News and information about verinice.

Unfortunately, a traditional date in the verinice calendar has to be cancelled this year due to the Corona pandemic: The it-sa. After extensive deliberations, NürnbergMesse decided that the changed conditions would be too much of a hindrance to an it-sa in autumn 2020. This includes the presentation of a new verinice version at it-sa and the intensive personal exchange between the verinice team, partners and users on site.According to a statement by NürnbergMesse, the cancellation "reflects the wishes of the industry, which is questioning the dialogue between exhibitors and visitors, which is characterized by intensive technical discussions and partly confidential consultations, under hygiene and distance rules". SerNet and the verinice team are currently considering how the resulting gap can be reasonably closed. Information will be announced in advance on verinice.com.  

The next it-sa will take place from October 12 - 14, 2021 at the NürnbergMesse exhibition center. SerNet and the verinice team are  planning to be on site with partners as usual.

Code name: Unstad

Publication: April 14, 2020

As of now, verinice and verinice.PRO version 1.20 are available for download in the verinice.SHOP or in the customer repository.

With verinice 1.20, the verinice.TEAM provides more than 50 new functions, detail changes and bug fixes.

With verinice 1.20, users receive support for essential tasks in the modernized IT-Grundschutz:

• The update of modelled information networks, which is required annually by the BSI with the publication of a new IT-Grundschutz compendium, is significantly simplified by a guided update functionality (new modelling).
• The implementation of the risk analysis according to BSI standard 200-3 is effectively supported by visualization of outstanding risk analyses as well as high or very high risks requiring action.
• The visualization of the implementation status for each module shows at a glance the degree of fulfillment of the type of procedure.
• IT-Grundschutz audits can be performed, documented and output via report template.

The most important innovations are documented in the release notes.

In a news article published by SerNet we inform about our current status regarding the COVID19 pandemic. We update the article regularly if there are any new developments. We want to keep our customers and partners informed in a transparent manner.

Two new verinice versions will be released in 2020. The dates for the spring and autumn releases have already been set. Features for the respective versions are already collected and presented in the verinice.FORUM.

The following dates are planned:

• verinice 1.20 in week 13 (March 23 to 27, 2020)
• verinice 1.21 in week 45 (2 to 6 November 2020)

In the "Roadmap" category (German only) in the verinice.FORUM, users can take a look at the features planned for the upcoming versions. They can also suggest new features themselves or discuss specifications for already suggested features with the team and other verinice users.

The goal of the early definition and communication of deadlines is to provide planning security and to be able to plan updates of productive verinice systems further ahead. A feature freeze is scheduled one month before the release to ensure an extensive test phase.

A new update 1.19.1 has been released for verinice. The new version fixes an error in the VNA export. verinice and verinice.PRO version 1.19.1 are now available for download in the verinice.SHOP or in the customer repository.

Background: Some data models could not or not completely be exported. The update to verinice 1.19.1 is recommended to all customers who encounter problems when exporting information networks of the modernized IT Baseline Protection.

Please also refer to the detailed release notes for version 1.19 for further information.

The agenda for verinice.XP 2020 is online: SerNet will be hosting the conference for verinice users on 26 and 27 February 2020 in Berlin (Radisson Blu Hotel, Karl-Liebknecht-Strasse 3, 10178 Berlin). Reduced Early Bird tickets are available until 14 December 2019. On 25 February there will also be a workshop day (bookable separately): Altogether four Workshops are dedicated to special topics like the conversion of the modernized IT Baseline Protection, the integration of industry standards and data security in verinice.

Using the early bird phase

Karen Kämpf (Federal Office for Information Security) starts of verinice.XP on February 26 with "Minimum Standards according to §8 Abs. 1 BSIG". Andrea Sudbrock (Chamber of Crafts East Westphalia) sheds light on the interaction of external and internal data security representatives. The "Risk analysis between BSI 200-3 and DIN/ISO 27005" is addressed by Kai Wittenburg (neam IT-Services), followed by Martin Peters (Sec2do) with a lecture on "Migration from BSI 100 to BSI 200". Alexander Koderman (SerNet) takes a look at "IT Baseline Protection around the globe: Cybersecurity Framework and NIST SP 800-53" before the day ends with a social event in the conference hotel.

