PCI DSS - English - ISM Edition
The Payment Card Industry Data Security Standard (PCI DSS) was developed to improve the security of cardholder data and facilitate the widespread adoption of uniform data security measures around the world. The PCI-DSS provides basic technical and operational requirements to protect cardholder data. The PCI-DSS applies to all entities involved in the processing of payment cards - including merchants, processors, clearing houses, card issuers and service providers, and other entities that store, process or share CHD (Cardholder Data) and/or SAD (Sensitive Authentication Data). © 2006-2018 PCI Security Standards Council, LLC. All rights reserved
Product Information
Using PCI DSS in verinice.
Your benefit at a glance
With the product verinice PCI DSS you receive numerous benefits:
tool-supported verification of compliance with PCI DSS requirements
Possibility of convenient mapping with proven requirements from other standards or laws, such as the GDPR, HIPAA, ISO 27001 and others, in order to avoid redundancies with the aim of an integrated management system
Facilitate and save time in processing and verifying compliance. The product contains the entire PCI-DSS requirements. This allows you to skip the time-consuming and tedious part of the work and use your time productively for assessing compliance in your organisation.
You can store the responsibilities in verinice and delegate individual requirements to the responsible person(s), so that you can work on the assessment together with your colleagues.
Reports provide you with meaningful overviews of the status quo in your organisation.
Scope of delivery
The download (.ZIP format) contains:
the verinice PCI DSS as .VNA file for import into verinice version 1.22 and higher.
a manual in PDF format.
Further information
Discussion in the verinice.FORUM: https://forum.verinice.com/
Videos on YouTube: https://www.youtube.com/c/verinice/videos
Authorship and copyright
Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 - May 2018: © 2006-2018 PCI Security Standards Council, LLC. All rights reserved.
verinice PCI DSS © 2020 SerNet Service Network GmbH Bahnhofsallee 1b 37081 Göttingen
€499.80
Net price: €420.00
verinice Risk Catalog (ISO 27001 / NIS2)
The NIS2 verinice Risk Catalog (ISO/IEC 27001:2022) - ISM Edition is available for download in the verinice.SHOP or in the customer repository for use in verinice from version 1.26.
The new NIS2 verinice risk catalog (ISO/IEC 27001:2022) is a file that can be imported directly into verinice and provides a comprehensive catalog of generic yet detailed threats, vulnerabilities and risk scenarios. It speeds up the risk analysis considerably. Also included is a list of sample assets and processes that can serve as a basis for your own risk assessment.
The original verinice risk catalog has been expanded to include requirements for important NIS2 facilities, which have been linked to suitable ISO/IEC 27001:2022 requirements. Based on the link type in verinice, it can be seen whether ISO/IEC 27001:20222 includes the NIS2 requirements or whether NIS2 goes beyond ISO/IEC 27001:20222 requirements.
Thanks to the cooperation with the VDMA, this mapping can be used as a working basis in verinice and can be individually adapted or extended.
NIS2 verinice Risk Catalog (ISO/IEC 27001:2022) - ISM Edition
This catalog contains original content from standards ISO/IEC 27001:2022, ISO/IEC 27002:2022 and ISO/IEC 27005:2022, licenced from ISO via Beuth Verlag. Please refer to the copyright notice at the end of this text. The content has been expanded to include the requirements of NIS2 - DIRECTIVE (EU) 2022/2555 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL.The price of the single user license sold here in the shop is calculated according to the duration in years and number of users. For the "verinice.PRO "verinice.PRO" version please contact SerNet sales SerNet-Vertrieb for a graduated offer. Please note that due to Beuth Verlag’s licensing requirements, the contents of the original standards can only be read in the program and cannot be exported (PDF, Word, Excel, etc). See this catalog in action in our screencast (https://verinice.com/events/media/)!
Your benefits at a glance
The new NIS2 verinice Risk Catalog - ISM Edition is a file (or optionally a second file based on the DIN ISO/IEC 27001:21017 standard) that can be imported directly into verinice and contains a comprehensive catalog of generic yet detailed threats, vulnerabilities and risk scenarios. The risk catalog also contains both the management requirements from chapters 4 to 10 and the controls from Annex A of ISO/IEC 27001:2002, including the extension to include the NIS2 requirements. In addition, you will also find placeholders for required documents that may be necessary for an ISMS.
verinice enables the collection of all information assets that are mandatory for certification and risk analysis. Assets are already predefined in this catalog.
