Download verinice in version 1.6.2 - new in this release:

• Vulnerability Tracking with Greenbone GSM and verinice

  
   

  With verinice and Greenbone / OpenVAS, you're well prepared when ISO 27001:2013 is published, come the end of 2013! It increases the importance of the detection and removal of software with known technical vulnerabilities with the (extended) section A.12.6 "Technical Vulnerability Management" and the new  A.18.1.3 "Technical Compliance Inspection"!
  You can import your scan results from Greenbone GSM / OpenVAS directly into verinice and use it there as part of your risk analysis. Users of IT baseline protection benefit from the new automated import of GSM IT Baseline Protection scans via the verinice webservice.
• Workflow-based vulnerability tracking and patch management

  
   

  With verinice.PRO you can go further in tracking vulnerabilities: Do you know the problem, that you're faced with hundreds or thousands of identified vulnerabilities and now you have to evaluate and aggregate them by topic and responsibility? Can you still manage the timely fix of these vulnerabilities if you use distributed responsibilities - maybe even worldwide - that have to be considered in patch management?
  Verinice.PRO brings a new type of workflow specifically designed for this purpose. Identified weak spots are packed in compact groups for individual managers, are communicated via e-mail notification and web frontend and the prompt correction is monitored by the workflow enginge of verinice.PRO. The configurable, regularly scheduled transfer from the scanner to verinice confirmes the adjustment as final instance - or uncovers the patching of vulnerable software left undone.
• The verinice risk catalog
  The new verinice risk catalog is now available in our webshop. It facilitates and accelerates the implementation of a risk assessment in accordance to ISO 27005. Our new screencast shows the use of the catalog and the basic risk assessment methodology in verinice - see http://www.verinice.com/en/media. Both, the screencast and the catalog, are available in German and English.
  The catalog is already included in verinice.PRO subscriptions.
• The vernice.PARTNER network
  On our new site verinice.com/en/partner you will now find a steadily growing list of experienced advisers. They have already mastered  several projects with verinice / verinice.PRO, successfully coached their customers and can achieve the goals set by them. verinice.PARTNER support you accordingly to their specialities both with the technical implementation of a information security project / audits as well as the installation and maintenance of a verinice instance.

• Entry forms take dependencies with regard to contents into account
  All entry forms in verinice support to show and hide form fields depending on previous selections. Thus, for example the fields for the required levels of protection disappear as soon as the user selects the "maximum principle" for automatic inheritance. These dependencies can now be found in many places, they provide an improved overview as well as improve data quality.

Please check the general instructions for the update and the release notes (German only at the moment).

As of now the manual for the free open source tool verinice. is available at the verinice Online Shop. verinice helps you to handle the management of information security.

Over 150 pages explain the operation of the Client for Windows, Mac and Linux, describe the web frontend and give many instruction for the operation of the verinice.PRO server.

Separate chapters deal with the topics "Methods for Risk Management",
working withe the different perspectives, "Privacy", "Basic protection", "ISM / ISO" and "VDA" especially for the users in the Automotive sector.

The manual is only available as subscription and is distributed as PDF. For 49.98 Euros, customers get a one-year-access to the documentation maintained by SerNet. The manual is free for users of verinice.PRO.

We do not sell paper that is already outdated at the time of delivery. Rather, customers have the opportunity to download the current PDF up to the last day of their subscription.

With the manual SerNet tries to transfer the successful open source distribution model of the update subscriptions to the documentation as well.

Visit https://shop.verinice.com to shop the offer.

Yesterday, the BSI released the metadata update for the 12th supplemental set of the IT-Baseline Catalogs (German only). As of now, this update is available for verinice users.

For users of the free version of verinice the catalog can be found on our download server: it-grundschutz_el12_html_de.zip.

After downloading, the file has to be selected in the settings of verinice:

Menu -> Einstellungen -> BSI IT-Grundschutz -> ZIP-Datei mit GS-Katalogen

Please note: Unlike before, the version that is available on the BSI website for download cannot be used in verinice directly. Please use the above mentioned file only.

For users of verinice.PRO a new RPM package is ready in the repository. It can be installed using the normal update command. After updating the RPM package verinice.PRO the configuration of the server has to be changed in order for the new file to be processed. In the file:

/usr/share/tomcat6/webapps/veriniceserver/WEB-INF/veriniceserver-plain.properties

change the property

veriniceserver.grundschutzKataloge

to

veriniceserver.grundschutzKataloge=/WEB-INF/it-grundschutz_el12_html_de.zip

Please note the list of changes of the 12th supplemental set compared to the previous version. In particular, changes in individual actions, that have to be considered as part of your basic security check. Changes such as discontinued measures are represented by verinice after the import. Changes in the content of individual measures must be reviewed by the security officer and possibly be re-evaluated.

