The regulation enforces a top-down approach placing ICT risk responsibility within the management team and making them responsible for defining risk tolerance, business continuity, disaster recovery, budget allocation, understanding of incident's impact, setting roles and responsibilities, etc.
The framework enforces – from an operational level – a number of requirements to ensure effective risk management:
DORA enforces not only an agile and effective incident management, but also collaboration at the EU level.
This section of the regulation focuses on three main areas:
DORA requires organisations to have an effective, risk-centric and independent testing programme.
It defines two types or testing:
Interestingly, DORA covers the supply chain security and the impact that it may have on organisations.
This area of the regulation covers three main ideas:
The final area of the regulation requires voluntary exchange amongst financial entities of cyber threat information and intelligence in trusted communities, including indicators of compromise, tactics, techniques and procedures.
In partnership with threat intelligence market leaders SecAlliance, we provide customised solutions to help you maximise this opportunity and benefit from the collective intelligence of the community.
Thank you!
Please try again later.