+DORA Ch. II Sec. II Art. 8 2.
|
1. Overview
DORA Ch. II Sec. II Art. 8 2.
2. Financial entities shall, on a continuous basis, identify all sources of ICT risk, in particular the risk exposure to and from other financial entities, and assess cyber threats and ICT vulnerabilities relevant to their ICT supported business functions, information assets and ICT assets. Financial entities shall review on a regular basis, and at least yearly, the risk scenarios impacting them.
1.1 References
1.2 Identified Requirements
1.3 Related Standards
2. Identified Requirements
Requirements
| Source |
Requirement |
3. Related Standards
Standards
| Source |
Requirement |
|
NOREA
|
Risk Assessment
Identify all sources of ICT risk on a continuous basis, including risk exposure to and from other entities. Gather information, assess, and review at least on a yearly basis the cyber threats and ICT vulnerabilities relevant to business functions and assets. Evaluate the (potential) impact of these threats and vulnerabilities on the assets.
|
|
NOREA
|
Major change risk assessment
Perform a risk assessment upon each major change in the network, IT infrastructure, and the processes or procedures affecting business functions and assets.
|
|
NOREA
|
Legacy Systems risk assessment
Conduct specific risk assessments on all legacy ICT systems, applications, or systems at least yearly. Perform assessments before and after connecting legacy ICT systems, applications, or systems.
|
|