Navigate the growing complexity of cyber security by examining people, cloud, endpoints, and OT/ICS, and understand talent gaps, automation limits, and noisy alerts in security operations.

Dora strengthens EU financial information and communications technology security by boosting resilience against operational disruptions, tightening third-party risk oversight, and preserving stability and trust across the financial sector.

Define corporate governance as a system of rules, practices, and processes directing a firm. Implement it through enterprise risk management and internal controls to enable risk-aware, financially informed decisions.

Explore enterprise risk management within corporate governance, including preventable, strategic, and external risks, with cyber security as a core consideration and a cycle of identify, analyze, prioritize, respond, and monitor.

Learn how cyber security risk management protects confidentiality, integrity, and availability by identifying threats, vulnerabilities, and impacts, using heatmaps to guide remediation, mitigation, avoidance, transfer, or acceptance.

Establish an ICT risk management framework aligned with the organization's risk governance and Dora requirements. Identify and map ICT assets to assess risks, then implement mitigation and continuous monitoring.

Vulnerability means any weakness in an information system, including people, hardware, or physical controls, that a threat source could exploit; CVEs cover only part of these weaknesses.

Explain the common vulnerabilities and exposures framework and how MITRE assigns CVE IDs with descriptions, illustrate a 2009 Chrome vulnerability that enables code execution and a CVSS score of 10.

Understand the common vulnerability scoring system (CVSS), its version 2 and version 3 severities, and how asset criticality influences prioritization beyond CVSS scores.

Identify, evaluate, prioritize (including asset criticality), remediate, and report vulnerabilities through a structured vulnerability management process, using automated scanning or manual testing, CVSS scores, patches, compensating controls, and management reporting.

Identify vulnerabilities across all digital assets with scanning tools, compare agent-based and agentless approaches, and pair automated scans with manual testing within up-to-date inventory management.

Prioritize vulnerabilities with a risk-based ranking informed by the evaluation phase, balancing CVSS scores, ASIL criticality, compliance requirements, resource availability, and operational impact.

Remediate vulnerabilities by applying patches when available, applying configuration changes to harden systems, or using mitigation techniques with compensating controls like a web application firewall when patching isn't feasible.

Document vulnerability management details, including identified, mitigated, and outstanding items; hold regular stakeholder reviews to align on progress and strategy; and pair reporting with compliance auditing to meet industry standards.

Presents a vulnerability management architecture spanning cloud resources in Azure and AWS, on premises systems, and devices, using agentless or agent-based scanners to prioritize findings for IT operations and management.

Penetration testing simulates cyber attacks to identify vulnerabilities before real attackers exploit them, while ethical hackers operate under controlled conditions with documented scope and objectives.

Detect security weaknesses, deliver remediation guidance, and validate security controls while informing risk management and boosting organizational resilience against cyber threats.

Compare red teaming and penetration testing, highlighting red teaming's end-to-end, ongoing approach that simulates adversary TTPs with blue and purple teams, versus time-bound pentesting that identifies vulnerabilities.

Implement the Dora resilience testing plan with resilience tests on critical ICT systems, penetration and vulnerability assessments, and remediation plans for disaster recovery and backup systems under simulated scenarios.

Explore Dora's ict incident management requirements, including establishing a documented policy, detecting and reporting incidents, root cause analysis, corrective actions, lessons learned, and timely regulator and stakeholder notifications.

Explore the four-step NIST incident response process: preparation; detection and analysis; containment, eradication, and recovery; and post-incident activity. Learn how to return to preparation after incidents to strengthen future readiness.

Prepare for incidents by tailoring policies, training staff and security personnel, provisioning tooling and hardware access, and establishing a preincident communication plan with internal escalation and external stakeholders, plus testing.

Master short-term and long-term containment within the NIST incident response cycle by isolating segments, disabling accounts, eradicating threats, patching vulnerabilities, restoring systems from clean backups, validating integrity, and monitoring post-recovery.

Dora requirements establish mechanisms to share threat intelligence and incident data with stakeholders and regulators. Promote data protection and trusted information sharing networks with indicators of compromise.

Define cyber threat intelligence as knowledge about adversaries' motivations, intentions, and methods gathered to protect critical assets. Emphasize TTPS (tactics, techniques, and procedures) to enable threat-informed defense across the SOC.

Explore threats, vulnerabilities, and risks by examining threat actors and how exploiting vulnerabilities causes downtime, confidentiality violations, and integrity violations, with risk defined as impact times likelihood.

Learn how threat informed defense uses cyber intelligence to map your organization's mission to the threats, motives, and tactics attackers target, and to tailor detection and protection.

Explore tactics, techniques, and procedures (TTPs) as a hierarchy from high-level threat actor objectives to detailed actions, including reconnaissance, scanning, and vulnerability scanning, with sub-techniques in the Mitre Attack framework.

Differentiate IOCs from IOAs to distinguish evidence of compromise from attacker intent and behavior, with IOCs signaling breaches via file hashes, domains, or URLs, and IOAs mapping threat actor behavior.

The pyramid of pain ranks how hard it is for attackers to change indicators, from hashes to TPS; prioritize detecting tactics, techniques, and procedures to thwart adversaries.

Identify CTI sources: enterprise tools, OSINT, and social media. Use examples like Microsoft Defender Threat Intelligence, CrowdStrike, VirusTotal, Shodan, and note the sharing of IOCs, IOAs, and TTPS.

Establish mechanisms for sharing threat intelligence and incident data with internal stakeholders and external partners, align with Dora requirements, and formalize compliant sharing agreements.

Identify critical third party providers and clearly document their roles and dependencies. Conduct regular audits, assess DORA compliance, and establish oversight to ensure resilience, contractual obligations, and ongoing regulatory reporting.

Monitor regulatory updates for Dora compliance and related frameworks. Drive continuous improvement by analyzing incident trends to update mitigation strategies and strengthen resilience culture.