Ready for DORA? If you're not sure what it is or how it affects you, read on.
The EU's Digital Operational Resilience Act (DORA) took effect on 17th January 2025. This legislation mandates that most financial sector entities (including banks, insurance companies, and asset managers) regularly assess the resilience of their ICT systems against a wide range of risks, such as intrusions, hardware or software failures, and misconfigurations. DORA places particular emphasis on the "critical or important functions" of these entities.
DORA should be viewed positively. No organisation wants service disruptions or security breaches. When implemented thoroughly, the insights gained from the DORA process can lead to faster, more robust processes and software, while also helping to eliminate unused code or functions.
What our software offers on Resilience and DORA:
-
Check that all the lines of code that should be monitored are being monitored correctly:
Record Level access (CHAIN, READ, etc.)
SQL access (SELECT, UPDATE, …)
program calls (CALL, CALLP, …)
procedure calls
-
Calls to programs via a variable can be a vulnerability.
-
How many never used?
How many have not been used since xxx days
Reduce the attack surface
-
Verification that sources match those used to compile the objects.
Change management may be in place in place but still a good idea to confirm.
-
Ideally everything should be compiled with a recent version or most recent version of the OS but that may not be the case.
Older compilations may have vulnerabilities corrected in later releases or be slower than newer ones.
-
Code coverage analysis and removal of unused code and commented out code - again this is all about reducing the attack surface.
But it also reduces the amount of code to be supported.
The focus of this page is on software resilience and DORA, as these topics are currently of high interest.
If you require assistance with security aspects, including user authority auditing and two-factor authentication, please don't hesitate to contact us.