SerNet/verinice 1.26.0 on GitHub

Risk Catalog ISO/IEC 27001:2022

With verinice 1.26 it is planned to publish the verinice risk catalog based on the new ISO/IEC 27001:2022.

The object Control will be extended by the new Attributes for this purpose:

Measure type is an attribute for the view of measures from the point of view of when and how a measure changes the risk in relation to the occurrence of an information security incident.
Information Security Properties is an attribute for viewing measures from the standpoint of what protection goal the measure is intended to support. Cybersecurity Concepts looks at measures from the perspective of how measures map to the cybersecurity framework described in ISO/IEC TS 27110. Cybersecurity Framework.
Operational Capabilities considers measures from the perspective of their operational information security capabilities and supports a practical user view of the measures.
Security Domains are an attribute that allows measures to be viewed from the perspective of four information security domains.

Risk reports can be more easily customized by changing the risk parameters in the report templates to meet customer-specific requirements.

The icon decorator for risk analysis in the modernized IT Baseline Protection are displayed independently of the authorization (action ID).
Risk configuration is displayed.
The incorrect CSV import of business processes in modernized IT Baseline Protection has been fixed.
Filtering takes into account objects that have multiple change types.

In report A.1 Structural Analysis with Dependencies all linked objects are now displayed.
In the report A.5 Risk Analysis all information about the information network is listed correctly.
In the ISM report templates Risk Analysis and Risk Treatment, missing translations have been added.

Fixed a bug that overwrote column names in report queries (encoding of the CSV-export can be specified in the settings).