verinice Risk Catalog (ISO 27001)

This catalog contains original content from standards ISO/IEC 27001:2022, ISO/IEC 27002:2022 and ISO/IEC 27005:2022, licenced from ISO via Beuth Verlag. Please refer to the copyright notice at the end of this text. The price of the single user license sold here in the shop is calculated according to the duration in years and number of users. For the "verinice.PRO "verinice.PRO" version please contact SerNet sales SerNet-Vertrieb for a graduated offer. Please note that due to Beuth Verlag’s licensing requirements, the contents of the original standards can only be read in the program and cannot be exported (PDF, Word, Excel, etc). See this catalog in action in our screencast (https://verinice.com/events/media/)!

The technical rules (DIN, EN, ISO and ISO/IEC standards) reproduced in this software are protected by copyright and licensed for use within the scope of this software by Beuth Verlag GmbH, Berlin. Any reproduction of the technical rules outside this software, for example by printing or saving, is prohibited. The technical rules can be purchased from Beuth Verlag GmbH (www.beuth.de).

The risk catalog is provided as an encrypted, ZIP-compressed verinice archive (.lic.vna) that you can unzip to a location of your choice and then import. In the unpacked folder you will find

For the implementation of the requirements in verinice, you must work within the ISM perspective and can therefore also use the standard functions of verinice. Please note that for the concrete work with the module you might also need the verinice manual as well as the original standards of ISO/IEC 27001:2022, ISO/IEC 27002:2022 and ISO/IEC 27005:2022.

180 generic risk scenarios, applicable to any organization, in the following categories:

Over 1000 relations between the above risk scenarios and the ISO/IEC 27001:2022 (Appendix A) controls designed to address those risks. All you need to do is complete the implementation status of your organization’s controls and adjust the relations as needed!

60 fundamental threats in the following categories

84 inherent information processing vulnerabilities in the following categories

147 sample assets (linked to seven basic business processes) in the following categories

Support for the implementation of ISO/IEC 27001:2022, Annex A: Explanations and assistance for all 93 controls from ISO/IEC 27002:2022 with their purpose, guidance and other information.

List of 60 documents and records mandatory for ISO/IEC 27001:2022 certification. This includes placeholders as a checklist for guidelines, policies, and related documents required by chapters 4 through 10 of the standard or by the controls in Annex A.

Template catalog for an internal audit according to the ISA standard (Information Security Assessment). This facilitates a maturity level-oriented quick audit based on ISO/IEC 27001:2015 even without prior knowledge of the standards.

The VDA ISA standard in version 5.1 still references the old version of ISO 27001:2015. As soon as the VDA has revised the ISA standard, it will also be updated in the verinice Risk Catalog.

German mandatory copyright notice by Beuth Verlag: "Die in dieser Software wiedergegebenen technischen Regeln (DIN-, EN-, ISO- und ISO/IEC-Normen) sind urheberrechtlich geschützt und zur Nutzung im Rahmen dieser Software von der Beuth Verlag GmbH, Berlin, lizenziert. Jede Vervielfältigung der technischen Regeln außerhalb dieser Software, zum Beispiel durch Ausdruck oder Abspeichern, ist untersagt. Die technischen Regeln können bei der Beuth Verlag GmbH (www.beuth.de) erworben werden."

Discussion in the verinice.FORUM: https://forum.verinice.com/

Videos on YouTube: https://www.youtube.com/c/verinice/videos

Beuth Verlag GmbH
Saatwinkler Damm 42/43
13627 Berlin

SerNet Service Network GmbH
Bahnhofsallee 1b
37081 Göttingen

© 2022
DIN Deutsches Institut für Normung e. V.
Saatwinkler Damm 42/43
13627 Berlin

© 2023
SerNet Service Network GmbH
Bahnhofsallee 1b
37081 Göttingen