D.O.R.A. Compliance Course
The "Hellenic Association of Risk Managers" (www.harima.gr) member of FERMA (Federation European of Risk Management Associations, www.ferma.eu) & FECMA (Federation of European Credit Management Associations, www.fecma.eu), with the support of "Academics University of London Worldwide" and SEV and in collaboration with the "Risk Training Institute" of ICAP CRIF, present the "D.O.R.A. Compliance Course"
Description
Organizational resilience refers to an entity’s capacity to anticipate, adapt, respond, and recover from a wide range of internal and external challenges, disruptions, and shocks while maintaining its core functions, values, and stakeholder relationships. Within a digital world with technology constant evolution the Digital Transformation Risks takes extreme significance and forces EU bodies to adjust their overview strategies by publishing subject matter compliance frameworks. The Digital Operational Resilience Act (DORA) arises from the increasing digitization of businesses and financial services provided by financial entities, aiming to harmonize the rules related to the security of networks and information systems currently in force within the European Union. DORA establishes standards that address the risks faced by these entities. It came into effect on January 16, 2023, with a 24-month implementation period. From January 17, 2025, the regulation will be mandatorily applicable.
In this module, participants will be able to understand and evaluate the importance of Digital Operational Resilience as a key component in managing entities’ cybersecurity risk environments. The module analyses systemic cyber risks impacting the Digital Economy and provides context for digital operational resilience regulations and standards, such as the EU Digital Operational Resilience Act (DORA) regulatory framework. Key Digital Operational Resilience measures will be appraised, including the ICT Governance Framework, the ICT Risk Management Framework and ICT Third Party Service Providers (including Cloud Computing Service Providers).
In this module, participants will evaluate the implications of the Digital Operational Resilience Act (DORA) on the cybersecurity risk management environment for entities subject to DORA regulation. The module analyses systematic cyber risks impacting the EU Digital Economy and provides context for the DORA regulatory framework. Key DORA measures will be appraised, including the ICT Governance Framework, the ICT Risk Management Framework, and ICT Third Party Service Providers (including Cloud Computing Service Providers).
About
Subject Areas
Subject Areas
Risk Management Essentials
ICT Risk Management
Organization & Governance Requirements
Third Party Risk Management
Business Continuity Management
Incident Response (framework, management, requirements)
Cybersecurity policies framework and requirements
Legal aspects of DORA requirements
MODULE-1 DIGITAL ERA, DIGITAL RISK and COMPLIANCE (4 hours)
Digital Era, Risk and Compliance
Digital Transformation Management
Overview of DORA.
Sectors affected by DORA.
Key definitions underpinning the Act.
Processes that come under the Act and are inspected.
Role of competent authorities.
Understanding the proportionality principle.
Penalties and how to apply remedial measures
MODULE-2 GOVERNANCE & ORGANIZATION (4 hours)
Regulatory requirements
Governance & Organization control framework
Necessary roles for designing-developing-implementing-monitoring-auditing.
Conflict of Interest Risk and Independence principle
Monitoring and Reporting
MODULE-3 ICT RISK MANAGEMENT (4 hours)
The internal governance and control framework that ensures an effective and prudent management of ICT risks.
The sound, comprehensive and well-documented ICT risk management framework, as part of the overall risk management system.
ICT systems, protocols and tools.
The need to identify, classify and adequately document all ICT supported business functions, roles and responsibilities, the information assets and ICT assets supporting those functions, and their roles and dependencies in relation to ICT risk.
The need to continuously monitor and control the security and functioning of ICT systems and tools, to minimize the impact of ICT risk on ICT systems through the deployment of appropriate ICT security tools, policies and procedures.
The need for mechanisms to promptly detect anomalous activities.
The need for response and recovery, and a comprehensive ICT business continuity policy.
Ensuring the restoration of ICT systems and data with minimum downtime, limited disruption and loss
MODULE-4 ICT RISK MANAGEMENT (4 hours)
Regulation Requirements for Security Policies
From Policies to Procedures to Technical Standards
Internal and External Drivers
InfoSec Framework, Roles and Governance
MODULE-5 INCIDENT MANAGEMENT (4 hours)
Regulation Requirements for Incident Management
Incident Management Framework
Incident Classification and Response
Internal Incident Reporting
External Incident Reporting
MODULE-6 BUSINESS CONTINUITY (4 hours)
Regulation Requirements for Business Continuity
Backup and Restore
Business Continuity & Crisis Management
MODULE-7 THIRD PARTY RISK MANAGEMENT (4 hours)
Regulation Requirements for 3rd Party Risk Management.
Preliminary assessment of ICT concentration risk at entity level.
Key contractual provisions.
Designation of critical ICT third-party service providers.
Structure of the Oversight Framework.
Tasks of the Lead Overseer.
Operational coordination between Lead Overseers.
Powers of the Lead Overseer.
Exercise of the powers of the Lead Overseer outside the Union.
General investigations, inspections, ongoing oversight.
Harmonisation of conditions enabling the conduct of the oversight activities.
International cooperation.
MODULE-8 DIGITAL OPERATIONAL RESILIENCE (4 hours)
General requirements for the performance of digital operational resilience testing.
Testing of ICT tools and systems.
Red Teaming Activities
Advanced testing of ICT tools, systems and processes based on threat-led penetration testing.
Requirements for testers for the carrying out of TLPT.
Summary: Requirements interdependence (‘all relevant’)
32
Hours Live Online
0%
Skilled and Profesional Advisors
0k+
Ambitious Training Attendes
0+
Years of Experience
0+
Trainings & Certificates
