DORA Foundation Training
This foundational training is designed for compliance personnel, auditors, and related professionals within the financial sector. It aims to impart a robust understanding of the Digital Operational Resilience Act (DORA) and its pivotal concepts, such as ICT risk management, security measures, business continuity planning, incident management, resilience testing, third-party risk management, and information sharing.
> Format: In-person Training
> Date: from 28 to 29 May 2024
> Duration: 2 Days (16 Hours)
> Trainer: Matthieu Duponchel
Objectives
Participants will leave the training with:
- A comprehensive understanding of DORA and its significance within the EU financial regulatory landscape.
- The ability to identify and assess ICT risks, applying DORA’s risk management and security measures.
- Knowledge of business continuity practices and incident management as per DORA requirements.
- Insights into resilience testing methodologies, including penetration testing and red teaming.
- Understanding the intricacies of managing third-party risks and the importance of information sharing under DORA.
- Enhanced capabilities to audit and ensure compliance with DORA regulations within their organisations.
Programme
Day 1: Introduction to DORA, ICT Risk Management, and Incident Management
Introduction to DORA
- Overview and objectives of DORA within the EU financial regulatory framework.
- The significance of DORA for enhancing digital operational resilience in the financial sector.
ICT Risk Management
- Detailed exploration of risk identification, assessment, and mitigation strategies.
- Security measures and best practices for safeguarding against ICT threats.
- Interactive exercises: Applying risk management principles in real-world scenarios.
Incident Management: Classification and Reporting
- Introduction to the incident management lifecycle as per DORA guidelines.
- Classification of ICT-related incidents and criteria for reporting.
- Workshop: Developing an incident response plan that aligns with DORA requirements.
Day 2: Resilience Testing, Third-Party Risk Management, and Information Sharing
Resilience Testing
- We'll deeply dive into resilience testing methodologies, including penetration testing and red team exercises tailored to meet DORA standards.
- Practical guide on planning, conducting and analysing resilience tests.
Third-Party Risk Management
- Strategies for managing risks associated with ICT third-party service providers.
- Conducting due diligence, ongoing monitoring, and ensuring compliance through contractual agreements.
- Group activity: Assessing and managing third-party risks in case studies.
Information Sharing
- The role and importance of information sharing on cybersecurity threats and vulnerabilities within the financial sector.
- Mechanisms and protocols for secure and efficient information sharing.
Closing Session
- Group discussion and Q&A session to address any outstanding questions.
- Participants share insights on applying the day’s learnings to their roles.
Training Materials
- Comprehensive slides and presentations covering all DORA topics.
- Case studies and practical scenarios for group discussions.
- Supplementary reading materials and references for further study.
This training proposal aims to equip compliance personnel and auditors with the knowledge and tools necessary for effective DORA compliance, thereby contributing to their institutions' overall operational resilience.
Target Audience
For the "DORA Foundation Training" the target audience includes professionals within the financial sector whose roles involve ensuring compliance with regulatory standards, managing risk, or auditing processes related to information and communication technology (ICT) and operational resilience. Specifically, this training is designed for:
- Compliance Officers and Managers
- Risk Managers and Analysts
- Auditors (Internal and External)
- Legal Advisors
- Project Managers
This diverse audience reflects DORA's wide-reaching impact across different facets of the financial industry, underscoring the need for a broad understanding of its requirements and implications for digital operational resilience.