The new verinice Risk Catalog is available as of now. ISO released the updated version of ISO/IEC 27001:2013 in October 2013 with numerous changes - all of which are incorporated in this new catalog. Whether verinice novice or expert: The up-to-date Risk Catalog will turn out to be a real time saver.
The new version of this verinice risk cataloge contains all 14 control clauses, 35 security categories and 114 controls of the standard. Furthermore it contains 109 generic risk scenarios, 47 threats, 90 vulnerabilities and more than 1,100 Relations between them to combine all objects into a meaningful context.
All controls are supplied with short and concise descriptions as implementation guidance. Also, the objective for each security category is summarized briefly in comprehensive form.
The list of mandatory documents was adapted and shortened conforming to the new standard. However, all other documents that are recommended for successful operation of an ISMS are still there in the category "Recommended Documented Information".
All controls are linked accurately to fitting risk scenarios to speed up the process of risk assessment, risk treatment and risk-based selection of the standard Annex A controls.
Active risk reduction and time savings
The verinice risk catalog combines two time-intensive activities of ISMS implementation: the creation of the "Statement of Applicability" (SoA) and the risk analysis. The results of the SoA are taken into account directly in the risk analysis in verinice. This will save you a lot of time in the risk treatment. And the controls of ISO 27001 turn out to be more than just a compliance checklist: they reduce IT risks immediately. This renders formulating own controls for risk treatment redundant.
The cost of risk assessment and risk reduction is thus significantly reduced, allowing more time to be spend for the identification and treatment of organization-specific risks.
Get the new version of the risk catalog
verinice.PRO subscribers will find the new version of the risk catalog in the repository. The verinice risk catalog is available to them free of charge.
For users of the free verinice version the catalog is available in our web shop.
The download code is valid for one year. So if you have purchased the 2005 version of the risk catalog within the last 12 months, the update is now free for you to download.
Please note: The updated catalog for ISO 27001:2013 is currently only available in English. A German version will be released as soon as DIN finalizes the German translation of ISO 27001:2013.
Import-Instructions:
As a new user please simply import the catalog
"verinice_Risk_Catalogue_EN_-ISO_27001_2013",
to start with a new database based on the current standard.
If you are already a user of the risk catalog based on ISO 27001:2005,
please use the catalog
"verinice_Risk_Catalogue_EN_-ISO_27001_2013-UPDATE"
The update catalog is imported over an existing risk catalog that was
imported in the past. Before you do that, you should save your database using the export-feature.
After the import, all omitted controls and documents are marked with "OMITTED" and should be deleted by you after manual verification.
Changed controls are marked with "REMOVE". These can also be deleted after manual verification.
In both cases you should verify that you have made all necessary changes to documents and other attachments that you may have added to objects that are no longer needed. You should also check for any relations that you have created since the original import of the old catalog before deleting anything.
