The verinice.XP 2023 was the meeting point for users of the ISMS tool verinice at the end of February. A special highlight was a report by Alexander Koderman (verinice.TEAM / SerNet GmbH) directly from the verinice lab: the integration of ChatGPT into the new platform verinice.veo using the veo copilot as a browser plugin. Koderman has published the associated code on GitHub: https://github.com/Agh42/veo-copilot.

The entire talk (in German) can be seen at https://verinice.com/chatgpt In it,…

verinice enables the work on an Emergency Management System resp. Business Continuity Management System (BCMS) according to ISO 22301 or BSI Standard 200-4. For the BSI perspective, an exemplary structure is now available, for the ISM perspective an exemplary organization: The mapping of BCM-relevant aspects makes users familiar with the innovations around the topic of BCM with verinice and facilitates the start. Both are available free of charge via the verinice.SHOP.

In addition to mapping…

We add some excitement the contemplative pre-Christmas period: On December 1, the public beta of the product "verinice DPMS" on the long-awaited new verinice.veo platform starts. Until March 1, you have the opportunity to test the fully web-based data protection manager free of charge and without obligation. Access is available here: https://account.verinice.com/. The team is looking forward to feedback!

0 € until March 2023 

verinice.veo is the next generation of verinice. As the first…

Emergency management has found its way into the ISMS tool verinice and verinice.PRO. As of version 1.25, the Business Continuity Management (BCM) in verinice can be documented based on the BSI standard 200-4 or the international standard ISO 22301. The new version is available for download in the verinice.SHOP or in the customer repository. In total, the verinice.TEAM is delivering around 70 new features, detail changes and bug fixes with verinice 1.25. All changes in detail are listed in the Re…

Last week, a vulnerability - now known as Spring4Shell - was discovered in the Spring framework. It is registered as CVE-2022-22965, technical details can be found in this article, among others: https://snyk.io/blog/spring4shell-zero-day-rce-spring-framework-explained/

verinice.PRO is only affected under certain conditions: Only if the verinice-REST-Service is installed on the server. In a standard installation of verinice.PRO, the verinice REST service is generally not included. The verinice…

International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) are working to update the ISO/IEC 2700x family. ISO/IEC 27001:2022 is expected to be published between May and October 2022 – the revised ISO/IEC 27002:2022 has been available since February 15, 2022. There will also be changes for verinice users who operate an ISMS according to ISO 27001 using the open source ISMS tool from SerNet GmbH.

Foreseeable for ISO/IEC 27001:2022 is already: while…

Last week, a critical vulnerability in the widely used logging library log4j 2 became known. The log4j versions included in the verinice.PRO server are not affected by the vulnerability!

The vulnerability is described in this article: Log4Shell and was dedicated the CVS number CVE-2021-44228 .

For more information, see the article in our verinice forum: https://forum.verinice.com/t/verinice-nicht-betroffen-von-log4j-schwachstelle/

However, on a verinice.PRO system there may be other Java…

As of now, the verinice.TEAM provides the BSI published Benutzerdefinierte Bausteine for use in verinice free of charge. They can be ordered and downloaded from the verinice.SHOP. 

Users of IT-Grundschutz have the opportunity to contribute their expertise to IT-Grundschutz by creating so-called Benutzerdefinierte Bausteine (user defined building block). To do this, an institution picks out a topic or partial aspect for which no IT-Grundschutz building block has yet been published and on which…

The IT Baseline Protection Profile for control centers is now available for use in verinice ( as of version 1.22). The Baseline Protection Profile is published by the Fachverband Leitstellen e.V. – in German only – and can now be directly integrated into verinice. It is available free of charge via the verinice.SHOP.

The IT Baseline Protection Profile for Control Centers helps users to install an information security process in a control center and to adapt it to the corresponding requirements.…

The verinice.TEAM has published the additional module verinice PCI DSS. This requirements catalog maps the Payment Card Industry Data Security Standard (PCI DSS) in verinice. The module can be used with verinice starting with version 1.22 in the ISM perspective. It is available to purchase in the verinice.SHOP. 

About the module verinice PCI DSS

The module verinice PCI DSS enables tool-supported verification of compliance with PCI DSS requirements. Requirements from other standards or laws…