The verinice team has released the new version of the risk catalog: it now takes into account ISO/IEC 27001:2022-10, ISO/IEC 27002:2022-02 and ISO/IEC 27005:2022-10. The verinice Risk Catalog (ISO/IEC 27001:2022) - ISM Edition is available for download from the verinice.SHOP or the Update Repository for use in verinice version 1.26 and later.
The updated standards of the 2700x family are currently only officially available in English - therefore, the English Risk Catalog has been updated first. The German Risk Catalog will follow suit as soon as possible, when the German translations are available.
In the new version, the verinice Risk Catalog is again intended to significantly accelerate risk analysis as an add-on module. This is made possible by pre-modeled sample processes and assets as well as threats, vulnerabilities, risk scenarios and controls from the ISO standards:
180 generic risk scenarios applicable to any organization, in various categories such as physical damage, inadequate maintenance, cyber-attacks, etc.
Over 1000 relationships between the risk scenarios and controls as per ISO/IEC 27001:2022 (Annex A) to address these risks. As an organization, all you need to do is complete the implementation status of the controls and customize the relationships.
60 basic threats in various categories such as impairment of functions, human actions, technical failure, etc.
84 inherent information processing vulnerabilities in categories such as hardware, network, personnel, location, etc.
147 sample assets associated with seven basic business processes, in categories such as hardware, information, personnel, location, etc.
There are currently no plans to update the verinice Risk Catalog Plus (ISO 27001 / ISO 27019). Please contact us directly via vertrieb@sernet.de if you have any questions about this.
