+DORA Ch. II Sec. II Art. 8 3.
|
1. Overview
DORA Ch. II Sec. II Art. 8 3.
3. Financial entities, other than microenterprises, shall perform a risk assessment upon each major change in the network and information system infrastructure, in the processes or procedures affecting their ICT supported business functions, information assets or ICT assets.
1.1 References
1.2 Identified Requirements
1.3 Related Standards
2. Identified Requirements
Requirements
| Source |
Requirement |
3. Related Standards
Standards
| Source |
Requirement |
|
NOREA
|
Risk Assessment
Identify all sources of ICT risk on a continuous basis, including risk exposure to and from other entities. Gather information, assess, and review at least on a yearly basis the cyber threats and ICT vulnerabilities relevant to business functions and assets. Evaluate the (potential) impact of these threats and vulnerabilities on the assets.
|
|
NOREA
|
Major change risk assessment
Perform a risk assessment upon each major change in the network, IT infrastructure, and the processes or procedures affecting business functions and assets.
|
|
NOREA
|
Legacy Systems risk assessment
Conduct specific risk assessments on all legacy ICT systems, applications, or systems at least yearly. Perform assessments before and after connecting legacy ICT systems, applications, or systems.
|
|