en
Support
The <link 43 - internal-link "Opens internal link in current window">verinice.TEAM</link> at SerNet GmbH has published verinice 1.10. The new version of the open source tool to support an information security management system (ISMS) brings along some innovations. These include the IT Baseline Protection Manual of the BSI in English and the new edition of the VDA IS-Assessment in version 2.x. The server version verinice.PRO received some new features, too: Single sign-on with Active Directory, an improved import of persons from the AD in verinice and an optimized task view for a better distribution of work in teams. All new features are described in the <link www.verinice.org/en/verinice-support/release-notes/ _blank external-link-new-window "See verinice Release Notes">release notes</link>.
With version 1.10 the full text of the <link www.bsi.bund.de/DE/Themen/ITGrundschutz/ITGrundschutzInternational/itgrundschutzinternational_node.html - external-link-new-window "BSIs IT Baseline Protection Catalog in English etc.">IT Baseline Protection Catalogs of the Federal Office for Security in Information Technology (BSI) in English</link> is included in verinice for the first time. This simplifies working with the IT Baseline Protection in international teams. Advantages also arise for users applying ISO 27001:2013. "For them, the comprehensive compilation of risks and controls is of significant benefit," says Alexander Koderman, verinice team lead at SerNet. The (English) Baseline Protection Catalogs could be considered as a supplementary database on specific topics like Windows or SAP and could be used in a risk assessment or risk treatment. All risks can be implemented as scenarios in an individual risk analysis. Simply drag-n-drop any or all components into the risk model. Koderman: "Modeling specific scenario may be easier for everyone operating mainly in English, from small businesses up to multinational corporations." In addition the more than 1,500 basic controls can be put to use for risk treatment. As specific controls, they supplement the generic requirements of ISO / IEC 27002:2013. The controls are easy to drag-n-drop in the ISM-risk model as well.
The English IT Baseline Protection Catalogs correspond to the 13th catalog update version from the BSI. Koderman: "Special thanks go out to our verinice.PARTNER Alexander von Ossowski for assistance with including more than 4,200 pages or 240,000 comprehensive lines into verinice." This cooperation illustrates how the verinice partner program enriches the project in the long term.
verinice 1.10 also supports the new edition of the IS-assessment catalog of the German Association of the Automotive Industry (VDA) in its version 2.x - thus the novelty of last year will be continued systematically. Among other things, the method of calculating the averages and the "Total Security Figure" was adjusted. The consolidator for the transition to the new version has been improved again. Daniel Murygin, verinice development manager, promises: "This allows data and results that were established by the Standard 1.x, to be easily transferred." The questionnaire is interesting for users outside of the automotive sector, as it allows a guided self-assessment of the state of information security within the company and thus a first insight into the subject of information security management.
Other major changes include the server and multi-user version verinice.PRO. On Windows clients, it now supports single sign-on: the logged-in system user is automatically used to log on to the verinice.PRO Server. It is not required to re-enter the username and password anymore. At the same time, the import from an Active Directory to verinice has been improved. The optimized task view also simplifies working in teams: Tasks are now loaded not only faster - a new search form enables you to find specific tasks that can be sorted by group, person, process, task type, start and end date.
The next version - verinice 1.11 - is likely to appear in two months already. The major new feature to be expected: An indexed full text search of all the elements in the database. "We'd like to make this feature available to all users as soon as possible," concludes Murygin.
