Yes, verinice is permanently developed by the verinice.TEAM:
verinice.EVAL is available for test purposes: This evaluation version is free of charge and is almost feature complete – only the reporting is not included. Thus all the properties of an ISMS tool can be tested. The reporting function is only available in the full version of verinice.
verinice.EVAL is available (for free) at the verinice.SHOP.
verinice is free, open and extensible: this allows you to map any standard with the tool. Already integrated are the BSI IT baseline protection (German and English), ISO 2700x and VDA ISA. Thanks to the extensive import functions it is possible to add further standards and catalogs depending on your requirements.
The standards that can be implemented with verinice include (list not exhaustive):
verinice also allows for a wide variety of German standards to be implemented. Those include e.g.
Please contact us if you want to know if a special standard can be mapped in verinice. Just send an e-mail to our team at verinice@. sernet.de
verinice works with the "BSI-Grundschutzkataloge" (BSI IT Baseline Protection Catalogs) which are free content on the BSI websites. Further, the German BSI has officially permitted the use of "BSI-Grundschutzkataloge" in verinice - for paying a license fee in exchange. The catalogs are integrated in English as well.
Das Verwalten einer Verarbeitungsübersicht (Verfahrensverzeichnis = Verzeichnis der automatisierten Verfahren mit denen personenbezogene Daten verarbeitet werden) nach § 4g II i.V.m. § 4e BDSG ist mit verinice inklusive Berücksichtigung der technisch-organisatorischen Maßnahmen gemäß der Anlage zu §9 BDSG vollständig möglich.
Seit verinice 1.7 ist ein Maßnahmen-Katalog mit technischen und organisatorischen Maßnahmen nach § 9 BDSG gem. IT-Grundschutz oder VDA ISA verfügbar. Ebenso steht ein Report zur Verfügung, der die Ausgabe der Verarbeitungsübersicht nach BDSG inkl. Berücksichtigung der Maßnahmen ermöglicht. (Download der dafür nötigen Report-Vorlage und Beispiel-Organisation)
verinice itself is a tool only for information security management. It assists you to establish, maintain and improve the information security management in your organization. However, network scans are possible with the Greenbone Security Manager (GSM), which transfers results to verinice. The GSM-verinice-linking enables automated responsibility assignment as well as automated success verification via scan updates.
verinice uses a zip file containing the IT Baseline Protection Catalogs. When downloading via Safari this zip file unpacks automatically, so it can not be indicated in verinice.
Disable the automatic unpacking of zip files in Safari: Safari Preferences > General> Open safe files after downloading.
Alternatively, you can use a different browser (such as Chrome / Firefox).
In order to integrate the new IT Baseline Protection Catalog for verinice.PRO immediately, the cache of the application server needs to be emptied. Proceed as follows:
1. Stop the Tomcat server.
2. Delete all contents of the folder /var/cache/tomcat/temp/.
3. Now change the file "veriniceserver-plain.properties". It is located in the directory /usr/share/ tomcat6/webapps/veriniceserver/WEB-INF/ and contains the settings which IT Baseline Protection Catalog should be used (if not already done).
4. Restart the Tomcat server.
The standard language of verinice is the one used by the operating system (recognized by environment variables).
You can change this manually by editing the file <verinice-install-dir>/verinice.ini:
Choose the first entry for Englisch language or the second one for German.
If verinice is installed on Windows 7 or Vista within "C:\Programms\", the update must be executed with administrative rights (see the link). Otherwise the update can't be deployed.
Otherwise the update can't be deployed due to the "VirtualStore" mechanism of Windows Vista / Windows 7:
Alternatively verinice can be installed to a folder, where your normal user has writing permission, e.g. under C:\<User>\.
For getting proper verinice MySQL database dumps under Linux, you should use the MySQL service with the following option in the file /etc/my.cnf.
After editting this file, you should restart the MySQL service.
(Thanks to R. Maczkowsky, m-privacy.de)
To import the data from the application "GSTOOL", you need to know the current port number of the running SQL server. You need this information make the correct settings for importing data from "GSTOOL" into verinice.
The SQL server runs on the system where GSTOOL is installed. Click on "Windows Start" / "Run...". Type "cmd" in the command line. Click on "OK". A new window will appear. There you should type the command: "netstat -a -b". A table with current connections will be shown. Now you have to look for the information about "[sqlservr.exe]". The status information in the third column shows the "LISTEN" information. There you will find the hostname and the port number of the "[sqlservr.exe]". See also the screenshot below.
If you want to set a relation between two types of objects which is not implemented in verinice, you can add it yourself.
The file "SNCA.xml" contains the description of all relation types. Add your missing relation here.
For the standalone version of verinice:
Please enter a new relation as <huirelation>. You will find examples in this file.
Using the CSV-Import-Wizard enables you to import any given object into verinice in table form.
Please have a look at the verinice manual (Chapter 11.6) for further details.