News and information about verinice.

From October 10-12, 2023, verinice can be found at the it-sa in Nuremberg. The it-sa is the largest trade fair in the field of IT security in Europe. At booth 7-114 in hall 7, the verinice team of SerNet together with co-exhibitors sila consulting and neam IT-Services will be available for questions and discussions.

Visitors of the booth can get information about the different verinice products. As a special highlight, the latest web-based tools of the platform verinice.veo verinice DSMS and verinice ISMS will be presented. Michael Flürenbrock (Product Owner) and Daniel Murygin (Head of Development) will be happy to report on the latest developments.

The range of services offered by the verinice.PARTNERs can also be learned about. This includes, among other things, consulting on various standards (e.g. BSI IT-Grundschutz, ISO 27001), BCM and the development of an ISMS.

You would like to make an appointment with the verinice team or one of the verinice.PARTNERs? Then send us an E-mail to itsa@remove-this.sernet.de.

Free day ticket - get it now!
For a free ticket, redeem voucher code 503252itsa23 at https://it-sa.de/voucher. We are looking forward to welcoming you at our booth.

The verinice team has released the new version of the risk catalog: it now takes into account ISO/IEC 27001:2022-10, ISO/IEC 27002:2022-02 and ISO/IEC 27005:2022-10. The verinice Risk Catalog (ISO/IEC 27001:2022) - ISM Edition is available for download from the verinice.SHOP or the Update Repository for use in verinice version 1.26 and later.

The updated standards of the 2700x family are currently only officially available in English - therefore, the English Risk Catalog has been updated first. The German Risk Catalog will follow suit as soon as possible, when the German translations are available.

In the new version, the verinice Risk Catalog is again intended to significantly accelerate risk analysis as an add-on module. This is made possible by pre-modeled sample processes and assets as well as threats, vulnerabilities, risk scenarios and controls from the ISO standards:

• 180 generic risk scenarios applicable to any organization, in various categories such as physical damage, inadequate maintenance, cyber-attacks, etc.

• Over 1000 relationships between the risk scenarios and controls as per ISO/IEC 27001:2022 (Annex A) to address these risks. As an organization, all you need to do is complete the implementation status of the controls and customize the relationships.

• 60 basic threats in various categories such as impairment of functions, human actions, technical failure, etc.

• 84 inherent information processing vulnerabilities in categories such as hardware, network, personnel, location, etc.

• 147 sample assets associated with seven basic business processes, in categories such as hardware, information, personnel, location, etc.

There are currently no plans to update the verinice Risk Catalog Plus (ISO 27001 / ISO 27019). Please contact us directly via vertrieb@remove-this.sernet.de if you have any questions about this.

Version 1.26 of verinice and verinice.PRO is now available for download from the verinice.SHOP or from the Customer Repository. The verinice.TEAM provides new features, detail changes and bug fixes with this release. Support for the new ISO/IEC 27001:2022 is the main new highlight. Details are available in the full Release Notes.

The team plans to release the new verinice risk catalog with the relevant content of the ISO 27001 family shortly. In parallel, the customization of the risk analysis in the ISM/ISO perspective has been simplified. In the associated report templates, the risk matrices for confidentiality, integrity and availability can now be customized.

As part of the product maintenance, verinice 1.26 also updates the Rich Client Platform (RCP) and the Java Development Kits (JDK) in addition to numerous detail improvements and bug fixes.

In addition to the new edition of the risk catalog, the data protection module with IT-Grundschutz-Kompendium Edition 2023 should also be available soon.

In addition to the development of the classic verinice, SerNet is working intensively on the new platform verinice.veo, which has been launched with the first product verinice DSMS. Learn more about the fully web-based data protection manager and test our next generation tool for one month free of charge: find out more at verinice.com/veo or contact our sales team directly at vertrieb@remove-this.sernet.de.

The verinice team is not only working on the further development of the professional application, but is also constantly opening up new areas. Among other things, Alexander Koderman, developer and verinice inventor from the very beginning, has dealt intensively with graph databases. Together with Mirko Prehn, he published the article "The Use of Graph Databases in Compliance Automation" in issue 36/December 2022 of IT-Governance magazine, the professional journal of the ISACA Germany Chapter e.V.. We make the article available here as a special PDF edition (read complete article).

From the content: Modern graph databases are perfectly suited to solve typical challenges in compliance management. They can be perfectly combined with current developments in machine-readable formats such as the recently completed OSCAL standard. However, some challenges remain.

