DORA

FAQ

Q: How can Securitum help me meet DORA requirements?

We can help you meet DORA requirements by providing comprehensive Threat-Led Penetration Testing services that assess your organization's cybersecurity measures and resilience against potential cyber threats.

Q: What's the difference between DORA and NIS2?

DORA is a lex specialis of NIS2, offering specific policies designed to strengthen the digital operational resilience of the financial sector. Its goal is to ensure that financial entities can protect themselves and provide uninterrupted services to customers, even in the event of a cyberattack.

Q: What is the difference between TLPT and regular penetration testing?

While regular penetration tests focus on detecting common vulnerabilities in systems, TLPT tests are focused on simulating real-world threat scenarios that could be used by cybercriminal groups.

Q: How often should TLPT tests be conducted?

According to DORA, TLPT tests should be conducted at least once every three years. However, it is recommended to perform them more frequently if there are significant changes or upgrades to IT systems.

Q: In which language can the audit process be conducted?

The audit process can be carried out in either Polish or English, depending on the client's needs and preferences. The final report is also provided in the chosen language.

Q: How long do TLPT tests take?

The duration of TLPT tests depends on the scope of the audit and the complexity of the system being tested, in agreement with the contracting organization and the supervisory body. According to DORA, the intelligence phase lasts approximately 10 weeks, and the Red Team phase lasts at least 12 weeks.