Services
DORA
(Digital Operational Resilience Act)
The Digital Operational Resilience Act (DORA) is an EU regulation that came into force on January 16, 2023, and will be applicable from January 17, 2025. The primary aim of DORA is to enhance the IT security of financial institutions such as banks, insurance companies, and investment firms, as well as their Information and Communication Technology (ICT) service providers. The regulation aims to ensure the operational resilience of these entities in the face of potential digital incidents.
One of the main components of DORA regulation is the requirement to conduct Threat-Led Penetration Testing. Due to the high complexity of TLPT tests and the risks involved in conducting them in a live production environment, TLPT testing should only be carried out by top-tier experts. Securitum has been working with leading financial institutions in Poland and abroad for years, delivering the highest quality of services. Our team meets all the requirements outlined in Article 5 of the regulatory technical standards for TLPT testing.
To ensure the completeness of the TLPT service, Securitum operates with two key, independent teams working in three phases:
Threat Intelligence Provider (TIP) Team
As a TIP, we gather intelligence data and analyze available public sources and other information to create a detailed report on Targeted Threat Intelligence (TTI). This report provides a comprehensive picture of potential threats and attack vectors. Based on these analyses, we prepare the attack scenarios for the Red Team.
Red Team (RT)
After completing the threat intelligence assessment, we provide full-scope, multi-layered attack simulation which measures how well your organization's employees, networks, applications, and physical security controls can handle real-life attack scenarios.
After completing the audit, we will provide you with key information about the current technical security level of your organization. We will highlight areas that need improvement and present specific recommendations for corrective actions during joint, Purple Team Workshops, alongside your cybersecurity team. Our recommendations are designed to strengthen your security measures, reduce risks, and enhance the overall digital resilience of your organization.
FAQ
Q:
How can Securitum help me meet DORA requirements?
We can help you meet DORA requirements by providing comprehensive Threat-Led Penetration Testing services that assess your organization's cybersecurity measures and resilience against potential cyber threats.
Q:
What’s the difference between DORA and NIS2?
DORA is a lex specialis of NIS2, offering specific policies designed to strengthen the digital operational resilience of the financial sector. Its goal is to ensure that financial entities can protect themselves and provide uninterrupted services to customers, even in the event of a cyberattack.
Q:
What is the difference between TLPT and regular penetration testing?
While regular penetration tests focus on detecting common vulnerabilities in systems, TLPT tests are focused on simulating real-world threat scenarios that could be used by cybercriminal groups.
Q:
How often should TLPT tests be conducted?
According to DORA, TLPT tests should be conducted at least once every three years. However, it is recommended to perform them more frequently if there are significant changes or upgrades to IT systems.
Q:
In which language can the audit process be conducted?
The audit process can be carried out in either Polish or English, depending on the client's needs and preferences. The final report is also provided in the chosen language.
Q:
How long do TLPT tests take?
The duration of TLPT tests depends on the scope of the audit and the complexity of the system being tested, in agreement with the contracting organization and the supervisory body. According to DORA, the intelligence phase lasts approximately 10 weeks, and the Red Team phase lasts at least 12 weeks.