At the GraphConnect 2022 conference, Koderman also presented "Cybersecurity Automation with OSCAL and Neo4J." The presentation was recorded and can be viewed on YouTube: https://youtu.be/FVCFmSIsYic.

The verinice.XP 2023 was the meeting point for users of the ISMS tool verinice at the end of February. A special highlight was a report by Alexander Koderman (verinice.TEAM / SerNet GmbH) directly from the verinice lab: the integration of ChatGPT into the new platform verinice.veo using the veo copilot as a browser plugin. Koderman has published the associated code on GitHub: https://github.com/Agh42/veo-copilot.

The entire talk (in German) can be seen at https://verinice.com/chatgpt In it, Koderman also immediately cleared up a common misconception when dealing with language models, which can be solved with the necessary background knowledge and the right query. 

Koderman highlights the tremendous progress of language models that everyone has seen in recent weeks and months. Not only can they now solve puzzles faster than humans can even read them. ChatGPT and co. are also now processing the concepts behind them. The impact of AI on information security management is correspondingly far-reaching, he says: "The way we analyze cybersecurity risks, implement measures and ensure compliance will change dramatically." The use of AI-powered tools in information security management has the potential to significantly improve the efficiency and effectiveness of the work, he said.

ChatGPT as copilot

Koderman also sees a lot of potential for verinice: "The ongoing development and expansion of language models presents us as tool developers with challenges and opportunities: how can we incorporate natural language interfaces into traditional user interfaces? In the coming months, we will answer these questions and add exciting new features to verinice.veo."

A first answer is already available as an experiment: The veo copilot as a browser plugin. This can be used to test and play in the web-based verinice DSMS, which is available now. In his presentation, Koderman not only demonstrates how this works, but also takes this opportunity to give a little insight into the latest generation verinice. Meanwhile, the copilot also uses the current language model behind ChatGPT, which is now available via the OpenAI API.

More recordings of verinice.XP 2023 will be gradually published on the verinice YouTube channel: https://www.youtube.com/c/verinice

verinice enables the work on an Emergency Management System resp. Business Continuity Management System (BCMS) according to ISO 22301 or BSI Standard 200-4. For the BSI perspective, an exemplary structure is now available, for the ISM perspective an exemplary organization: The mapping of BCM-relevant aspects makes users familiar with the innovations around the topic of BCM with verinice and facilitates the start. Both are available free of charge via the verinice.SHOP.

In addition to mapping the ISMS, the BCM extensions in verinice also allow establishing a BCMS (learn more at verinice.com/bcm). verinice supports users throughout the entire PDCA cycle. Videos are also available for each perspective in the YouTube channel of the verinice team, showing step-by-step how to proceed.

You have further questions about BCM with verinice? Feel free to use the verinice forum or contact our sales team.

This is what the BCM sample data offers:

The data comes in the form of a .VNA file for import into verinice version 1.25 and higher. Included is an exemplary structure or organization with sample data for a BCMS with the following scope:

1. Initiating, designing and planning the BCM/BCMS

   • Determining the boundaries and applicability of the BCMS

   • Determining the scope of application of the BCMS

   • Analysis of extended framework conditions / context of the organization (eg stakeholder analysis)

   • Definition of the BCM structure organization

   • Allocate and ensure responsibilities for relevant roles

   • Documentation of BC relevant documents

2. In the implementation of an appropriate safeguarding of business processes

   • Conducting business impact analysis (BIA)

   • Preparation of a target/actual comparison

   • Risk management with risk analysis according to BSI standard 200-3 or ISO 27005

   • Manage business continuity strategies / solutions

3. In performance review and reporting

   • BCM reporting: evaluation of BIA parameters (MTPD, RTO, RPO) or your critical business processes

   • Capture and evaluation of BCM-relevant key figures

4. In correcting and improving the BCMS

   • Management of derived actions, e.g. corrective and improvement actions

   • Creation of a BCM action plan

We add some excitement the contemplative pre-Christmas period: On December 1, the public beta of the product "verinice DPMS" on the long-awaited new verinice.veo platform starts. Until March 1, you have the opportunity to test the fully web-based data protection manager free of charge and without obligation. Access is available here: https://account.verinice.com/. The team is looking forward to feedback!

0 € until March 2023 

verinice.veo is the next generation of verinice. As the first product on the new platform, interested parties can get to know "verinice DPMS" in a public test phase starting December 1, 2022. The verinice.veo data protection manager maps a complete data protection management system (DPMS). You can use it to manage the requirements of the GDPR in your institution and effectively ensure compliance. A comprehensively designed demo unit offers a detailed briefing on the concept and usage options of the data protection manager. During the public beta, you have free access to the full DPMS tool in the standalone version until March 1, 2023, and can get a first impression.

