Category: DORA Regulation

  • DORA blog series #4

    #4 ICT services supporting Critical or Important Functions The DORA regulation requires financial entities to adequately manage the risk of outsourcing critical or important functions to third-party ICT service providers.  This makes sense.  Whilst a financial organisation can transfer some of its operational risk to third parties, compensated by contractual penalties, ultimately the financial entity… Read more

  • DORA blog series #3

    #3 Incident response As security professionals, we spend the majority of our time bolstering defences and trying to detect breaches. This approach will give us the best return on investment, by reducing our risk of a potential financial loss and reputational damage. However, the odds of being able to stop all attacks and data leaks… Read more

  • DORA blog series #2

    #𝟮 𝗔𝗿𝗲 𝘆𝗼𝘂 𝗗𝗢𝗥𝗔 𝗼𝗿 𝗡𝗜𝗦𝟮? News outlets have widely covered the Network and Information Security Directive (NIS2) recently, as the compliance deadline was on the 17th October 2024.  However, only a handful of European Union member states have integrated the NIS2 directive into the national legislature – so, another soft deadline. NIS2 covers obviously… Read more

  • DORA blog series #1

    #1 Another European cyber regulation … not quite. The Digital Operational Resilience Act (DORA) comes into force in January 2025 for financial entities operating in Europe, and their ICT suppliers.  Whilst most are expecting a soft launch, being resilient is not a quick fix. In this first post in my series on the DORA regulation,… Read more