top of page

Introducing BSI’s Technical Guideline TR-03183: A New Standard in Cyber Resilience for Manufacturers and Products

Sebastian Burgemejster

The Dutch Authority for the Financial Markets (AFM) has released its fifth update on #DORA, providing guidance for financial firms to test their digital operational resilience. 


Previous AFM Publications:


Update 1: General Overview


This edition introduced the financial sector to DORA’s objectives and outlined the key focus areas, including IT risk management, incident reporting, and operational resilience.


It emphasized the importance of harmonizing ICT risk management across the financial industry to protect against the growing cyber threat landscape​.


Update 2: Third-Party Risk Management 


Focused on managing risks associated with third-party ICT providers.


This update guided firms on setting up contracts, developing exit strategies, and ensuring oversight of critical third-party providers​.


Update 3: ICT Risk Management 


This publication provided an in-depth look at ICT #riskmanagement frameworks, urging firms to develop structured approaches to monitor, assess, and mitigate IT risks.


It covered requirements around #BCM, training employees in #ICT security, and implementing monitoring tools to detect and address risks​.


Update 4: Incident Management


Focused on the requirements for managing ICT-related incidents, including classifying and reporting significant cyber incidents.


This update stressed the importance of creating processes for detecting and managing incidents while maintaining compliance with DORA’s reporting requirements​.


Update 5: Testing Requirements and Operational Resilience


Focused on the requirements for testing programs to ensure digital operational resilience.


Testing Program Implementation:


All firms must set up a risk-based testing program as part of their ICT risk management framework. This includes:


- Establishing regular tests for the resilience of ICT systems and tools.

- Ensuring the testing program is aligned with the firm’s size, risk profile, and operational complexity.



Tests:


- Vulnerability Scans: Automated tests to identify security gaps.

- Gap Analyses: Evaluation of system performance against expected outcomes.

- Physical Security Assessments: Ensuring unauthorized access to critical locations is restricted.

- Source Code Reviews: Independent assessment of code to identify potential flaws before deployment.

- Compatibility Testing: Ensuring software works across different environments.


End-to-End Testing: Comprehensive tests covering the entire application to verify functionality in real-world scenarios.


- Penetration Testing: Simulated cyberattacks to uncover vulnerabilities​.

- Advanced Threat-Led Penetration Testing (TLPT): Simulates real-life cyberattacks, providing a more detailed and intelligence-driven evaluation of the firm’s resilience. 



0 views0 comments

Recent Posts

See All

Comments


Stay in touch

BW ADVISORY sp. z o.o. 

ul. Boczańska 25
03-156 Warszawa
NIP: 525-281-83-52

Privacy policy

  • LinkedIn
  • Youtube
bottom of page