Article Summary
The Digital Operational Resilience Act (DORA) introduces new cybersecurity testing requirements for covered financial entities within the EU. These entities will need to regularly test their ICT systems to stay compliant with DORA. The testing can be divided into two core types: general testing and red teaming. General testing includes penetration testing, vulnerability scanning, and source code review. Red teaming, also known as Threat-Led Penetration Testing (TLPT), is a more advanced form of testing that uses real-world attack simulation. This type of testing is required for critical financial entities designated by national authorities.
What This Means for You
- Understand the new cybersecurity testing requirements under DORA and how they affect your organization.
- Implement regular testing of ICT systems, including penetration testing and vulnerability scanning, to ensure compliance with DORA.
- If designated as a critical financial entity, prepare for Threat-Led Penetration Testing (TLPT) every three years and ensure compliance with TIBER-EU testing methodology.
- Work with reputable and accredited external testing providers, such as CREST-approved pen testing firms, to ensure thorough and reliable testing.
- Look out for future developments and updates in DORA regulations and their impact on financial entities in the EU.
Original Post
This article provides a high-level view of what covered financial entities need to know about DORA testing. Financial entities operating within the EU or with EU-based customers will have to regularly test their ICT systems to stay compliant with DORA. DORA testing can be divided into two core types: general testing and red teaming (TLPT).
Key Terms
- DORA
- ICT systems
- General testing
- Red teaming
- TLPT
- TIBER-EU
- Penetration testing
ORIGINAL SOURCE:
Source link
