Simplify your DORA compliance – Exaface

Oct 3, 2024

DORA wants to stop Swiper from swiping…

Unfortunately, saying it three times is not enough to make it happen in cybersecurity.

A European law was therefore needed to regulate the operational resilience of the financial sector: DORADigital Operational Resilience Act”.

The ambition is much broader than IT or Cyber risk since we are talking here about operational risk, however the most important advances relate to ICT (Information and Communication Technologies).

Financial sector = banks ?

No: it includes the ecosystem of insurance companies, credit institutions, services related to crypto assets, investment companies, crowdfunding service providers, among others.

Notably, IT service providers are also affected.

What objectives?

  • Strengthen IT risk management
  • Communicate on major incidents linked to ICT (IT INCLUDING Cyber)
  • Organize the sharing of this information
  • Testing the digital operational resilience of entities
  • Cover risks introduced by third-party IT service providers

What deadlines ?

On January 17, 2025, DORA will have to be transposed by EU member states.

TI, TLPT, pooled TLPT, joint TPLT… How to manage DORA’s technical requirements for testing tools and systems?

Exaface helps address the following issues:

  • Mapping and monitoring of ICT functions exposed on the Internet (EASM)
  • Continuous assessment of the security level of the entity and group (CTEM)
  • Third-party security assessment (TPRM)
  • Recovery of threat indicators linked to attack campaigns in preparation (CTI)
  • Strengthening security through the action plan to correct vulnerabilities (VM)

It is possible to couple these services with penetration tests (pentests) carried out by DSecBypass senior consultants in order to be compliant with article 22:

“full range of appropriate testing, including vulnerability assessments and scans, open source software scans, network security assessments, gap scans, physical security reviews, questionnaires and scanning software solutions , source code reviews where possible, scenario-based testing, compatibility testing, performance testing, end-to-end testing or penetration testing”

Are you affected by DORA? Contact us to discuss the subject and discover our security services and products.

CONTACT US