Also included is a list of processes that can be used as a basis for your own risk analysis. The application of the PDCA cycle for all processes of the ISMS can be consistently implemented and verified with verinice.
The technical rules (DIN, EN, ISO and ISO/IEC standards) reproduced in this software are protected by copyright and licensed for use within the scope of this software by Beuth Verlag GmbH, Berlin. Any reproduction of the technical rules outside this software, for example by printing or saving, is prohibited. The technical rules can be purchased from Beuth Verlag GmbH (www.beuth.de).
scope of delivery / product content
The risk catalog is provided as an encrypted, ZIP-compressed verinice archive (.lic.vna) that you can unzip to a location of your choice and then import. In the unpacked folder you will find
The sample organization (VDMA_NIS2_Mapping_to_verinice_Risk_Catalogue_according_to_ISO_IEC_270012022_EN.lic.vna) based on ISO/IEC 27001:2022 for use in the ISM/ISO perspective.
A manual in PDF format.
For the implementation of the requirements in verinice, you must work within the ISM perspective and can therefore also use the standard functions of verinice. Please note that for the concrete work with the module you might also need the verinice manual as well as the original standards of ISO/IEC 27001:2022, ISO/IEC 27002:2022 and ISO/IEC 27005:2022.
180 generic risk scenarios, applicable to any organization, in the following categories:
Physical Damage
Inadequate Maintenance or Replacement
Unstable Power Grid and Other Electrical Issues
Staffing and Operational Issues
Telecommunication Failures
Cyber Attacks and Exploits
Information Theft and Disclosure
Tampering and Unauthorized Usage
Legal Violations and Insufficient Security Measures
Resource and Service Provider Failures
Violation of compliance requirements
Over 1000 relations between the above risk scenarios and the ISO/IEC 27001:2022 (Appendix A) controls designed to address those risks. All you need to do is complete the implementation status of your organization’s controls and adjust the relations as needed!
60 fundamental threats in the following categories
Compromise of functions or services
Human actions
Infrastructure failures
Natural threats
Organizational threats
Physical threats
Technical failures
Compliance infringements
84 inherent information processing vulnerabilities in the following categories
Hardware
Network
Organization
Personel
Site
Software
Compliance vulnerabilities
147 sample assets (linked to seven basic business processes) in the following categories
Hardware
Information
Network
Organization
Personnel
Software
Location
Support for the implementation of ISO/IEC 27001:2022, Annex A: Explanations and assistance for all 93 controls from ISO/IEC 27002:2022 with their purpose, guidance and other information.
In a separate group, you will find 24 NIS2 requirements that are linked to corresponding ISO/IEC 27001:2022 requirements and are therefore integrated into the sample organization. As ISO/IEC 27001:2022 requirements are linked to risk scenarios, NIS2 requirements are indirectly taken into account in the risk analysis.
List of 60 documents and records mandatory for ISO/IEC 27001:2022 certification. This includes placeholders as a checklist for guidelines, policies, and related documents required by chapters 4 through 10 of the standard or by the controls in Annex A.
Template catalog for an internal audit according to the ISA standard (Information Security Assessment). This facilitates a maturity level-oriented quick audit based on ISO/IEC 27001:2015 even without prior knowledge of the standards.
The VDA ISA standard in version 5.1 still references the old version of ISO 27001:2015. As soon as the VDA has revised the ISA standard, it will also be updated in the verinice Risk Catalog.
German mandatory copyright notice by Beuth Verlag: "Die in dieser Software wiedergegebenen technischen Regeln (DIN-, EN-, ISO- und ISO/IEC-Normen) sind urheberrechtlich geschützt und zur Nutzung im Rahmen dieser Software von der Beuth Verlag GmbH, Berlin, lizenziert. Jede Vervielfältigung der technischen Regeln außerhalb dieser Software, zum Beispiel durch Ausdruck oder Abspeichern, ist untersagt. Die technischen Regeln können bei der Beuth Verlag GmbH (www.beuth.de) erworben werden."
Further information
Discussion in the verinice.FORUM: https://forum.verinice.com/
Videos on YouTube: https://www.youtube.com/c/verinice/videos
Publisher
Beuth Verlag GmbH Saatwinkler Damm 42/43 13627 Berlin
SerNet Service Network GmbH Bahnhofsallee 1b 37081 Göttingen
Copyright
© 2022 DIN Deutsches Institut für Normung e. V. Saatwinkler Damm 42/43 13627 Berlin
© 2023 SerNet Service Network GmbH Bahnhofsallee 1b 37081 Göttingen
€649.74
Net price: €546.00