News

News and Press Releases

    Page 5 of 8.
  • 4
  • 5
  • 6

Europa Flagge

On 4 May 2016, the General Data Protection Regulation (GDPR) was published in the Official Journal of the European Union. It replaces the national sectoral data protection regulations in the 28 EU Member States. Thus, after a a two-year transitional period, national regulations will not be valid anymore. 

With the reform, a EU wide unified legal framework with a high standard of data protection should be ensured in the member states. For companies, the basic regulation has major implications since they state further demands on businesses alongside the existing obligations.

Future fines could face up to 20 million Euros, or up to four percent of the total worldwide annual turnover achieved. It is advisable to familiarize yourself and make the necessary adjustments to the new legal requirements in time.

The appointed date for the new rules to be legally binding is 25 May 2018. Up to this date, companies need to have their entire data protection organization, security concepts, contracts and business processes adapted to the new legal framework.

In the transitional period, the national legislature is required to act as well. Their task will be to adopt national rules.

All interested in privacy and "concerned" in one way or another are facing an exciting time.

Take advantage of the two-year transitional period. The verinice team is currently doing the same: When the GDPR comes into force, the relevant new rules will be implemented in verinice.


On February 17th, 2016 a critical bug in the Linux library glibc was made public. verinice.PRO users should patch their operating systems with the updates released.

The command

 

yum update 

 

updates the whole system to the latest version.

If only the operating system should be updated without updating to a newer  verinice version, the following command can be used:

 

yum update --exclude=verinice*

verinice 1.12 is out. The new version of the open source tool for the management of information security (ISMS) is an efficient companion for companies, government agencies, consultants and auditors.  A perspective for working with vulnerability scanners is just one of many new features. verinice is published by SerNet.

verinice 1.12 introduces the Greenbone GSM perspective. This allows an easy start into managing vulnerabilities by intertwining verinice with the vulnerability scanner Greenbone GSM (OpenVAS). Two new tutorials explain step-by-step, how the results of vulnerability scans are imported and processed. When working with an IS-management system according to ISO 27001 the scanned systems and weaknesses can be used in a risk analysis.

verinice.PRO offers additional advantages: The workflow helps in assigning responsibilities and fixing vulnerabilities while in operation mode. An intelligent adjustment ensures that even after repeated scans duplicates are avoided and only fixed vulnerabilities are removed from the risk database.

Another big change: the whole development process moved to Github. The verinice source code remains open source – and GitHub helps to make the development more transparent. 

There are also numerous improvements and bug fixes. More detailed information about features and improvements are listed in the release notes for verinice 1.12. verinice 1.12 is available at verinice.org.


On November 10th & 11th 2015 it's time for the Information Security Solutions Europe Conference (ISSE) in Berlin. SerNet and verinice are Gold Supporter and will be present at the conference location Hotel Palace Berlin (Budapester Str. 45, 10787 Berlin). 

On November 11th verinice team lead Alexander Koderman will give a talk on "1001 Vulnerabilities: removing the breeding ground for cyber threats". More about the content in the Session Details

Visit us and chat with us about verinice and information security at our booth. If buying your ticket your welcome to redeem the voucher code "ISSE15SP" at http://www.isse.eu.com/.


The verinice.TEAM is pleased to announce, that the General Secretariat of the Council of the European Union (GSC) joined the active and intensive verinice.PRO users. The GSC supports the European Council and the Council of the EU and helps to organize their work. verinice.PRO now contributes to this task. 

verinice gains popularity as a tried and tested tool for the management of an information security system. Other users include more and more companies, institutions and authorities at local, state and federal level. The verinice.TEAM is happy to extend to extend the group of users to the European level with the GSC.


verinice 1.11 received a minor update: With verinice 1.11.1 the verinice.TEAM fixes two small bugs. verinice clients now start correctly in English if they are installed on non-English operating systems. In addition, own measures with descriptions that are longer than 255 characters can be created in the basic protection perspective when conducting a risk analysis.

The verinice download page has been adapted to the current version 1.11.1; verinice- and verinice.PRO users are automatically alerted to the new version.


Version 1.11 of the ISMS tool verinice has been released. verinice now implements the open source framework Elasticsearch, which enables full-text search. verinice- and verinice.PRO users are automatically alerted to the new version; manual download is available. 

With version 1.11 verinice and verinice.PRO received a search function, and all objects can be found quickly now. The framework Elasticsearch is employed for the full-text search, which is also used e.g. by Wikimedia. Search results can also be exported as a CSV file. 

The verinice.TEAM has made extensive improvements on the GSTOOL import. Speed and memory consumption were enhanced, thus optimizing the support for large GSTOOL databases. With some of the biggest GSTOOL databases in Germany already imported, verinice now even accepts those with sizes of 1 gigabyte and more "in one go". The GSTOOL was the official but now deprecated software tool published by the German BSI for its IT-Baseline standard.

 

For details on the new features and improvements please see the release notes to verinice 1.11 Please note the listing of changed configuration files under the heading "How to Update".


