Springe zum Hauptinhalt
Free Trial Contact
Free Trial Contact
Linkedin X YouTube
PRODUCTS
 
SERVICE

Mega-Menü-Produkt-Services_Pfeil

HYPERSECURE PlatformZero Trust Strategy

 

BRANCHEN
COMPLIANCE

Mega-Menü-Blog_Pfeil

News, Information AND Tips ABOUT IT SecurityTo the Blog
PARTNERS
SUPPORT
Support
Service Desk Partner Portal

 

CATEGORIES
MEDIA

Mega-Menü-Blog_Pfeil

News, Information and Tips about IT Security
To the BlogNewsletter

DORA

The Digital Operational Resilience Act (DORA) is an EU legal framework designed to improve the cyber security and resilience of financial institutions and their critical service providers.

You must be fully NIS2 compliant in:

00

days

00

hours

00

minutes

00

seconds

Who is affected?

  • Credit and payment institutions
  • Electronic money institutions
  • Investment firms
  • Trading venues
  • Alternative investment fund managers
  • Management companies
  • Insurance and reinsurance companies
  • Institutions for occupational retirement provision
  • rating agencies
  • ICT third-party service providers

As the January 2025 deadline approaches and the standards are finalized, the enforcement tasks will shift to the "competent authorities", i.e. the regulatory bodies elected by the individual EU Member States.

Graphic of financial institutions and finances
 

What is DORA?

DORA, the Digital Operational Resilience Act, is a regulation introduced by the European Union in 2022 to strengthen the ability of financial firms and key third-party providers to deal with cyber threats. It mandates the implementation of comprehensive cybersecurity protocols to minimize risk and ensure rapid recovery from cyber incidents.

As part of the wider EU initiative, DORA plays a crucial role in securing critical financial systems and preventing operational failures due to cyber-attacks.

 

What does DORA include?


DORA introduces a holistic framework for effective risk management, ICT and cyber security functions, incident handling and reporting and third party management, ensuring consistent service delivery across the entire value chain.

Five core topics play a special role here: ICT risk management, ICT incident management, digital resilience testing, third-party management and information sharing.

 

Objectives of DORA

DORA was developed to strengthen the digital resilience of companies in the financial sector and ensure that they are able to deal with IT-related disruptions and cyber threats.

Strengthening digital resilience

Financial institutions should implement robust IT systems and processes in order to avoid or quickly overcome operational disruptions.

Uniform regulation

Introduction of a uniform framework in the EU that affects all players in the financial sector equally.

Managing cyber risks

Institutions should develop effective systems and procedures to detect, manage and respond to cyber threats.

 

5 Key requirements of DORA


The Digital Operational Resilience Act (DORA) sets out clear requirements for financial institutions to strengthen their resilience to digital threats. Five key requirements that companies must take into account when implementing the DORA regulations are highlighted below.

 

Why is DORA important for cyber security?

A single security breach can result in significant financial loss, reputational damage and, in severe cases, systemic risk to the entire financial sector. DORA addresses these challenges by standardizing cybersecurity practices and mandating a minimum level of operational resilience.

DORA mandates high standards for all financial institutions, including cybersecurity protocols, data governance and risk management practices.

Many financial institutions rely on third-party providers for critical operations. DORA requires a rigorous assessment of these providers to ensure they meet security standards.

By mandating prompt and structured reporting of cybersecurity incidents, DORA improves transparency and accountability, enables faster response times and minimizes potential damage.

 

Comparison with other regulations

 

The parallels and overlaps are shown below:

REGULATION SIMILARITY WITH DORA FOCAL POINTS AND REQUIREMENTS
     
ISO 27001
Annex A		 DORA is similar to Annex A in that it defines specific security controls. Both require holistic risk management and IT resilience measures.   Control groups: Risk management, access control, cryptography, operational security, supplier relationships. Focus on the implementation of an Information Security Management System (ISMS) to continuously improve security. Requirements for security policies, logging and vulnerability management.
     
