Course Description - Aims of the seminar:

 

• Understand DORA regulation. 

• Acknowledge the importance of the ICT risk management. 

• Comprehend the principle of reporting major ICT-related incidents and notifying, on a voluntary basis, significant cyber threats to the competent authorities. 

• Appreciate the importance of reporting of major operational or security payment-related incidents to the competent authorities. 

• Understand digital operational resilience testing.  

• Develop the program of information and intelligence sharing in relation to cyber threats and vulnerabilities

• Conduct audit, testing and assessment of the third-party service providers. 

• Understand the requirements in relation to the contractual arrangements concluded between ICT third-party service providers and financial entities. 

​

Course details: Methodology, Admission requirements, Who the seminar is for, Certification awarded 

​

1: Introduction to DORA

• Overview of the Digital Operational Resilience Act (DORA)

• Importance and objectives of DORA in the EU financial sector

• Institutions and the obliged entities under DORA’s scope
   

2: Regulatory Requirements

• ICT risk management and incident reporting requirements

• Guidelines on third-party risk management and outsourcing arrangements
   

3: Implementing Risk Management Strategies

• Steps for achieving compliance with DORA

• The role of the Management Body
   

4: The ICT risk management requirements

• DORA’s impact on financial institutions operations

• Challenges and opportunities from the implementation of the digital operational resilience strategy
   

5: Enhancing Digital Operational Resilience

• The importance of the detection, prevention and recovery, into the existing risk management frameworks

• Cybersecurity and business continuity planning under DORA

• Monitoring and reporting mechanisms
   

6: ICT-related incident management

• Define, establish and implement an ICT-related incident management process to detect, manage and notify ICT related incidents

• Operational or security payment-related incidents concerning credit institutions, payment institutions, account information service providers, and electronic money institutions  

• Advanced testing of ICT tools, systems and processes based on TLPT (threat Led Penetration Testing)

• Interactive discussion on emerging trends and best practices
   

7: Key principles for a sound management of third-party risk Assessment

• Terms and Conditions of the contractual agreements with third party service providers 

• The exit strategies-ICT services supporting critical or important functions 

• Preliminary assessment of ICT concentration risk at entity level
   

8: Oversight Framework of critical ICT third party service providers

• The monitoring role of Lead Overseer 

• Competent Authorities and Penalties​