News and information about verinice.

The verinice.TEAM at SerNet has released a new version of the OpenSource ISMS tool verinice. From now on, verinice and verinice.PRO in version 1.21 are available for download in the verinice.SHOP or in the customer repository.

verinice 1.21 includes more than 50 new features, detail changes and bug fixes. Users get support for essential tasks:

• In the modernised IT Baseline Protection, the consolidator can be used to transfer contents of modules, requirements, threats and measures to similar elements.
• The target object Incident in the ISO/ISM perspective and in the perspective modernised IT Baseline Protection has been updated and now represents security incidents and data protection incidents.
• verinice now supports the VDA ISA catalogue version 5.0.2. 
• The target object Document has been extended extended.
• The dialogue for report generation has been optimised and thus offers a context-related selection of report-templates.
• Reports can be generated across multiple scopes if the report-template supports this function.
• In the Link Maker, in addition to the scope the parent objects are now displayed for better assignment.
• With the IT Baseline Protection Profiler it is possible to create a basic protection profile, including the documentation.

The most important new features are described in detail in the Release Notes.

If you have any questions regarding the new version, please contact the verinice.TEAM via the verinice-Forum (mainly German) or mail.  There you have the opportunity for discussion and also to formulate feature requests for future versions.

verinice.XP is the conference for users of the OpenSource ISMS tool verinice. On February 24 and 25, 2021, it will take place for the first time in a new format as an online event. Tickets for the conference as well as for the preceding workshops on February 23 can be booked at verinicexp.org. Please consider that the conference language is German.

The organizing committee decided to switch to the new format due to the corona situation. Nadine Dreymann, who is responsible for verinice.XP at organizer SerNet, says: "Unfortunately, we have to do without in-person networking this time, but overall we see many advantages in a digital conference." Besides the obvious security factor, a virtual event opens up more flexible participation options. Speakers give their presentations live via zoom, so that participants can follow and engage in the conference from any location via the Internet. Dreymann: "Of course we will come up with ideas to make verinice.XP the usual high-quality and also buoyant experience".

Early-bird tickets for the online edition of verinice.XP 2021 are available at a price of 66 Euro. From December 12, 2020, the regular ticket will be available for 99 Euro.

The Call for Papers will run until December 11, 2020. Well-founded presentations and reference projects are still accepted for the agenda: IT security, data protection (EU-DSGVO) as well as KRITIS and industry standards will provide the participants with two days of information. Pioneering innovations in verinice will also have their place in the online program.

The workshops scheduled for the day before the conference (February 23) will also be held remotely. The topics are available for selection:

• Implementation of modernized IT baseline protection in verinice (workshop with Ulf Riechen, Riechen Consulting)
• Modernized IT baseline protection – the ultimate perspective (Workshop with Dirk Brand, Sila Consulting)

The costs for a workshop participation are 199 Euro. Further details on the contents can be found on the conference website at verinicexp.org.

For the ISMS tool verinice, the sector-specific standard B3S Krankenhaus (hospital) is now available. It supports hospitals in implementing requirements for the protection of their information infrastructure. Users can apply the standard in the IT baseline protection or in the ISM/ISO perspective. The standard is published by the German Hospital Federation. As additional content for verinice, it can be purchased via the verinice.SHOP or downloaded from the verinice.PRO repository. Please note: This B3S is only available in German.

Hospitals with more than 30,000 inpatient cases per year are considered "critical infrastructures". They are subject to special legal requirements to protect their information infrastructure. To support this, the German Hospital Federation has developed the industry-specific security standard for hospital healthcare (B3S Krankenhaus). The verinice.TEAM at SerNet has prepared this standard for verinice: For the perspective of the modernized IT baseline protection all requirements are listed as well as sector-specific threats, which can be modeled in verinice on the IT organizations. In addition, a model of a sample hospital is available, which contains sample structures and thus facilitates the introduction. For the ISM/ISO perspective, an example organization has been created, which contains all central contents of the security standard (for the exact contents see the store at https://shop.verinice.com/de/content/).

Michael Flürenbrock, verinice-Product-Owner: "We are convinced that the combination of verinice and the sector-specific standard is a great help for hospitals in securing their information infrastructure". In addition, a data protection module could be used and this sensitive area for hospitals could also be covered by verinice. SerNet managing director Reinhild Jung also points out that verinice is 100% open source and 100% "Made in Germany". SerNet GmbH is the publisher of verinice and pursues an open source strategy with completely disclosed source code. Jung: "This in particular is an important contribution to security management for critical infrastructures.

Ulf Riechen and Dirk Brand (Sila Consulting) were actively involved in the implementation of the B3S Krankenhaus for verinice. Both are long-standing verinice.PARTNERs and experts. The verinice.TEAM was able to create the now available additional content based on their work and would like to thank them explicitly for their commitment! The verinice partners are an important part of the verinice ecosystem. With their proven expertise, they advise customers, among others with specialization in the healthcare sector, and help to continuously develop verinice according to customer experiences and requirements.

About verinice: verinice is the only tool for the management of information security under OpenSource license. It is used in 4 federal states and in more than 40 federal authorities, as well as in a large number of municipalities, public utilities and other public institutions, especially for critical infrastructures. For the industrial sector, verinice supports the ISO 27001 in addition to theIT baseline protection of the BSI and is in use here at companies throughout Europe as well as at the Council of the European Commission and European National Banks. SerNet, as the publisher of verinice, also holds the trust seals "IT security made in Germany" and "IT security made in EU".

verinice.XP is the annual conference for users of the OpenSource ISMS tool verinice.  It is scheduled for 2021 on February 24 and 25, 2021 in Berlin. The Call for Papers has already started - the event committee of SerNet GmbH, he host of the conference, is looking forward to interesting submissions.

