News

News and Press Releases

Alexander Koderman leaves SerNet

25.11.2016

Alexander Koderman leaves SerNet after more than 10 years and enters a new position as Chief Security Officer at a Company in southern Germany. This is the end of an era where Alexander built and influenced the verinice.TEAM. His team and all colleagues at SerNet are deeply grateful and accept that after so many years of team leadership Alexander wants to have a more functional role as information security specialist. Alexander Koderman remains a member of the cross-company Open Source team that generates verinice as a wide spread and successful open resource for everybody. We will meet Alexander again at verinice.XP on February 6th and 7th where he wants to give a talk and stays in contact with users, developers and partners.

New team leads are Michael Flürenbrock (Consulting) and Daniel Murygin (Development). Michael also serves as "product owner" for verinice and is the main contact for the verinice roadmap. He welcomes all ideas and recomendations.


New verinice screencasts

21.10.2016

Videoscreen "Risk Analysis with Excel"With the release of verinice 1.13 we also produced a fresh set of new screencasts. You can find them directly on the verinice YouTube channel.


A two-part tutorial in English is devoted to "Reporting on Compliance". The new in-memory query assistant is used here. Koderman shows, among other things, how it is possible to link standards with one another without additional effort: For example, you can query how well the standard PCI DSS is implemented - using already existing results based on ISO 27001. The output can be exported in CSV format and imported into programs such as Excel or LibreCalc. Thus, as shown in Part 2 of the tutorial, it is possible to create meaningful and illustrative diagrams.

And if you want to start your ISMS or risk analysis with Excel, we strongly recommend the video "Risk Analysis with Excel: Do not fall into this trap!"


verinice 1.13: New features and new license model

12.10.2016

The verinice.TEAM at SerNet has released the open source ISMS tool verinice in version 1.13. An in-memory query wizard, which makes the reporting quicker and easier, as well as the extension of the possibility to connect to other tools (KIX4OTRS, Greenbone, REST API) are new feature highlights. In addition, preparations were made for the data protection for the EU General Data Protection Regulation (EU GDPR).

Now available at shop.verinice.com

The most significant change triggered by verinice 1.13 concerns the licensing model. With the new version, the verinice client (single user version) equipped with the full feature set can be ordered directly via the verinice.SHOP for 249.90 Euro (incl. VAT). The verinice manual, which accompanies users when they get to know and work with verinice, is already part of the package. If you want to use verinice with multiple users and server functions, verinice.PRO is the one for you and is available as subscription.

New in the portfolio is verinice.EVAL, a free verinice trial version. verinice.EVAL is also available through the shop and is nearly feature complete to enable a realistic evaluation or use for research purposes. Testers only have to do without the reporting function.

In-memory query wizard and more convenience

Our new Link Table Report (LTR) makes reporting a lot easier: A query wizard allows users to collect all the information needed directly in verinice. Let's say you need a list of interrelated security controls from different standards. No problem. Or maybe you need a list of assets with risk scenarios and responsible personnel? Also created with just a few mouse clicks. All queries can be exported as CSV and imported directly to Excel or LibreOffice Calc and edited there. This is how the reports that are needed right now are generated – and they can be changed and designed in any way. The best thing is that all queries – including complex link structures and thousands of objects – are processed quickly and usually in a few seconds.

Other new features are designed to make your life – or at least your daily ISMS routine – a little easier. For example, links between the IT Baseline Protection view and the ISM view are possible now, risk analysis' can be duplicated for further target objects (including all intermediate steps), and file attachments can be copied together with objects at the same time. We have implemented a lot of this as requested by customers, tagged as "Quality of Life optimization". 

More tools

In collaboration with c.a.p.e. IT verinice teams up IT service management (ITSM) and ISMS: verinice 1.13 makes it possible to link verinice.PRO and the ITSM tool KIX4OTRS. For example, OTRS tickets can be enriched with information on the processing of verinice objects – and if the ticket is successfully processed, the changed information can be stored in the verinice database. Configuration items from KIX4OTRS can now also be transferred to the verinice asset database. For specific integration projects, SerNet and c.a.p.e IT are happy to provide advice and support.

verinice plays together nicely with the vulnerability scanner from Greenbone / OpenVAS for efficient vulnerability management. With verinice 1.12, the verinice team has already introduced the Greenbone Perspective – ​​verinice 1.13 now also simplifies the configuration of this link.

Both collaborations point to the openness of verinice. This idea is followed through by a new REST web service in verinice 1.13 which creates various possibilities for linking verinice.PRO to other software tools. Naturally, all requests for this new interface are also subject to the existing authentication and authorization mechanisms.

The release notes contain details on verinice 1.13. A new privacy package for verinice and video tutorials will be released shortly.


it-sa 2016: Learn all about verinice!

01.09.2016

verinice booth @ it-sa2016From October 18th - 20th 2016 Nuremberg (Germany) hosts the annual it security fair it-sa. SerNet, the verinice.TEAM and verinice.PARTNERS will be present at booth 12.0 / 12.0-339.

The verinice.TEAM is accompanied by the verinice.PARTNERS Cassini, SILA Consulting, IT-InfoSec und neam. Together they’ll present verinice in version 1.13 and demonstrate the possibilities of the ISMS tool for ISO 27001, VDA ISA etc. as well as specific scenarios. The partners will also inform about their individual services such as the design, implementation and optimization of a management system for information security, as well as certification and trainings. In addition Greenbone will demonstrate the option to combine verinice and the Greenbone Security Manager to enable efficient vulnerability management.

