2nd Edition

Tracking the trends and news for IT and IT Security

Paul Davis

Save yourself a future headache with a head start on DORA regulations – Global Security Mag Online

Save yourself a future headache with a head start on DORA regulations – Global Security Mag Online>
– Simon Paterson; CISO
Save yourself a future headache with a head start on DORA regulations September 2023 by [Simon Paterson, CISO at CSI Ltd](mailto:) For many financial businesses, the industry of compliance is becoming more and more complex.With the huge increase in cyber security threats that all companies are facing, and the tightening of cyber insurance criteria, DORA (the EU’s Digital Operational Resilience Act) is one set of regulations financial companies need to be on top of now, even though they don’t come into force until January 2025.And UK companies can’t avoid it – for DORA’s reach extends to basically any enterprise offering information and communications technology (ICT) services that is considered critical to the supply chain supporting the European financial sector — regardless of whether that enterprise or service is based inside the EU.Here are some simple steps to take right now: Scope the project First, it’s important to appoint a DORA project team who will be responsible for looking at the detail of the regulations and establishing how far reaching they are for your organisation.While ICT services offered by third parties, such as Cloud Service Providers (CSPs), can be more resilient than individual firms’ and financial institutions own ICT infrastructure this is not a given.Start your gap analysis We recommend you start assessing through gap analysis how much more your organisation needs to do to comply in three key areas: • Internal threat-led penetration testing (TLPT) where capable • External TLPT three times per year where applicable • Closer management of third-party risks i.e.As part of the FCA’s, the Bank of England’s and the PRA’s operational resilience policies that came into force in March 2022, you should have already identified important business services and set impact tolerances and commenced a programme of scenario testing.This year the PRA is working closely with the FCA to assess firms’ progress, with a focus on their ability to deliver important business services within impact tolerances through severe but plausible scenarios within a reasonable time frame and by no later than March 2025.
Link: https://www.globalsecuritymag.com/Save-yourself-a-future-headache-with-a-head-start-on-DORA-regulations.html

Categories:

Tags: