Course Overview:
Week 1: Introduction to Digital Operational Resilience
Overview of the EU’s Digital Operational Resilience Act (DORA)
Explanation of the key concepts and requirements
Case studies of recent cyber-attacks and the impact on financial institutions
Introduction to the NIS Directive and the relationship between DORA and NIS
Week 2: Risk Management and Cybersecurity
Principles of risk management and cybersecurity
Understanding of the cyber threat landscape
Cybersecurity frameworks and standards (e.g., NIST, ISO, CIS)
Vulnerability management and incident response
Week 3: Governance and Accountability
Importance of governance and accountability in digital operational resilience
Role of the Board and Senior Management
Regulatory requirements for governance and accountability (e.g., IAF/SEAR, EBA Guidelines)
Cybersecurity culture and awareness training
Week 4: Business Continuity and Disaster Recovery
Business continuity planning and disaster recovery
Key concepts of resilience and recovery
Developing a business continuity plan
Testing and validating business continuity plans
Week 5: Third-Party Risk Management
Managing third-party risks in the digital ecosystem
Due diligence and risk assessments
Contractual arrangements and service level agreements
Continuous monitoring and oversight of third-party service providers
Week 6: Compliance and Reporting
Regulatory reporting requirements under DORA
Incident reporting and notification
Audit and assessment frameworks (e.g., ISAE 3402, SOC 2)
Best practices for compliance and reporting