Nos derniers articles

The white paper examines how the EU’s **NIS2 Directive** and **DORA Regulation** impose resilience, security, and compliance obligations on critical and financial-sector entities. It describes how NIS2 applies broadly to “essential” and “important” operators, while DORA targets financial firms, and compares their requirements for risk management, incident reporting, audits, third-party oversight, governance, testing, and information sharing. The document outlines potential penalties for noncompliance, the need for gap assessments and harmonization across jurisdictions, and emphasizes that entities both inside and outside the EU may be affected by these rules.

The 𝗖𝗲𝗻𝘁𝗿𝗮𝗹 𝗕𝗮𝗻𝗸 𝗼𝗳 𝗜𝗿𝗲𝗹𝗮𝗻𝗱 guidance highlights 𝗰𝘆𝗯𝗲𝗿 𝗿𝗶𝘀𝗸𝘀 as a central component of 𝗼𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗿𝗲𝘀𝗶𝗹𝗶𝗲𝗻𝗰𝗲 𝗶𝗻 𝗳𝗶𝗻𝗮𝗻𝗰𝗶𝗮𝗹 𝘀𝗲𝗿𝘃𝗶𝗰𝗲𝘀, framing them under 𝗜𝗖𝗧 𝗿𝗶𝘀𝗸 and 𝗱𝗶𝗴𝗶𝘁𝗮𝗹 𝗼𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗿𝗲𝘀𝗶𝗹𝗶𝗲𝗻𝗰𝗲. It identifies cyber incidents and attacks as major disruptive events, alongside technology failures and insider threats. ICT risk is defined broadly, encompassing threats to systems, operations, and services. Firms are expected to align ICT resilience strategies with critical business services and integrate incident management into resilience frameworks. The guidance emphasizes alignment with 𝗗𝗢𝗥𝗔 and 𝗡𝗜𝗦𝟮, marking a regulatory shift from earlier cybersecurity guidance toward 𝙝𝙖𝙧𝙢𝙤𝙣𝙞𝙯𝙚𝙙, 𝙝𝙤𝙡𝙞𝙨𝙩𝙞𝙘 𝙧𝙚𝙨𝙞𝙡𝙞𝙚𝙣𝙘𝙚 𝙥𝙧𝙖𝙘𝙩𝙞𝙘𝙚𝙨.