On 27 February, Susanne Aust ("Modernized IT Baseline Protection using the example of the University Hospital Halle (Saale)") and Thomas Skerhutt (Charité Berlin, "Leap through the worlds - the ISMS as a central node in Europe's largest university hospital") will report from two university hospitals where verinice is in use. Also on the agenda are  "Compliant Data Protection Impact Assessment with verinice.PRO" (Robert Raczynski), the "Partial Automation of Risk Analysis according to ISO 27005 through Integration with SecuriCAD" (Ulrich Heun, CARMAO) and the further development of verinice (verinice product owner Michael Flürenbrock).

Reduced Early Bird tickets for the conference are still available until December 14. These cost 399 euros. Starting from 15.12. the regular price lies with 499 euro. Tickets are available over https://www.verinicexp.org

Workshops for using verinice

Following the success of the last few years, workshops are once again being held ahead of the event, this time with a significantly broader range of topics. To be chosen from:

• Integration of further standards in verinice using the example of B3S for Healthcare (Dirk Brand, SILA Consulting)
• Implementation of the modernized IT Baseline Protection in verinice (Ulf Riechen, Riechen Consulting)
• IT Baseline Protection und Datenschutz: Hand in hand with verinice (Inna Thies, Christopher Büttner & Tessa Witzigmann, Cassini Consulting)
• ISO 27001 and Data Protection Module 3 (Tatjana Anisow & Sirin Torun, SerNet)

The number of participants is limited - fast booking pays off. Participation is also possible independently of attending the conference and costs 450 Euro.

The verinice.TEAM releases verinice 1.19, a version optimized for stability and performance in many respects. More than 50 detail improvements and bug fixes especially improve the areas performance, AD import, task workflow as well as report queries and reporting.

All details about verinice 1.19 can be found in the Release Notes, the new features and functions can be discussed directly with other users and the verinice.TEAM in the verinice.FORUM.

Data protection module 3 with data protection impact assessment and risk analysis

Version 3 of the data protection module supports users in implementing the DS-GVO as of verinice 1.19 in the data protection impact assessment and data protection risk analysis. For the risk analysis, the data protection module was extended by data protection-relevant risk scenarios. For better orientation, the legal texts of the DS-GVO, the recitals and the legal texts of the BDSG (new) are included and linked according to the dependencies. 

In addition to the variant for use in the ISM perspective, data protection module 3 will also be available in a few days in a variant for use in the perspective of modernised IT basic protection. Users can thus directly use the module requirements of the IT-Grundschutz Compendium as TOM.

This module is currently only available in German. By early 2020 an English content version will be published at verinice.SHOP.

IT Basic Protection Profiles

verinice 1.19 optimally supports users of the modernized IT-Grundschutz in the creation and use of IT-Grundschutz profiles. All IT-Grundschutz-Profiles published and licensed by the BSI can be downloaded from the verinice website for import into verinice 1.19 in the coming days.

VDA ISA 4.1.1

verinice 1.19 supports the VDA ISA catalog in version 4.1.1 for TISAX in German and English. In the VDA perspective, users can carry out information security assessments including the additional modules prototypes, third party integration and data protection.

After the 32 bit versions for the Linux operating system were discontinued a few months ago, the end for old Windows operating systems that still run on 32 bit will come soon. The verinice 1.19 released after it-sa 2019 will be the last version to include updates for 32bit Windows. The following version verinice 1.20 will be released in spring 2020 and will then only be released as a 64 bit version, just like under Linux and macOS.

SerNet has already stopped selling the 32 bit version for Windows with immediate effect! Only those who still have 32 bit variants running can get updates until spring 2020. 32 bit users are strongly advised to switch to 64 bit as soon as possible.

The SerNet sales team will be happy to answer any questions you may have about this changeover: By e-mail to sales@remove-this.sernet.com and by telephone at +49.551.370000-0.

