From installing and working with verinice to importing OpenVAS scans: 16 screencasts, produced by Nils Ulltveit-Moe, guide users through the OpenSource information security management system (ISMS). They're all available via YouTube.
The tutorials demonstrate, for example, how to add threats and vulnerabilities, how to create risk scenarios and risk assessment reports or how to add documents and design workflows. They also introduce the Spanish open standard MAGERIT. By this the course utilises the verinice feature to implement additional catalogues and content.
Ulltveit-Moe is Associate Professor at the University of Agder (Norway). His screencasts and the associated verinice course are part of PRECYSE (Prevention, protection and reaction to cyber-attacks to critical infrastructures) – an European research funded project "that defines, develops and validates a methodology, an architecture and a set of technologies and tools to improve the security, reliability and resilience of the ICT systems supporting the Critical Infrastructures".
The verinice.TEAM is delighted about the screencasts and some of the approaches. We encourages other verinice users to explore the tool, put it to use and contribute to the community content as well.
March 24th - 26th 2015 marks the date of WHD.global (World Hosting Days) - verinice will be present as well. The SerNet GmbH, home of verinice, will be hosting a verinice booth. You're invited to visit us at D12 and dive into the the meet-up of the hosting and internet world at Europa-Park Rust with us.
The SerNet team is excited to present and talk about verinice as well as the according topics IT-Security, ISMS, ISO 27001 and BSI Baseline Protection. On Thursday (March 26th) SerNet CEO Dr. Johannes Loxen will give a talk about "There is no security without Open Source" (venue "Circus Celebration"). And again we're eager to recruit v.LEUTE (what actually means.... liaison people)! So, have some nice World Hosting Days and come by to participate in this competition.
Planning on visiting the WHD.global 2015? You can redeem this code in order to get a free daypass:
Please visit the WHD registry to get your ticket.
As of now verinice 1.9 is available for download. The update at a glance:
verinice 1.8 has been released. The new version is ready to be downloaded here.
verinice 1.8 delivers a couple of new features to make the management of your ISMS even more friendly and efficient:
Please regard the general notes for updating.
The new features in verinice 1.8 come from user requests. By close and frequent communication with the support and development team, users were able to communicate their experiences and to initiate improvements. We continue to promote this vibrant exchange. Please write us at verinice@ - we will consider your concerns. sernet.de
verinice will be present at the IT-security expo it-sa from October 7th to 9th 2014 in Nuremberg. Meet up with the team in hall 12.0 / 12.0-339 and get all the news about verinice as well as the future roadmap.
From now on verinice is available in version 1.7.0. Main changes are:
The standards ISO / IEC 27001:2013 and the IT-Baseline Catalog with its 13th supplemental set are availabe in the most recent versions.
verinice can now import entire subtrees from the file system into the database in a single action. Folder structures are also listed, files create appropriate objects and are imported simultaneously as attachments. Existing policies or audit evidence can be quickly and simply transfered into the database. The import can also create connections between objects, e.g. map the relationship between policies and the controls described therein.
A new consolidation function for IS Assessments makes it possible to transfere existing audit results to surveillance audits. Existing linkages such as to central directives and other objects are taken into acount. This feature facilitates the continuous checking of information security through the acquisition of past findings and the evidence as a starting point for a new audit .
Other applications are now able to import attachments automatically using the web service. For example, reports from OpenVAS / Greenbone-GSM can be created automatically in the verinice database and the original reports are stated as well as reference.
A new report for verinice.PRO users shows tasks in the system that are assigned using workflows. Thus, the processing status of each task, the person responsible and the time frames are visible and make it a lot easier to track tasks at hand.
Manuals are available in English now. These include:
"Heartbleed" - a severe vulnerability in the OpenSSL encryption software - currently worries the IT scene. At SerNet and in the verinice team we looked into the matter intensively and found corresponding solutions. We will keep you updated about all possible developments.
Information for verinice customers:
UPDATE for SerNet customers with firewall systems:
All measures to be taken have been completed. Affected customers were informed and the vulnerability is closed. If necessary, the SSL certificates were exchanged.
If you have specific questions about your systems and Heartbleed, please call us at +49 551 37 0000 0 or send an e-mail to heartbleed@ or contact the verinice support directly. sernet.de
A case study from Greenbone Networks GmbH shows how to make automated vulnerability management possible in combination with verinice: LEONI AG, automotive supplier headquartered in Nuremberg, relies on a combination of Greenbone Security Manager (GSM) and verinice.PRO
As it stands out, LEONI was able to increase the elimination of vulnerabilities significantly as well as raise the efficiency of globally distributed IT teams. Success factor is the close integration of the two components - made possible by Greenbone Networks and SerNet working together closely. As a result LEONI achieved time savings and reduced the number of vulnerabilities to one tenth of the previous value.
You want to know more about GSM and verinice? Please feel free to send us a mail to verinice@. sernet.de
From March 10th - 14th, our verinice-Team and SerNet relocate to Hannover to take part in the CeBIT 2014. You'll find us ins hall 6, stand G10 – visit us there and get to know all the developments regarding our ISMS-Tool.
Exchange your ideas and your future requiremets for verinice with us, learn more about the verinice roadmap and have a look at verinice.PRO. Or just enjoy a cup of coffee with us.
You need an eTicket? We've got one for you! Just contact us at firstname.lastname@example.org
We're looking forward to meet you in Hannover!
The verinice team will be present at the IT security fair it-sa in Nuremberg (8 - 10 October 2013). You will find us in Hall 12, Booth 333.
Find out the latest news about our ISMS software in version 1.6.3 - it provides security managers with simplifications for their daily tasks and furthers the development of the workflow engine which started with version 1.6 consistently. Of course, we can also advise you in all matters relating to information security standards such as BSI IT-Baseline Protection and ISO 27001, data protection and risk management.
We're free for individual appointments!
Want to visit us at the it-sa? Then redeem voucher number 27069 on www.it-sa.de/en/visitors/tickets/voucher/ - you'll receive a free e-ticket. Or contact us at email@example.com.