As a financial institution, you must comply with the Digital Operational Resilience Act (DORA) by January 2025. A big part of this DORA framework is planning and performing tests of your digital operational resilience.
Secura has extensive experience with DORA-related tests. We can help you define and update your test program in such a way that it complies with DORA.
The Secura DORA program
- Risk based approach: A yearly threat modeling workshop as a basis for the program. All tests and assessments use the outcomes of this workshop to ensure that actual and specific risks define the test program.
- Yearly penetration test on your critical ICT infrastructure. These are scenario bases, where the threat modeling outcomes define the scenario.
- Threat Led Penetration Test (TLPT) in an Advanced Red Teaming (ART), which includes physical access review and ICT third party assessments.
- Defining an automated test plan, which includes vulnerability scanning, compatibility testing, performance and end-to-end testing.
- Application testing, including source code reviews, which connect to your Software Development Lifecycle.
The Secura DORA program is a modular program. You can choose the modules relevant for your situation.