You want  to learn more about verinice or certain functions? You want to know if verinice is the right tool for you? Or just give us feedback on the software? You want to get to know some verinice.PARTNERS and their services? We look forward to welcoming you at our booth. For appointments send us an email to itsa@remove-this.sernet.de.

Free eTicket
Get your visitor ticket for free access to it-sa: Just redeem the voucher code A333700 at http://www.it-sa.de/voucher/. With a visitor ticket you’ll be able to explore it-sa on any day starting at 9am.


Infosecurity Europe: Meet verinice in London

16.05.2016

7-9 June 2016 marks the date of the Infosecurity Europe in Olympia (Kensington, London). SerNet will present the ISMS-Tool verinice there for the first time. You can find the SerNet team and the verinice.PARTNERS from Sila Consulting at the verinice booth S70 on the 2nd level.

Together we will introduce verinice in its current version 1.12, demonstrate the potential of the ISMS tool and give an outlook on the future development steps. In addition, Sila informs about partner services such as the design, implementation and optimization of a management system for information security as well as certification and training.

You're interested in certain functions of verinice? You want to know if verinice is the right tool for you? Or just give us feedback about the software or report feature requests?

We look forward to welcoming you at our booth. We also arrange appointments in advance! Just send us a mail to sales@remove-this.sernet.de


A New Privacy Law for Europe: The General Data Protection Regulation

13.05.2016

On 4 May 2016, the General Data Protection Regulation (GDPR) was published in the Official Journal of the European Union. It replaces the national sectoral data protection regulations in the 28 EU Member States. Thus, after a a two-year transitional period, national regulations will not be valid anymore. 

With the reform, a EU wide unified legal framework with a high standard of data protection should be ensured in the member states. For companies, the basic regulation has major implications since they state further demands on businesses alongside the existing obligations.

Future fines could face up to 20 million Euros, or up to four percent of the total worldwide annual turnover achieved. It is advisable to familiarize yourself and make the necessary adjustments to the new legal requirements in time.

The appointed date for the new rules to be legally binding is 25 May 2018. Up to this date, companies need to have their entire data protection organization, security concepts, contracts and business processes adapted to the new legal framework.

In the transitional period, the national legislature is required to act as well. Their task will be to adopt national rules.

All interested in privacy and "concerned" in one way or another are facing an exciting time.

Take advantage of the two-year transitional period. The verinice team is currently doing the same: When the GDPR comes into force, the relevant new rules will be implemented in verinice.


Important Notice: Fixing the glibc flaw

18.02.2016

On February 17th, 2016 a critical bug in the Linux library glibc was made public. verinice.PRO users should patch their operating systems with the updates released.

The command

 

yum update 

 

updates the whole system to the latest version.

If only the operating system should be updated without updating to a newer  verinice version, the following command can be used:

 

yum update --exclude=verinice*

verinice 1.12 released

18.02.2016

verinice 1.12 is out. The new version of the open source tool for the management of information security (ISMS) is an efficient companion for companies, government agencies, consultants and auditors.  A perspective for working with vulnerability scanners is just one of many new features. verinice is published by SerNet.

verinice 1.12 introduces the Greenbone GSM perspective. This allows an easy start into managing vulnerabilities by intertwining verinice with the vulnerability scanner Greenbone GSM (OpenVAS). Two new tutorials explain step-by-step, how the results of vulnerability scans are imported and processed. When working with an IS-management system according to ISO 27001 the scanned systems and weaknesses can be used in a risk analysis.

verinice.PRO offers additional advantages: The workflow helps in assigning responsibilities and fixing vulnerabilities while in operation mode. An intelligent adjustment ensures that even after repeated scans duplicates are avoided and only fixed vulnerabilities are removed from the risk database.

Another big change: the whole development process moved to Github. The verinice source code remains open source – and GitHub helps to make the development more transparent. 

There are also numerous improvements and bug fixes. More detailed information about features and improvements are listed in the release notes for verinice 1.12. verinice 1.12 is available at verinice.org.


Get to know SerNet and verinice at ISSE 2015

20.10.2015

On November 10th & 11th 2015 it's time for the Information Security Solutions Europe Conference (ISSE) in Berlin. SerNet and verinice are Gold Supporter and will be present at the conference location Hotel Palace Berlin (Budapester Str. 45, 10787 Berlin). 

On November 11th verinice team lead Alexander Koderman will give a talk on "1001 Vulnerabilities: removing the breeding ground for cyber threats". More about the content in the Session Details

Visit us and chat with us about verinice and information security at our booth. If buying your ticket your welcome to redeem the voucher code "ISSE15SP" at http://www.isse.eu.com/.


verinice at work: General Secretariat of the Council of the European Union

10.09.2015

The verinice.TEAM is pleased to announce, that the General Secretariat of the Council of the European Union (GSC) joined the active and intensive verinice.PRO users. The GSC supports the European Council and the Council of the EU and helps to organize their work. verinice.PRO now contributes to this task. 

verinice gains popularity as a tried and tested tool for the management of an information security system. Other users include more and more companies, institutions and authorities at local, state and federal level. The verinice.TEAM is happy to extend to extend the group of users to the European level with the GSC.


English languageDeutsche SpracheLingua italiana
© SerNet GmbH, 2018