SerNet GmbH uses the seal "IT Security made in EU" from now on. The trust mark is an initiative of TeleTrusT, the German IT Security Association, and complements the already established "IT Security made in Germany".
To be allowed to use the trust mark "IT Security made in EU", companies must commit themselves to binding criteria. These include, among other things, that offered products may not contain any hidden access points (no "backdoors") and that the requirements of the EU General Data Protection Regulation are respected. Further details on the initiative and the criteria can be found on the TeleTrust website.
TeleTrusT is, according to its own statement, the largest competence association for IT security in Germany and Europe. SerNet is a member since 2015. Currently, 60 TeleTrusT members have applied to use the "IT Security made in EU" mark.
The City of Berlin has extended its contract with SerNet GmbH for the use of the ISMS tool "verinice". For another four years, the state administration institutions will thus use this widely used OpenSource tool for managing information security. The contractual partner on the side of German's capital is the IT Service Center "ITDZ - IT-Dienstleistungszentrum Berlin". The ITDZ Berlin also uses verinice for its own purposes and was the first company to receive the BSI certificate according to the modernized IT base line security "IT-Grundschutz" in 2018.
Besides the use for the management of information security, verinice is also used for data protection management. For this purpose, the Berliners use a SerNet data protection module specially designed for the modernized IT-Grundschutz. The tool can be used in all Berlin state institutions - the institutions in the immediate vicinity of the Berlin state administration with main and 11 district administrations, including the 9 senate administrations and their subordinate authorities, institutions and companies - such as Berlin's vocational schools.
Karsten Pirschel is IT Security Officer at ITDZ Berlin and welcomes the continued cooperation: "We are able to enable the rapid adaptation of the modernized IT-Grundschutz and the possibility of using it from school operations to KRITIS environments via a central tool in the City of Berlin".
Michael Flürenbrock, verinice Product Owner, is excited about the continuation and expansion of the long-standing cooperation: "verinice is mainly created at the SerNet location in Berlin - 100% made in Germany. We are particularly pleased that our product is to be used throughout the country, especially here". SerNet managing director Reinhild Jung adds: "It is great that the state of Berlin is also following our open source strategy: Fully disclosed source code is an important contribution to security management".
About verinice: verinice is the only tool for the management of information security under Open Source license. It is used in 4 German federal states and in more than 40 federal authorities, as well as in a large number of municipalities, public utilities and other public institutions, especially for critical infrastructures. For the industrial sector, verinice supports ISO 27001 in addition to IT-Grundschutz and is in use here at companies throughout Europe and also at the Council of the European Commission or European National Banks.
Unfortunately, a traditional date in the verinice calendar has to be cancelled this year due to the Corona pandemic: The it-sa. After extensive deliberations, NürnbergMesse decided that the changed conditions would be too much of a hindrance to an it-sa in autumn 2020. This includes the presentation of a new verinice version at it-sa and the intensive personal exchange between the verinice team, partners and users on site.
According to a statement by NürnbergMesse, the cancellation "reflects the wishes of the industry, which is questioning the dialogue between exhibitors and visitors, which is characterized by intensive technical discussions and partly confidential consultations, under hygiene and distance rules". SerNet and the verinice team are currently considering how the resulting gap can be reasonably closed. Information will be announced in advance on verinice.com.
The next it-sa will take place from October 12 - 14, 2021 at the NürnbergMesse exhibition center. SerNet and the verinice team are planning to be on site with partners as usual.
The year 2020 also brought new challenges for the Samba eXPerience: The 19th international conference revolving around the OpenSource software Samba took place from 26th - 28th May 2020 for the first time exclusively in digital form. The annual meeting of the international Samba team, which is usually held in Göttingen, was also extremely successful as an online event. The sambaXP 2020 was again sponsored by Google and Microsoft.
Thanks to the virtual format, the sambaXP was even able to grow: 150 developers, users, manufacturers and system houses from the samba ecosystem from a total of 23 countries took part in 2020. One of the planning challenges was therefore to set the times of the conference in a sensible way. The setting of a daily frame from 3 p.m. to 9 p.m. CEST made it possible for both speakers and participants to follow attentively.
Another positive side-effect was that organizer SerNet published videos on sambaxp.org for the first time - including Stefan Kania's workshop on CTDB / GlusterFS.
Code name: Unstad
Publication: April 14, 2020
With verinice 1.20, the verinice.TEAM provides more than 50 new functions, detail changes and bug fixes.
With verinice 1.20, users receive support for essential tasks in the modernized IT-Grundschutz:
- The update of modelled information networks, which is required annually by the BSI with the publication of a new IT-Grundschutz compendium, is significantly simplified by a guided update functionality (new modelling).
- The implementation of the risk analysis according to BSI standard 200-3 is effectively supported by visualization of outstanding risk analyses as well as high or very high risks requiring action.
- The visualization of the implementation status for each module shows at a glance the degree of fulfillment of the type of procedure.
- IT-Grundschutz audits can be performed, documented and output via report template.
The most important innovations are documented in the release notes.