C A S H I N G I N generating liquidity runs and an overall loss of confidence and trust in financial markets .’
C A S H I N G I N generating liquidity runs and an overall loss of confidence and trust in financial markets .’
With that end in mind , DORA will make financial services engage in regular operational resilience testing which will include the examination of ICT systems , policies and procedures to evaluate their preparedness in case of an attack or incident . That will likely involve vulnerability assessments and penetration testing alongside other forms of testing . Certain institutions of sufficient size and importance may even be subject to nationally supervised Threat Led Penetration Tests ( TLPT ).
Under its auspices , financial institutions will have to conduct regular testing of their IT risk management frameworks to test how effectively they can detect , respond to and protect against threats , and then how well they can recover . These tests will have to be risk-based thus focusing on the risks specific to the organisation doing the testing , improving
Gareth Challonder , Security Subject Matter Expert at Spirent
their practices according to new threats and vulnerabilities .
That testing will need to cover the most critical component , assets and systems – including everything from internal systems to third party providers – a given organisation possesses and validates that organisation ’ s ability to recover from an incident and ensure business continuity in the event of a disruption .
On top of that , it all has to be documented , and the results of testing exercises have to be held onto to identify areas which can be improved and hopefully , the results of that improvement with each subsequent effort . This is partly to create a feedback loop and basis on which to continuously assess and improve upon test results and update response plans accordingly .
One more compliance obligation
Financial Services are one of the most regulated sectors around . DORA adds one more regime to comply with . From that point of view , it ’ s important to not just think about how DORA compliance will affect the sector individually , but as part of a larger body of regulation .
The complexity of compliance in financial services is a dense thing . Given the international nature of finance , many financial services companies often find themselves having to comply with multiple different statutes in multiple different territories , across sectoral , government and private sectors . Given that a transaction or data handling procedure may start in one part of the world , retrieve data in another and then return to its location of origin , in doing
30 www . intelligentfin . tech