SC180: Digital Operational Resilience Act (DORA)

Training: Security - Governance, Risk & Compliance

Professionals and executives in the financial sector receive a practical introduction to the requirements of the Digital Operational Resilience Act. The course covers risk management, incident reporting, resilience testing, and handling third-party risks. The training is complemented by training and awareness requirements as well as the EU-wide supervisory framework to strengthen security and stability.

Unfortunately there are currently no available appointments.
Would you like to request an appointment? Then click on 'No matching appointment?'

Request prefered appointment period:

* All fields marked with an asterisk are mandatory fields.

Agenda:

Introduction

 

  • Introduction to the Digital Operational Resilience Act (DORA)
    • Basic definition and objectives
    • Background and benefits of implementation

  • Who is affected? Significance and objectives of DORA
    • Affected sectors and companies
    • Main objectives: Compliance with the four protection goals

  • Overview and structure of DORA and accompanying documents
    • Specific requirements for Information and Communication Technology (ICT)
    • Implementation and monitoring

  • Simplified structural possibilities of DORA?
    • How can companies effectively integrate DORA into their existing structure?

  • Derivation of DORA from the general resilience concept
    • Comparison with existing resilience concepts and frameworks Governance, Risk Management and Compliance (GRC)
    • Information management systems

  • Focus and content of DOR strategies
    • Requirements for an operational resilience strategy
    • Focus on ICT risk management

  • Technical requirements

  • Possible approaches and success factors for DORA implementation
    • Success factors and best practices
    • Importance of the right mindset
    • Strategies for successful change management
    • Concept of the Dalton method for enterprise multiplication

DORA deepening through (mini) workshops and best practices

 

  • Business Continuity Management (BCM)
    • Challenges of cyber attacks to be addressed and operational stability risks
    • Impact of DORA on emergency management
    • Building an effective BCM/DR program
    • Practical recommendations for BCM and IT emergency management

  • ICT risk management (e.g. Cobit, ISMS according to ISO 27001)
    • Group exercise for creating an ICT risk management plan

  • Cloud Computing in the context of BaFin (Feb. 2024)
    • Fundamentals of cloud computing
    • Cloud security
    • BaFin requirements and their implementation

  • Incident Management
    • Processes for detection and management of ICT incidents
    • Reporting obligations and reporting system

  • Resilience testing
    • Conducting basic and advanced tests
    • Planning a Threat-Led Penetration Test (TLPT)

Conclusion and Q&A
  • Summary of key points
  • Open question round and discussion

On the first day you are cordially invited to a joint dinner. In a relaxed atmosphere you can exchange experiences with other participants and illuminate different perspectives.

Objectives:

The training SC180 Digital Operational Resilience Act (DORA) provides an overview of requirements, terminology, interrelations, and obligations in the context of DORA. Participants will not only become familiar with the DORA requirements but also gain insights into potential strategies for enhancing digital resilience: through case studies, best practices, and discussions on the challenges and solutions in implementing DORA across different types of financial institutions.

The focus is on the importance of a cybersecurity culture that is embraced by leadership and permeates the entire organization.

Target audience:

  • IT Executives
  • Security Executives
  • Compliance and Risk Management Professionals
  • Start-ups of FinTech Companies
  • BCM Executives
  • Executives
  • Third-party Providers and IT Service Providers for the Financial Sector

Prerequisites:

Interest and ability to integrate cross-cutting topics from GRC and Security.

Description:

The Digital Operational Resilience Act (DORA) is a crucial component of the European Union's digital finance strategy, aimed at enhancing cybersecurity and operational resilience in the financial sector. In light of the increasing digitization of financial services and the associated cyber threats, DORA is a response to the urgent need to establish a unified regulatory framework that ensures the security and stability of the financial system in the EU.

The key aspects of DORA covered in the workshop SC180 Digital Operational Resilience Act (DORA) are:

  1. Risk Management: Companies must establish robust IT risk management, including regular assessments and testing.
  2. Incident Reporting: There are clear guidelines for reporting security incidents to enable rapid response and damage limitation.
  3. Digital Operational Resilience Testing: Companies must conduct regular tests of their digital resilience, including penetration testing and scenario analysis.
  4. Third-Party Risk Management: Financial institutions must ensure that their third-party providers, including cloud services, also meet high security and resilience standards.
  5. Supervisory Framework: DORA establishes an EU-wide supervisory framework to ensure coherent application of the regulations.

In its supervisory notice from June/2024, Bafin provides important information as an explanation of DORA on the topic of “Strengthening Training and Communication”
DORA emphasizes training obligations much more strongly than BAIT/VAIT. Financial companies are required to develop programs for their employees and management to raise awareness of ICT security and provide training on digital operational resilience (Art. 13 para. 6 DORA). Furthermore, members of the management body must keep their knowledge and skills on ICT risks up to date, including through specialized training (Art. 5 para. 4 DORA). In general, the training should be aligned with the area of responsibility and, if necessary, also cover employed ICT third-party service providers.

check-icon

Guaranteed implementation:

from 2 Attendees

Booking information

Price:

2.350,00 € plus VAT.

(including lunch & drinks)

Authorized training partner

NetApp Partner Authorized Learning
Commvault Training Partner
CQI | IRCA Approved Training Partner
Veeam Authorized Education Center
Acronis Authorized Training Center
AWS Partner Select Tier Training
ISACA Accredited Partner
iSAQB
CompTIA Authorized Partner
EC-Council Accredited Training Center

Memberships

Allianz für Cyber-Sicherheit
TeleTrust Pioneers in IT security
Bundesverband der IT-Sachverständigen und Gutachter e.V.
Bundesverband mittelständische Wirtschaft (BVMW)
Allianz für Sicherheit in der Wirtschaft
NIK - Netzwerk der Digitalwirtschaft
BVSW
Bayern Innovativ
KH-iT
CAST
IHK Nürnberg für Mittelfranken
eato e.V.
Sicherheitsnetzwerk München e.V.