NIS2 (Art. 21) Like DORA, NIS2 requires risk management that covers the entire supply chain. Both emphasize incident reporting and access control.   Risk management measures: Asset management, access controls, vulnerability management, monitoring, incident management. Focus on cyber security measures for critical infrastructure and essential services. Obligation to report incidents and cooperate with authorities.
     
CMMC
(Security
Domains)		 DORA is similar to the security domains of the CMMC, which are divided into controllable categories, e.g. Access Control and Incident Response.   Security Domains: Access Control, Threat Detection, Incident Response, Recovery. Detailed requirements for different maturity levels to ensure that organizations reach the right security level for them. Strong focus on third-party collaboration and supply chain risk management.
       
DORA (own requirements) DORA stands out due to its strong focus on digital resilience and specific requirements for financial organizations, such as resilience testing.   Commitment to regular resilience testing for IT systems. Third-party risk management is a key focus. Ensures that organizations are also prepared for IT-related business disruptions. High reporting requirements and cooperation with supervisory authorities.

 

 

How does DriveLock help me?


Financial companies


As a financial company, you must ensure that you implement resilient management of your ICT risks and have taken security measures to minimize these risks. These measures should ensure business continuity in the event of a cyberattack and the protection of their processed information. They must explicitly ensure that all employees receive regular training and awareness-raising measures on ICT risks and cyber security.

ICT service providers


As a service provider for a financial company, they must undertake to meet security standards and implement technical and organizational measures (TOMs) to minimize the risk of cyberattacks. They must provide evidence of the implementation of such security controls.

Our aim was to prevent the risk of data theft through unsecured USB ports on the PCs in our sales areas. Thanks to DriveLock, we were able to achieve this goal quickly.
Torben Boockmann
CTO | Möbel Rieger GmbH & Co. KG
We are very satisfied with the DriveLock solution. It works perfectly and is so flexible that it offers us numerous expansion options. We are also very well positioned with DriveLock for new IT security requirements.
Thomas Ochs
CIO | Villeroy & Boch AG
DriveLock's Application Control module has already effectively protected our administration more than once from ransomware and the associated serious consequences.
Oliver Mummert
IT Service Department l City of Gütersloh
Thanks to DriveLock, we have secured our devices and are therefore well positioned for the future. The setup went smoothly with the help of DriveLock.
Oliver Hoffkamp
IT Administrator | St. Franziskus Heiligenbronn Foundation
In general, a USB stick is only permitted on a workstation in the company if it is authorized in DriveLock and encrypted with DriveLock Encryption 2-Go or BitLocker, the encryption solution from Microsoft.
Frank Moussé
CISO and DPO of the GHT
 
NO OBLIGATION, NO COMMITMENT.

Free 30-day trial without obligation

See for yourself. Test the usage scenarios relevant to your company.


Test today - Be HYPERSECURE tomorrow!

Test 30 days free of charge

 

Frequently Asked Questions

ISO_27001_colour_en DriveLock erhält von Teletrust das IT Security Siegel - made in Germany Data LeakageLoss Prevention and Data Security_Leader PUR_S_2024_Award_Endpoint_Protection_quer PUR_S_2024_Award_Vulnerability_Management_quer microsoft-gold-partner-845x680-1 Mitglied TeleTrust Mitglied bitkom Mitgliedschaft ACS DsiN Mitglied DriveLock erhält von Teletrust das IT Security Siegel - made in EU DriveLock mit seiner Endpoint Protection Platform gewinnt den InfoSec Award des Cyber Defense Magazine Global-InfoSec-Awards-Winner-for-2024_SM Techconsult: Professional User Rating Security Solutions 2022- DriveLock als Champion in Lösungsbereich Endpoint Protection BDSV Mitglied ECSO Updated logo
 
No obligation, no commitment.

Now without obligation
Test 30 days free of charge.

See for yourself. Test the application scenarios that are important for your company.

Test today - HYPERSECURE tomorrow!

Test for 30 days free of charge