DORA and the Future of Digital Resilience

1. Understanding DORA

• Introduction

• What is DORA?

• Differentiation between Acts and Directives

• Origins, objectives, and goals of DORA

‍

2. Core Framework Overview

• Analytical exploration of DORA’s Five Pillars

• Benefits of adopting the DORA framework

‍

3. Scope and Application

• Entities affected by DORA

• Key impacts on financial systems

• Regulatory compliance and cross-border applicability.

‍

1. Legal Framework of Operational Resilience

• Introduction and Purpose

• Evaluation of proportionality measures

• Challenges in Implementing Proportionality

• A comprehensive implementation of DORA for organisations and enterprises

‍

2. Regulatory Obligations

• Overview of DORA compliance mandates.

• Comparative analysis of DORA with related legislative frameworks

‍

3. Legal Implications of Non-Compliance

• Penalties and Enforcement Mechanisms

• Challenges of Implementing DORA

• Importance of Adhering to EU-Wide Standard

‍

1. Introduction

‍

2. Lifecycle of ICT risk management

• Risk Identification

• Risk Assessment

• Mitigation

• Monitoring and Review

• Communication and Reporting

• Business continuity and disaster recovery

• Continuous Improvement

‍

3. Integrating DORA Metrics

• Relationship between DORA metrics and ICT risk management

• Overview of key DORA metrics:

o Mean Time to Detect (MTTD)

o Mean Time to Resolve (MTTR)

o Deployment Frequency

o Change Failure Rate

• Areas for DORA Metrics

‍

4. Risk assessment models

‍

5. Strategies for proactive mitigation

‍

6. Aligning mitigation strategies with operational resilience goals

‍

7. Enhancing monitoring through automated tools

‍

8. Key Benefits of ICT risk management

‍

9. Case studies showcasing successful implementation

‍

10. Conclusion

‍

1. Introduction

‍

2. What is ICT-related incident management?

‍

3. Incident Management Frameworks

• ITIL (Information Technology Infrastructure Library)

• NIST Incident Response Framework

• ISO/IEC 27035

‍

3. Importance of adopting a framework for consistency and compliance

‍

4. ICT incidents under DORA

‍

5. Reporting thresholds

‍

6. Mandatory timelines

‍

7. Challenges in Incident Reporting

‍

8. Tools and Techniques

‍

9. Understanding the Cyber Threat Landscape

‍

10. Incident Management Process

• Preparation

• Detection and Reporting

• Assessment and Containment

• Resolution and Recovery

• Post-Incident Review

‍

11. Communication strategies during an incident

• Internal communication

• External communication

• Tools & Channels

‍

12. Integration with Business Continuity Planning

• Why integrate?

• Business Impact Analysis

• Crisis Management Protocols

‍

13. Benefits of Effective ICT Incident Management

‍

1. Introduction

‍

2. General requirements and frequency

‍

3. Types of resilience tests

‍

4. Test Reporting

‍

5. Tools and techniques

‍

6. Planning and conducting tests

‍

7. Third-Party & Supply Chain Resilience Testing

‍

8. Future Trends & Evolving Threat Landscape

‍

9. Conclusion

‍

1. Importance of Third-Party Oversight

• Risks and challenges of third-party ICT dependencies

• Lack of Visibility

• Supply chain risks

• Regulatory provisions for managing third-party relationships

‍

2. Union-Level Oversight Framework

• Monitoring Critical ICT Providers

• Criteria for designating critical providers

‍

3. Best Practices in Managing ICT Dependencies

• Establishing robust relationships and oversight practices

• Practical steps for vendor risk management.

‍

1. Governance and Cybersecurity Culture

• Governance Structures under DORA

• Importance of fostering a cybersecurity-aware culture within organizations

• Organizational Benefits of Cybersecurity Awareness

• Metrics to Measure Awareness Levels

• Promoting a Cyber-Aware Culture

‍

2. Mechanisms for Information Sharing

• Trusted Networks for Threat Intelligence

• Practical Threat Intelligence Sharing

• Overcoming Challenges

• Cooperation with Authorities and Joint Exercises

• Joint Cybersecurity Exercises

‍