussions and partly confidential consultations, under hygiene and distance rules". SerNet and the verinice team are currently considering how the resulting gap can be reasonably closed. Information will be announced in advance on verinice.com.
The next it-sa will take place from October 12 - 14, 2021 at the NürnbergMesse exhibition center. SerNet and the verinice team are planning to be on site with partners as usual.