Services
DORA
(Digital Operational Resilience Act)
The Digital Operational Resilience Act (DORA), is a set of European Union regulations aimed at secure digitisation and ensuring the security of the financial sector against digital threats. DORA aims to ensure that all parties involved in the financial sector have taken adequate security measures to counter cyber attacks and other ICT incidents.
The analysis should comprehensively examine several critical aspects, including the effectiveness of the risk management system and the overall quality of cybersecurity measures implemented across IT systems and infrastructure. It is essential to guarantee a high standard of operational digital resilience. In particular, the analysis provided by Securitum focuses on evaluating the effectiveness of these cybersecurity measures. It assesses a broad spectrum of factors to determine the overall quality of the cybersecurity protocols in place. Specifically, the analysis encompasses an in-depth evaluation of the following elements:
IT systems (apps like: WWW, mobile, desktop),
Infrastructure (LAN, WAN, WiFi, Cloud),
Vulnerability assessment and regular security scanning, to ensure a high level of operational digital resilience.
As part of the zero audit, in line with the requirements of the DORA regulation and focusing solely on security testing, we will conduct a detailed assessment of the current security status in the following areas:
a) Penetration Testing – We will simulate attacks to see how effectively your IT systems can resist various types of external and internal threats. These tests will reveal potential vulnerabilities that could be exploited by cybercriminals.
b) Vulnerability Assessment – We will review the configurations of your systems and applications to identify known weaknesses that could be used to breach data security or system integrity.
c) Application Security Evaluation – We will focus on evaluating the security of the applications used in your organization, including their source code and security features, to ensure they are protected against attacks like SQL injection or Cross-Site Scripting (XSS).
d) DDoS Attack Resilience Testing – We will check how your IT infrastructure handles Distributed Denial of Service (DDoS) attacks, which can disrupt the functioning of your systems or applications.
e) Network Security Audit – We will assess whether your network security measures are adequate by analyzing the configurations of firewalls, intrusion detection systems, and other protective mechanisms to ensure they effectively guard against unauthorized access.
After completing the audit, we will provide you with key information about the current technical security level of your organization. We will highlight areas that need improvement and present specific recommendations for corrective actions. Our suggestions will aim to strengthen your security measures, reduce risks, and enhance the overall digital resilience of your organization.
FAQ
Q:
Does my company come under the requirements of DORA?
Under the DORA regulation, the following types of companies are subject to the regulation:
- Credit, payment and e-money institutions Investment firms
- Crypto-asset service providers – CASPs
- Markets in Crypto-Assets Regulation (MiCA)
- Issuers of asset-referenced tokens
- Central Securities Depositories (CSDs)
- Central Counterparties (CCPs)
- Trading venues
- Trade repositories
- Alternative investment fund managers (AIFMs)
- Management companies
- Data reporting service providers – AIS
- Insurance and reinsurance undertakings
- Insurance and reinsurance intermediaries
- Institutions for occupational retirement pensions
- Credit rating agencies
- Statutory audit and audit firms
- Administrators of critical benchmarks
- Crowdfunding service providers
- Securitisation repositories
- ICT third-party service providers, FinTech
Q:
How much does the DORA analysis cost?
Contact us to choose the best option for you. We take an individual approach to a project. We will analyze your case and prepare a suitable proposal. Our e-mail address: securitum@securitum.com
Q:
How can Securitum help me meet DORA requirements?
We will help you identify whether DORA requirements apply to you and conduct a security audit in accordance with DORA requirements.
Q:
What’s the difference between DORA and NIS2?
DORA and NIS2 are being implemented for a slightly different purpose. NIS2 addresses the global level of cyber security in the EU. It aims to ensure that companies and organisations that are most important to the effective running of society achieve a high level of digital security.
DORA aims to strengthen the digital operational resilience of the entire financial sector. It aims to bring financial entities to a point where they can protect themselves and provide their services to customers uninterrupted even in the event of a cyber attack.
Q:
When must the DORA recommendations be implemented?
According to Article 64, the time to implement the DORA recommendations ends in January 2025.
