Skip to content
DWB_Master_Logo_2022-08-05_WithTrademark_Dual_Dark_Web
  • Platform
  • Professional Services
  • Markets
  • News & Views
  • About
    • Company Overview
    • Leadership
    • Partners
    • Careers and Culture
    • Awards
  • Contact
  • Platform Login
  • Platform
  • Professional Services
  • Markets
  • News & Views
  • About
    • Company Overview
    • Leadership
    • Partners
    • Careers and Culture
    • Awards
  • Contact
  • Platform Login
Request a Demo

Request a Demo

    Back to All News
    May 3, 2023-Cybersecurity Risk Management, News, Operational Resilience-Simon Eyre

    Digital Operational Resilience Act (DORA): Bolster your operational resilience today across five pillars

    When the Digital Operational Resilience Act (DORA) comes into effect in January 2025, it will impact 21 covered entities from investment firms to ICT third-party service providers. Is your firm ready? Now is the time to evaluate your preparedness and implement the necessary strategies to ensure compliance ahead of the deadline.

    Unlike previous cybersecurity regulations, GDPR and other requirements, DORA will set a standard across the EU and go beyond cybersecurity risk management to address operational resilience. As disruptions like the ransomware attack on Ion Markets continue to hit the financial services sector, firms realize cybersecurity risk management and operational resilience are imperative to ensure they can quickly respond to any business disruption with minimum downtime.

    Every firm should be familiar with DORA’s five pillars of resilience, understand how their cybersecurity and resilience programs measure up, and prepare now for necessary upgrades needed ahead of the deadline. Is your firm ready to meet these five pillars?

    1. ICT Risk Management – Evaluating your written cybersecurity policies and identifying any gaps in the classification of critical functions, threat detection and disaster recovery plans. Firms can then create a framework that outlines strategies, policies and procedures to secure ICT assets and the offline infrastructure supporting them. This is not a one-time exercise – it should be continuously improved on the basis of lessons derived from implementation and monitoring.
    2. ICT-related Incident Management – Assessing reporting ability and building out policies and processes to streamline tasks. Under DORA, firms must classify and log ICT incidents and identify major incidents as well as report incidents.
    3. Digital Operational Resilience Testing – Conducting appropriate tests such as vulnerability assessments and scans, open source analyses, network security assessments, gap analyses, physical security reviews, questionnaires and scanning software solutions, source code reviews where feasible, scenario-based tests, compatibility testing, performance testing, end-to-end testing and penetration testing to satisfy compliance requirements ahead of the deadline. To remain compliant, you’ll need to ensure tests are undertaken by independent parties, whether internal or external and be able to identify and mitigate risks and perform Threat–Led Penetration Testing (TLPT) for services that impact critical functions.
    4. ICT Third-Party Risk Management – Ensuring that internal and third-party systems are secure. Now is the time to begin engaging with your third parties to identify risk management practices in place and strengthen operational resilience.
    5. Information Sharing – DORA promotes information sharing across financial entities and regulatory authorities. But there’s no need to wait for the deadline. Businesses can begin to share critical information on threats and vulnerabilities with their peers today through membership with organizations including FS-ISAC and CiSP or directly through Drawbridge.

    DORA is the latest in ongoing efforts by regulators to ensure firms that service financial markets have the right defenses to mitigate cyber-attacks and ensure business resilience. To meet and exceed the five pillars of DORA, firms must work with a partner that uniquely understands the intricacies of the financial markets and how operational resilience and cybersecurity intersect. With the right partner and internal controls in place, firms can ensure their business is prepared to navigate unforeseen business disruptions and can keep themselves and the wider industry safe from future turbulence.

    To learn more about what your firm can do today to ensure compliance before the DORA deadline, reach out to the Drawbridge experts. DORA will require significant due diligence – is your firm’s operational resilience program ready?

    Tags:

    Cybersecurity Risk Management, News, Operational Resilience
    DWB_Master_Logo_2022-08-05_WithTrademark_White_Dual_Dark_Web

    Platform

    • Holistic Program Management

    • Vulnerability Management

    • Vendor Due Diligence

    • Portfolio Company Due Diligence

    • Cyber Risk Assessment

    • Regulatory Assessment

    • Cloud Security Assessment

    • Dark Web Monitoring

    • Penetration Testing

    Professional Services

    • Let’s Get Started

    • Cybersecurity Training

    • Cybersecurity Advisory

    • Policy Creation & Gap Analysis Advisory

    • Data Privacy

    • Business Continuity

    Markets

    • Private Equity, Venture Capital & Portfolio Companies

    • Hedge Funds

    • Family Offices & Asset Managers

    • Asset Allocators and Owners

    News & Views

    • Alerts

    • Awards

    • Media

    • Press Releases

    • Thought Leadership

    About

    • Company Overview

    • Leadership

    • Partners

    • Awards

    • Careers and Culture

    • Contact

    © 2023 Drawbridge. All Rights Reserved.

    Privacy Policy   |   Diversity Statement   |   Platform Login

    Cleantalk Pixel
    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
    CookieDurationDescription
    cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
    cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
    cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
    cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
    cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
    viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
    Functional
    Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
    Performance
    Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
    Analytics
    Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
    Advertisement
    Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
    Others
    Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
    SAVE & ACCEPT
    Scroll To Top