DORA consultancy - helping financial institutes across the UK and Europe.

Dan Cristian Pădureț, Yellow, Green, and Red Abstract


ICT risk management framework

DORA strives to consolidate current frameworks and standards. However, regulated implementation timeframe is quite ambitious. It demands organizations to take early and more proactive approach towards navigating DORA challenges.

Many companies tend to think about technical issues when they start addressing ICT risk management requirements. Improvements in firewalls, additional patches, anti-virus protection, configuration management, investment into new technology is considered by them as a way to further strengthen their ICT security. At the same time majority of organisations spend only a small percentage of their IT budget on ICT security within the technical understanding of it. And 70% of the companies do not quantify their ICT risk exposures to drive investment decisions on Digital Operations Resilience.

Practice shows that successful cyber-attacks are not just about bypassing company’s technological defences. Cyber criminals always exploit people, process and technology. They would gather information about your assets and vulnerabilities such as your weaknesses across people, processes and technology. And they will exploit these weaknesses.

So ICT incidents are not just to do with your ICT infrastructure technical defences. They have negative consequence to your business as a whole. You need to have sufficient resources and developed capabilities to restore operations quickly and efficiently if cyber-attack takes place before the incident has affected your clients, shareholders, market share, wider financial market, ultimately your bottom line and reputation.

We like our clients to consider ICT risk as a constituent element of their overall business risk. Therefore, ICT risk management becomes a part of your company overall Risk Management Framework and should be incorporated into your Business Continuity Program.

By concentrating on the following elements of ICT risks: technology, process, people controls, and risk transfer, and working with DORA experts, you will be able to pinpoint your vulnerabilities and develop an effective management tools for such risks.

DORA specialists will provide you not just with qualitative assessment and probabilities, and technical tests but also scenarios and formulas to quantify ICT risks to understand the impact in monitory terms. If you think about risk in quantitative terms (costs and benefits ia) and are able to produce values of the level of risk in specific units defined when developing the context, it will be much more practicable. However, such level of ICT risk management will require development of additional capabilities if you do not already have technical or security staff that can do such computations.

Working with us you will be able:
  • To identify your ICT risks with proper governance, risk criteria and roles
  • To guide your management in understanding / prioritising ICT risks
  • To quantify your ICT risks using various scenarios and models/formulas
  • To develop informed ICT Risk Management Strategy, processes and practices
  • To optimise your ICT Risk Management Strategy to ensure the best budget decision and ROI

Would you like to talk about DORA compliance? Contact us.