+DORA Ch. II Sec. II Art. 8 4.
|
1. Overview
DORA Ch. II Sec. II Art. 8 4.
4. Financial entities shall identify all information assets and ICT assets, including those on remote sites, network resources and hardware equipment, and shall map those considered critical. They shall map the configuration of the information assets and ICT assets and the links and interdependencies between the different information assets and ICT assets.
1.1 References
1.2 Identified Requirements
1.3 Related Standards
2. Identified Requirements
Requirements
| Source |
Requirement |
3. Related Standards
Standards
| Source |
Requirement |
|
NOREA
|
Risk Assessment
Identify all sources of ICT risk on a continuous basis, including risk exposure to and from other entities. Gather information, assess, and review at least on a yearly basis the cyber threats and ICT vulnerabilities relevant to business functions and assets. Evaluate the (potential) impact of these threats and vulnerabilities on the assets.
|
|
NOREA
|
Major change risk assessment
Perform a risk assessment upon each major change in the network, IT infrastructure, and the processes or procedures affecting business functions and assets.
|
|
NOREA
|
Legacy Systems risk assessment
Conduct specific risk assessments on all legacy ICT systems, applications, or systems at least yearly. Perform assessments before and after connecting legacy ICT systems, applications, or systems.
|
|