+DORA Ch. VI Art. 45 1.
|
1. Overview
DORA Ch. VI Art. 45 1.
1. Financial entities may exchange amongst themselves cyber threat information and intelligence, including indicators of compromise, tactics, techniques, and procedures, cyber security alerts and configuration tools, to the extent that such information and intelligence sharing:
- (a) aims to enhance the digital operational resilience of financial entities, in particular through raising awareness in relation to cyber threats, limiting or impeding the cyber threats’ ability to spread, supporting defence capabilities, threat detection techniques, mitigation strategies or response and recovery stages;
- (b) takes places within trusted communities of financial entities;
- (c) is implemented through information-sharing arrangements that protect the potentially sensitive nature of the information shared, and that are governed by rules of conduct in full respect of business confidentiality, protection of personal data in accordance with Regulation (EU) 2016/679 and guidelines on competition policy.
1.1 References
1.2 Identified Requirements
1.3 Related Standards
2. Identified Requirements
Requirements
| Source |
Requirement |
3. Related Standards
Standards
| Source |
Requirement |
|
NOREA
|
Incident Classification Criteria
Classify ICT-related incidents based on their impact using the following criteria: number of clients/customers or financial counterparts affected, number of transactions affected, reputational damage, duration of the incident and downtime of services, geographical spread of the incident, data loss in relation to the CIA-triad, criticality of the services affected, and the overall economic impact of the incident.
An incident is considered major if (1) any malicious unauthorised access to network and information systems is identified, which may result to data losses or (2) the thresholds of two additional criteria are met (refer to the DORA RTS IM (Major Incidents) sheet for the thresholds). Also, take into account recurring incidents, where recurring incidents are considered major when (1) the incidents have occurred at least twice within 6 months, (2) the incidents have the same apparent root cause, (3) the incidents collectively categorise as a major incident.
|
|
NOREA
|
Cyber Threat Classification Criteria and Information Exchenge
Classify significant cyber threats. A threat is considered significant if it has a high probability of materialisation, could meet any of the criteria that classify as a 'major incident' when materialised, and when it could affect or could have affected critical or important functions of the financial entity, or could affect other financial entities, third party providers, clients or financial counterparts.
Cyber threat information and intelligence may be exchanged with other financial entities, ensuring such sharing enhances digital operational resilience. In this case, ensure that the exchange includes information such as indicators of compromise, tactics, techniques, procedures, alerts, and configuration tools. The exchange must occur within trusted communities and be governed by information-sharing arrangements that safeguard business confidentiality, personal data , and respect competition law. These arrangements shall clearly define participation conditions, address the potential involvement of public authorities and ICT third-party providers, and specify operational aspects, including the use of secure IT platforms. Notify competent authorities upon joining or leaving such arrangements.
|
|