Our newly published verinice 1.10 unfortunately suffered from a small mistake: On Windows, the startup screen (splash screen) did not appear. While the application started and ran without problems - a longish period passed until the actual program window opened. That could result in multiple clicks and accordingly repeatedly opened verinice instances.

The verinice.TEAM quickly published a solution. Through an online update of the verinice client the error can be eliminated:

"Help" -> "Check for Updates"

We apologize for this inconvenience.


The latest version of verinice is now available. With V 1.10 users have access to the IT Baseline Protection Catalogs in English and can use the new edition of the VDA IS-Assessment in version 2.x. Exclusive new features for the server version verinice.PRO are single-sign-on with Active Directory and importing users from the AD into the IT Baseline view as well as the optimization of the task view.

Important note for the update: Due to the necessary data migration, thefirst launch of verinice clients after updating may take a bit longerthan usual. Don’t panic. For more information, see the section "Display of file size in the File View". Please also note the general indicationsregarding the update and the release notes.

The new features at a glance:

English IT Baseline Protection Catalogs

The full text of the IT Baseline Protection Catalogs published by the German Federal Office for Information Security (BSI) is now available in English. Especially international teams benefit from this, simplifyingthe work with the IT Baseline Protection significantly.

However, users of the native ISO 27001:2013 can profit from the comprehensive catalog of risks and controls as well: during risk assessment and risk treatment the Baseline Protection Catalogs can be used as a comprehensive database, especially on specific topics like Windows or SAP.

All risks can be used as scenarios in an individual risk assessment. Simply drag-and-drop the desired risks or whole modules into the risk model. The catalogs, containing more than 1,500 Baseline Protection controls, will proof to be useful during risk treatment. As specific controls, they supplement the generic requirements of ISO / IEC 27002:2013. The controls are easily dragged-and-dropped into the ISM-risk model.

The English IT Baseline Protection Catalogs correspond to the 13th catalog update version from the BSI.

 

Update on VDA ISA 2.x

verinice V 1.10 fully supports the new edition of the IS-Assessment catalog published by the German Association of the Automotive Industry (VDA) in version 2.x. Apart from the actual catalog, the method of calculating the averages and the "Total Security Figure" have been adjusted. The issued report provides the radar chart indicating the level of maturity reached and the target level of maturity for each chapter, taking into account all the questions marked "NA".

Users of verinice are absolutely compliant with the VDA standard. Moreover a consolidator allows to import assessment results originating from theVDA 1.x standard. Shifts of controls etc. are taken into account properly. 

 

Display of file size in the file view

The file view now reveals the file size of each attachment. This accelerates, for example, the inevitable clean up of a growing database.

Note: After updating to V 1.10 the file size information is updated in the database. The update will be triggered at the first connection of a verinice client to the database. Depending on the number of attachments this can take from a few seconds up to several minutes to complete. We therefore recommend to immediately perform a client-start after the server update, so the update is complete before the first regular user logs in. The migration is executed only once.

 

Exclusive features of verinice.PRO

Single-Sign-On with Active Directory

On Windows-clients verinice.PRO now supports Single-Sign-On: registered users are automatically logged in to verinice.PRO. Re-entering the username and password is not required.

The previous registration mechanism with renewed user and password input is still available as an alternative, e.g. if you want to work in verinice with another user as the one logged in into Windows.

Import of individuals from AD in the baseline protection view
When running an AD import it is now possible to select whether the imported persons and accounts are created in the ISM or in the Baseline Protection model.

Optimization of the task view
The task view has been improved: Tasks load faster and a detailed search allows you to find specific tasks. Tasks can be sorted by group, editor, process, task type, start and end date.

 

Improvements and bug fixes

Minor improvements and a variety of fixed bugs in various places roundoff V 1.10. Some worth mentioning are:

  • In the web front-end for tasks the full text of Baseline Protection Controls can now be viewed. This makes it easier to delegate the basic security check as well as control implementation.   
  • The local report repository on the verinice client now works as intended.   
  • The allocation of modules, users and target types when using the GSTOOL import have been corrected.   
  • Inheriting custom icons to child objects can now be switched on or off.   
  • When moving objects it can be selected if the permissions of the destination folder should be applied to the moved object.   
  • Double-clicking an attachment in the file view now selects the associated object in the tree view.   
  • The standard account view display was changed to: "Last name, firstname [account]"   
  • When displaying account groups, the right hand display does not show a total list of all accounts as before, but only those who are not included in the selected group. This facilitates the search for non-associated accounts.   
  • The customization file ("SNCA.xml") will no longer be moved during the update process but will continue to operate as is. Attention: Please continue to follow the update instructions for dealing with configuration files!

    Page 5 of 8.
  • 4
  • 5
  • 6

Search News

Press contact:

Claudia Krell
presse@remove-this.sernet.de

Archive:

English languageDeutsche SpracheLingua italianaČeský jazyk
© SerNet GmbH, 2020