The next verinice.XP will take place from February 25th to 27th 2020 in Berlin. In the Radisson Blu Hotel (Karl-Liebknecht-Strasse 3, 10178 Berlin) IT decision-makers, security officers and data protection officers from companies, institutions and authorities will gather. Reduced Early Bird tickets will be available in October at https://verinicexp.org, the Call for Papers is open.

verinice is one of the most widely used tools to support information security management (ISMS tool). With verinice.XP, SerNet GmbH as organizer and publisher of verinice brings together users from all industries on the subject of data protection and IT security. 

This year our partners Cassini, neam and SILA-Consulting are also active as sponsors of the conference and are available for technical discussions. 

Call for Papers started

The Orga-Team of verinice.XP is looking forward to your suggestions and presentations. Especially the topics IT security and data protection as well as their implementation with verinice in general are in demand. Specifically, this can take the form of disputes with the Modernized IT Basic Protection, ISO 2700x, PCI DSS, ISIS 12, special industry standards, etc. A program committee decides on the submitted contributions. This are the members of the committee:

• Michael Flürenbrock (SerNet)
• Volker Jacumeit (DIN e.V.),
• Boban Kršić (CISO DENIC eG),
• Isabel Münch (BSI) and
• Jens Syckor (TU Dresden).

Proposals for lectures should be sent by e-mail to cfp@remove-this.verinicexp.org or can be submitted directly to https://verinicexp.org.

Tickets and Program

Tickets are avaible at https://verinicexp.org . In addition to the daily program, participants of verinice.XP can also participate in the social event. This will take place on the evening of 26 February and is intended to promote the exchange between all participants. The venue will be announced soon.
The agenda for verinice.XP will be published at the end of 2019. In addition to the lectures, there will also be opportunities to talk to the verinice.TEAM and inform yourself about the further development of verinice.

Workshops

On February 25, SerNet will hold several workshops on the topics "ISO 27001", "Modernized IT Basic Protection" and "DS-GVO". Participation in these workshops is possible independently of verinice.XP. The costs are 450 Euro. The detailed agenda for both courses will be published soon.

One quarter after version 1.18, SerNet delivers important enhancements in version 1.18.1, for which we don't want to keep our customers waiting any longer. All details with explanatory screenshots can be found in the Release Notes for verinice. The date for the autumn release is already fixed. verinice 1.19 will be released in week 46 (11th - 15th November 2019).

Risk Analysis - BSI-Standard 200-3

The verinice.TEAM further simplifies the risk analysis in verinice 1.18.1 according to BSI standard 200-3. Risk assessment and risk treatment are no longer documented in the individual requirements or safeguards but directly in the respective threats. 

Users can now evaluate and document the risk directly in the threat with and without additional safeguards before and after any risk treatment for a package of safeguards.

The elimination of the previous documentation per safeguards/requirement and its calculation in the threats reduces the effort considerably. In addition to further bug fixes and detail improvements, the new procedure significantly increases performance.

Reporting

The verinice.TEAM publishes the final versions of the Report Templates for the new IT Baseline Protection, which have already been discussed in the verinice.FORUM in recent weeks, and would like to express its thanks to all testers for their constructive feedback. The new or revised report templates will be released exclusively based on the new LTR technology:

The report templates for the Security Assessments according to VDA ISA / TISAX 4.1.0 can now be generated including the spider web diagrams with SVG support.

With verinice 1.18.1, the report templates Risk Management and Risk Treatment for the ISO/ISM Perspective benefit most from the generation via LTR graph technology - customer tests promise a considerably faster generation of reports.

In addition, all report templates are successively internationalized, each report template file only exists once, and additional language versions are made available by simply adding a translation file.

A small but helpful feature is the option to open reports after creation directly from the confirmation dialog, no searching via the file manager is required.

The report queries themselves have also been optimized through caching and other improvements. In particular, the opening of large LTR datasets in verinice and v.Designer has been significantly accelerated.

Webfrontend

Users of the modernized IT Basic Protection can now access the texts of the IT Baseline Protection Compendium in the web frontend under tasks for requirements, safeguards and threats, which greatly simplifies the implementation of the individual tasks.

Hinweise zum Update

Two important hints for verinice users come with the update:

An automatic update of the clients to versions 1.18 and 1.17 was unfortunately not possible due to a platform change! See our HowTo. The update of the verinice.PRO server to version 1.18 can be done automatically as usua