Digital Operational Resilience Act (DORA)
With the DORA Regulation, the European Union has created a regulation for the financial sector on cyber security, ICT risks and cyber resilience. According to Chapter IV “Digital operational resilience testing “, an important component of this is the regular performance of security checks such as vulnerability scans, penetration tests and red team assessments. A distinction is made between “Testing of ICT tools and systems” and ” Advanced testing […] based on TLPT”.
Testing of ICT tools and systems
All companies affected by DORA, with the exception of microenterprises (less than 10 employees and less than 10 million euros in annual turnover), are obliged to carry out tests at least once a year. The tests must be carried out on “all ICT systems and applications supporting critical or important functions”.
As a provider of penetration tests with over 10 years of experience, NSIDE is the right partner to carry out regular tests in accordance with DORA. Please feel free to contact us for advice. This includes penetration tests, source code analyses or vulnerability scans, for the latter we are also happy to advise you on your own setup.
Advanced testing based on TLPT
“Threat-Led Penetration Tests”, which were first defined in the document “G-7 Fundamental Elements for Threat-Led Penetration Testing”, describe threat intelligence-driven Red Team Assessments, as already defined in TIBER. DORA is very much based on the TIBER framework, but has its own legally binding elaboration. However, the operationally relevant deviations are minor.
As a TIBER Red Team Provider with over 10 years of experience in general Red Team Assessments, NSIDE is the right partner to carry out Threat-Led Penetration Tests for you. Please do not hesitate to contact us for advice.