December 06, 2024

Offensive Security Under the EU Digital Operational Resilience Act

1 min

Harley Geiger published “Offensive Security Under the EU Digital Operational Resilience Act” in the November-December 2024 edition of the Privacy & Cybersecurity Law Report. The following is an excerpt:

The Digital Operational Resilience Act (DORA) regulation1 is part of the European Union’s (EU) strategy to enhance the overall stability of the EU financial system by ensuring that financial entities are resilient to digital operational disruptions.

DORA introduces a framework for risk management of Information and Communication Technology (ICT), focusing on cybersecurity and operational resilience. Key components of DORA include penetration testing and other offensive security measures aimed at identifying and mitigating vulnerabilities within financial institutions and their ICT providers.

The compliance deadline for DORA is January 17, 2025. With this deadline approaching, we recommend financial services organizations and ICT vendors take steps now to be prepared for DORA.