verinice Risk Catalog (ISO 27001)

This new verinice Risk Catalog (ISO 27001) contains files that can be imported directly into verinice and provides an extensive, detailed catalog of generic threats, vulnerabilities and risk scenarios, which speeds up ISO ISO/IEC 27005:2011 risk analysis. A list of sample assets and processes is also included, which can serve as a basis for particular risk assessments.

This new catalog contains original content from standards ISO/IEC 27002:2013 and ISO/IEC 27005:2011, licenced from ISO via Beuth Verlag. Please refer to the copyright notice at the end of this text. The price of the single user license sold here in the shop is calculated according to the duration in years and number of users. For the "verinice.PRO" version please contact SerNet sales for a graduated offer. Please note that due to Beuth Verlag's licensing requirements, the contents of the original standards can only be read in the program and cannot be exported (PDF, Word, Excel, etc).

See this catalog in action in our screencast!

• 106 generic risk scenarios, applicable to any organization, in the following categories:
  • Data media or document theft
  • Equipment theft
  • User error
  • Software malfunctions
  • Spyware
  • Impersonation
  • Illegal data handling
  • Eavesdropping
  • Altering installed software
  • Spoofing
  • Acts of God
  • Unauthorized equipment use
  • Data tampering
  • Denial of service
  • Loss of important services
  • Denial of activities
  • Equipment destruction

• 318 relations between the above risk scenarios and the ISO/IEC 27001:2013 (Appendix A) controls designed to address those risks. You only have to complete the implementation status of your organization's controls!

• 43 fundamental threats in the following categories
  • Loss of essential services
  • Business process threats
  • Data breach
  • Acts of God
  • Unauthorized acts
  • Physical damage
  • Radiation interference
  • Technical errors
• 87 inherent information processing vulnerabilities in the following categories
  • Hardware
  • Network
  • Organization
  • Staff
  • Software
  • Location
• 121 sample assets (linked to seven basic business processes) in the following categories
  • Hardware
  • Information
  • Network
  • Organization
  • Staff
  • Software
  • Location

• ISO/IEC 27001:2013 implementation assistance: Explanations and support for all 114 controls of the ISO/IEC 27001:2013 Appendix A, their respective objectives, core statements and implementation hints

• List of 50 documents and records mandatory for ISO/IEC 27001:2013 certification. This includes guidance, policies and related documents, whose importance is described in chapters 4-8 of the standard or in the controls of Appendix A.

• Template catalog for an internal audit according to the ISA standard (Information Security Assessment). This facilitates a maturity level-oriented quick audit based on ISO/IEC 27001:2013 / ISO/IEC 27002:2013 even without prior knowledge of the standards.

German mandatory copyright notice by Beuth Verlag:

"Die in dieser Software wiedergegebenen technischen Regeln (DIN-, EN-, ISO- und ISO/IEC-Normen) sind urheberrechtlich geschützt und zur Nutzung im Rahmen dieser Software von der Beuth Verlag GmbH, Berlin, lizenziert. Jede Vervielfältigung der technischen Regeln außerhalb dieser Software, zum Beispiel durch Ausdruck oder Abspeichern, ist untersagt. Die technischen Regeln können bei der Beuth Verlag GmbH (www.beuth.de) erworben werden."