Implementing DORA

I had an interesting ISC² security briefing on DORA The Digital Operational Resilience Act and would like to summarize it for you.

DORA is one of the upcomming european regulatory frameworks to help harmonize how different EU member states´ financial supervisors address ICT risk.

Not everything in this field is already coverd by VAIT, BAIT or KAIT. So it´s a good idea to already start your preperation. There are for example some additional messurements how to handle your 3rd party vendor´s security controls. Together with your outsourcing partner you have to dive deeper into the following topics, addressed by DORA more detailed in difference former regulatory frameworks:

1. governance to create IT resilience 
2. IT risk management
3. reporting obligations of IT incidents
4. review of IT resilience
5. dealing with risks from third-party IT providers
6. information sharing on cyber threats between financial firms

It´s not about finding DORA, it’s more the other way around.

Disney®, Pixar® and Finding Dory are registered trademarks of Disney Enterprises, Inc.