About verinice.XP

verinice.XP has been bringing together IT decision makers, security managers and data protection officers of companies, institutions and authorities for years. They are all connected by the use of verinice for information security management or data protection management. A social event for further discussions is planned for the evening of February 24, 2021 in the conference hotel. All participants of verinice.XP are cordially invited.

According to the current situation, SerNet GmbH may hold the verinice.XP as an online conference or hybrid format.

Workshops and Tickets

Exclusive workshops are planned for February 23, 2021. In small groups of participants, they are intended to facilitate an intensive exchange with colleagues and speakers. Participation in the workshop is possible independently from verinice.XP.

Tickets for the conference and the workshops will be available from the end of September 2020.

The City of Berlin has extended its contract with SerNet GmbH for the use of the ISMS tool "verinice". For another four years, the state administration institutions will thus use this widely used OpenSource tool for managing information security. The contractual partner on the side of German's capital is the IT Service Center "ITDZ - IT-Dienstleistungszentrum Berlin". The ITDZ Berlin also uses verinice for its own purposes and was the first company to receive the BSI certificate according to the modernized IT base line security "IT-Grundschutz" in 2018.  

Besides the use for the management of information security, verinice is also used for data protection management. For this purpose, the Berliners use a SerNet data protection module specially designed for the modernized IT-Grundschutz. The tool can be used in all Berlin state institutions - the institutions in the immediate vicinity of the Berlin state administration with main and 11 district administrations, including the 9 senate administrations and their subordinate authorities, institutions and companies - such as Berlin's vocational schools.

Karsten Pirschel is IT Security Officer at ITDZ Berlin and welcomes the continued cooperation: "We are able to enable the rapid adaptation of the modernized IT-Grundschutz and the possibility of using it from school operations to KRITIS environments via a central tool in the City of Berlin".

Michael Flürenbrock, verinice Product Owner, is excited about the continuation and expansion of the long-standing cooperation: "verinice is mainly created at the SerNet location in Berlin - 100% made in Germany. We are particularly pleased that our product is to be used throughout the country, especially here". SerNet managing director Reinhild Jung adds: "It is great that the state of Berlin is also following our open source strategy: Fully disclosed source code is an important contribution to security management".

About verinice: verinice is the only tool for the management of information security under Open Source license. It is used in 4 German federal states and in more than 40 federal authorities, as well as in a large number of municipalities, public utilities and other public institutions, especially for critical infrastructures. For the industrial sector, verinice supports ISO 27001 in addition to IT-Grundschutz and is in use here at companies throughout Europe and also at the Council of the European Commission or European National Banks.

Unfortunately, a traditional date in the verinice calendar has to be cancelled this year due to the Corona pandemic: The it-sa. After extensive deliberations, NürnbergMesse decided that the changed conditions would be too much of a hindrance to an it-sa in autumn 2020. This includes the presentation of a new verinice version at it-sa and the intensive personal exchange between the verinice team, partners and users on site.According to a statement by NürnbergMesse, the cancellation "reflects the wishes of the industry, which is questioning the dialogue between exhibitors and visitors, which is characterized by intensive technical discussions and partly confidential consultations, under hygiene and distance rules". SerNet and the verinice team are currently considering how the resulting gap can be reasonably closed. Information will be announced in advance on verinice.com.  

The next it-sa will take place from October 12 - 14, 2021 at the NürnbergMesse exhibition center. SerNet and the verinice team are  planning to be on site with partners as usual.

Code name: Unstad

Publication: April 14, 2020

As of now, verinice and verinice.PRO version 1.20 are available for download in the verinice.SHOP or in the customer repository.

With verinice 1.20, the verinice.TEAM provides more than 50 new functions, detail changes and bug fixes.

With verinice 1.20, users receive support for essential tasks in the modernized IT-Grundschutz:

• The update of modelled information networks, which is required annually by the BSI with the publication of a new IT-Grundschutz compendium, is significantly simplified by a guided update functionality (new modelling).
• The implementation of the risk analysis according to BSI standard 200-3 is effectively supported by visualization of outstanding risk analyses as well as high or very high risks requiring action.
• The visualization of the implementation status for each module shows at a glance the degree of fulfillment of the type of procedure.
• IT-Grundschutz audits can be performed, documented and output via report template.

The most important innovations are documented in the release notes.

In a news article published by SerNet we inform about our current status regarding the COVID19 pandemic. We update the article regularly if there are any new developments. We want to keep our customers and partners informed in a transparent manner.

Two new verinice versions will be released in 2020. The dates for the spring and autumn releases have already been set. Features for the respective versions are already collected and presented in the verinice.FORUM.

The following dates are planned:

• verinice 1.20 in week 13 (March 23 to 27, 2020)
• verinice 1.21 in week 45 (2 to 6 November 2020)

In the "Roadmap" category (German only) in the verinice.FORUM, users can take a look at the features planned for the upcoming versions. They can also suggest new features themselves or discuss specifications for already suggested features with the team and other verinice users.

The goal of the early definition and communication of deadlines is to provide planning security and to be able to plan updates of productive verinice systems further ahead. A feature freeze is scheduled one month before the release to ensure an extensive test phase.