Important functional components of the DMS include:

• Directory of processing activities
• Appointment of data protection officers
• Commissioned data processing and data protection contracts
• Risk management and data protection impact assessment
• Data protection incident management
• Technical and Organisational Measures (TOM)
• Contract and document management

Feedback wanted!

Truly in the tradition of verinice, verinice.veo will continue to evolve along the needs of users. For this purpose, we would like to enter into an intensive dialog with you. We look forward to your feedback to make verinice.veo even better. Discuss with us and other beta testers in the verinice.FORUM: https://forum.verinice.com/veo.

What's next

Over the next few months, the team will first deploy the multi-user per-client version. This will be followed by the version for multiple clients ("units") per client. An on-prem version for one's own data center or for operation at one's trusted hoster is expected to be available in the second quarter of 2023. In the fourth quarter of 2023, we will also release the product "verinice ISMS" into the wild, first for BSI IT Baseline Protection and immediately thereafter for ISO 27001. The necessary points of interaction of data protection in the DPMS tool with information security in the ISMS tool are consistently included in verinice.veo from the very beginning.

New dates for verinice webinars introducing how to "Establish an ISMS according to ISO 27001 in verinice.PRO" are available. Thus, the verinice.TEAM offers the opportunity to get to know the tool for information security management and to ask questions directly to the verinice makers in the first half of 2023.

The presentation will take place via GoTo Webinar, please register directly there. You can also find further information on our webinar info page.

The verinice.TEAM has also recorded webinars: Interested parties can also watch these to get a first insight into the ISMS tool and the concrete implementation. All videos are compiled at verinice.com/media (mainly in German). Questions can be sent to verinice@remove-this.sernet.de. 

Emergency management has found its way into the ISMS tool verinice and verinice.PRO. As of version 1.25, the Business Continuity Management (BCM) in verinice can be documented based on the BSI standard 200-4 or the international standard ISO 22301. The new version is available for download in the verinice.SHOP or in the customer repository. In total, the verinice.TEAM is delivering around 70 new features, detail changes and bug fixes with verinice 1.25. All changes in detail are listed in the Release Notes.

Identify core processes, capture criticality data, define failure scenarios and determine relevant systems for restart - all this can now be done directly in the IT baseline protection or ISO-ISM perspective. Implementing emergency management directly in the familiar perspectives offers numerous advantages. Tatjana Anisow, product owner verinice: "Users who already maintain their ISMS with verinice can continue to work with data that has already been collected and supplement it with the necessary information for BCM." This synergy between ISMS and BCMS is also interesting for newcomers or first-time users, simplifies the recording and leads to a more efficient, concise procedure. "verinice brings information security, emergency planning and data protection together," says Anisow. This also enables IT security officers, BCM officers and data protection officers to work hand in hand.

"Especially in the area of BCM, we will deliver a lot more in the coming verinice versions," Anisow indicates. She is responsible for the further development of verinice and announces, among other things, the fine-tuning with finalisation of the BSI standard 200-4 as well as an extensive sample organisation including standard reports as an additional module. The sample organisation will be available independently of verinice releases via the verinice.SHOP and aims to considerably simplify work for emergency management.

Do you need support with the update to verinice 1.25? Please contact the verinice team if you have an existing support contract or purchase a support budget via the verinice.SHOP.

The verinice team is also working intensively on verinice.veo, which will enter public beta by the end of the year with verinice.veo DSMS as the first product. More information is available at: verinice.com/veo

.

Also this year verinice will be present at the it-sa in Nuremberg. This time, the largest trade fair in Europe on the subject of IT security will take place from October 25 to 27, 2022. You will find the verinice.TEAM of SerNet GmbH together with the partners Cassini and sila consulting in hall 7 booth 107.

At it-sa you will receive information about the verinice products as well as about the different services of the verinice. PARTNERS like the setup of an ISMS, consulting on standards like BSI IT-Grundschutz, ISO 27001 and much more.

We would be happy to give you an insight into our latest tool verinice.veo DSMS. You can talk to Michael Flürenbrock (verinice.veo Product Owner) and Daniel Murygin (technical development manager) about the next steps and the future of verinice.veo.

Would you like to make an appointment with us or one of our partners in advance? Then please send us an email to itsa@remove-this.sernet.de.

Get your free day ticket now!
Explore it-sa and visit us at our booth with a free ticket - we will gladly send you an individual registration link. Just send us an e-mail to itsa@remove-this.sernet.de. We are looking forward to seeing you!