DORA, NIS2 and Cyber security
Business entities and the public sector of EU countries are now significantly affected by the DORA regulation and the NIS2 directive.
Cyber security should no longer be perceived as a highly technical topic for a narrow circle of specialists and as something that is dealt with only at the level of the most important and most significant systems for the state or the private sector.
It is a topic that has a significant impact on daily operations and can and should penetrate other, quite common and much more widespread regulatory topics at the level of individual legal regulations - e.g. to the topic of general prevention according to the Civil Code, duty of care or the responsibility of a statutory body.
Both regulations lead to the need to map primary assets across the entire organizational structure and keep proper records of asset configurations and their connections and dependencies. New demands are placed on thousands of business entities and public institutions, which should review the existing methods of recording their assets, whether they use various Excel records or the Configuration Database CMDB and the processes they perform on this data.
Implement Configuration Database CMDB system for your security and compliance with regulatory requirements.
Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on the digital operational resilience of the financial sector (DORA - Digital Operational Resilience Act) lays down, among other things, requirements for risk management in the field of information and communication technologies (ICT) or reporting of serious incidents related to ICT. The leading body of the company bears the ultimate responsibility for managing the risk of the financial entity in the field of ICT, establishing clear roles and responsibilities for all functions related to ICT.
Financial entities shall identify, classify and properly document all ICT-supported business functions, tasks and responsibilities, information assets and ICT assets. They record the configuration of information assets and assets in the field of ICT and interconnection and interdependence.
Financial entities must have the resources and staff to gather information about vulnerabilities, cyber threats and incidents.
The European Directive NIS2 on measures to ensure a high common level of cyber security in the Union (No. 2022/2055) is implemented in the EU countries into the national law. This law regulates the rights and obligations of persons, organizational units of the state and other public authorities in the area of ensuring cyber security and the competence and powers of the National Office for Cyber and Information Security and other public authorities.