When transferring the existing results to revised modules the verinice consolidation feature can be of help.

The complete description of all changes can be found in the PDF document provided by the BSI, see chapter "New": IT-Grundschutz-Kataloge-12-EL.pdf

Here is a short list of the main new features:

• Module 3.403 answering machineremoved
• Module 5.10 Internet Information Server removed
• Module 5.11 Apache Webserver removed

• Module 3.401 PBX revised
• Module 5.3 Groupware revised (former title : "E -mail" )
• Module 5.4 Webserver revised

• Module 4.8 Bluetooth added
• Module 3.305 Terminal Server added
• Module 3.304 virtualization added
• Module 5.18 DNS server added
• Module 5.19 Internet use added

Note for verinice.PRO installations: In order to include the new Grundschutzkatalog immediately, the cache of the application server needs to be emptied. Proceed as followed.

1. Stop the Tomcat-Server.

2. Delete all files in the folder /var/cache/tomcat/temp/ .

3. Deploy the changes in the file "veriniceserver-plain.properties". It is located in the directory /usr/share/tomcat6/webapps/veriniceserver/WEB-INF/ and contains the properties and preferences of the Baseline Catalogs to be used.

4. Restart the Tomcat-Server.

The new version 1.5.3 of verinice is available in our download area.

New in this Release

• The export of large IT organizations and associations runs faster.
• The web front-end is converted to new surface elements, making it compatible with more versions of browsers. (verinice.PRO)
• If you select the import option "Integrate", links will also be imported. (Bugfix)
• The general CSV import is working properly again. (Bugfix)
• Beta: A new view shows all of the ISO 27000 objects which can be edited. (verinice.PRO)

The VDesigner 1.5.2 is available for all users of verinice.PRO. As a standalone software package, it provides advanced users with the ability to customize the verinice report templates and enables them to create own report templates.

The VDesigner allows:

• to change logos, page headers, fonts and layout related aspects in reports
• to filter table content according to various criteria, to sort, and to aggregate results
• to work on existing or own charts with the integrated wizard
• to add your own object properties (customizing) in existing tables
• complex issues (nested tables, own queries)

The VDesigner is based on the open source BIRT framework. Users who already have experience using the BIRT report designer will find their way in VDesigner quickly.

The Designer is downloadable from the repository in the verinice.PRO VDesigner folder. There you can also find a quick guide with some examples as well as the templates of the reports contained in verinice.

We just publish the newest version of verinice 1.4.0 in our download area:

New in verinice 1.4.0:

• Improved quickness of the application at different steads, e.g.
  for copy and paste, import and save of elements.
• verinice-1.4.0 is now available as an beta version for Mac OS X.
• New output format for reports: OpenDocument-Text and OpenDocument-Spreadsheet supported by OpenOffice and LibreOffice
• A range of new and improved reports
• External Links for ISO 27001 elements

From now on verinice 1.3.2 with the codename Ericeira is available. The download of new versions is via the verinice.SHOP.

New in this release

• Report output formats Word and Excel
• File attachments of all items are exported and imported
• verinice.PRO: E-mail addresses of users are imported from the Active Directory
• verinice.PRO: Even with simultaneous access by many users, a new login is no longer required (bugfix)
• verinice.PRO: Access of unprivileged users to Oracle databases is possible again (bugfix)

Please also note the Release Notes.

Codename: Hossegor

From now on, verinice-1.3.1 can be downloaded from the download area.

New in this release

• Improvement of inheritance of Business Impact values for Confidentiality, Integrity and Availability (bug fix)
• The import of controls from catalogues into the Information Security Model via drag and drop is possible again (bugfix)
• The risk analysis according to ISO 27005 has been improved (bugfix)
• Improvement of the colour marking in the report Risk Assessment: Assets (Bugfix)
• In the editor settings, all input fields are selected when the programme is started for the first time.
  Important: The settings must be activated once. Select in the menu: Edit->Onssettings... and in the dialogue: Editor settings -> Apply

On the Website of the VDA (Verband der Automobilindustrie) verinice is described as a tool for simplified answering of the so-called "Information Security Assessment" (VDA ISA). The ISA is a questionnaire on information security with an integrated process maturity model, which was integrated into verinice in cooperation with the corresponding working group of the VDA.

In a contribution to the IT Conference 2010 of the DIIR, Senior Expert Sascha Brock describes how the quality and security of web applications at Deutsche Post DHL is ensured by internal revision through process-oriented auditing over the entire life cycle. In doing so, he also discusses verinice as a suitable tool for supporting the audit approach described.