Benutzerbeiträge von „Jhospes“

3. Juni 2025

• 13:0613:06, 3. Jun. 2025 Unterschied Versionen +653 N Translations:Digital Operational Resilienec Act (DORA)/32/en Die Seite wurde neu angelegt: „DORA imposes clear requirements on the management of ICT third-party risk and contractual arrangements with ICT third-party providers that financial entities must observe. Except for microenterprises, financial entities are required to develop and regularly review a strategy for managing ICT third-party risk. This strategy includes guidelines on the use of ICT third-party services to effectively manage risks arising from external service providers. The ES…“ aktuell
• 13:0613:06, 3. Jun. 2025 Unterschied Versionen +32 N Translations:Digital Operational Resilienec Act (DORA)/31/en Die Seite wurde neu angelegt: „=== Supply Chain Management ===“ aktuell
• 13:0613:06, 3. Jun. 2025 Unterschied Versionen +382 N Translations:Digital Operational Resilienec Act (DORA)/30/en Die Seite wurde neu angelegt: „The specific requirements and elements of these TLPTs are defined in the Regulatory Technical Standards (RTS) issued by the European Supervisory Authorities (EBA, ESMA, and EIOPA – collectively the “ESAs”). The methodology to be applied is based on the TIBER-EU framework (“Threat Intelligence-Based Ethical Red Teaming”), which is implemented in Austria through TIBER-AT.“ aktuell
• 13:0613:06, 3. Jun. 2025 Unterschied Versionen +415 N Translations:Digital Operational Resilienec Act (DORA)/29/en Die Seite wurde neu angelegt: „Article 25(1) DORA specifies different types of tests that may be considered, including simulations, red teaming, or penetration tests. Additionally, under Article 26 DORA, certain financial entities are required to carry out threat-led penetration tests at least every three years, simulating realistic threat scenarios. These tests aim to uncover vulnerabilities that traditional security measures may not detect.“ aktuell
• 13:0613:06, 3. Jun. 2025 Unterschied Versionen +616 N Translations:Digital Operational Resilienec Act (DORA)/28/en Die Seite wurde neu angelegt: „Significant financial entities are required to conduct threat-led penetration tests (TLPT). These tests — also conducted in the production environment — target the company’s core IT systems. This enables obligated entities to identify weaknesses, deficiencies, and gaps in digital operational resilience and take corrective actions immediately. The tests must be conducted by independent parties to ensure objective evaluation. They are to be performed…“ aktuell
• 13:0613:06, 3. Jun. 2025 Unterschied Versionen +50 N Translations:Digital Operational Resilienec Act (DORA)/27/en Die Seite wurde neu angelegt: „=== Testing of Digital Operational Stability ===“ aktuell
• 13:0413:04, 3. Jun. 2025 Unterschied Versionen −90 Network and Information Security Directive (NIS2-RL)/en Die Seite wurde neu angelegt: „* The affected systems’ role in service delivery * Severity and technical nature of the threat * Underlying vulnerabilities * Past experience with similar incidents“ aktuell
• 13:0413:04, 3. Jun. 2025 Unterschied Versionen +1.070 N Translations:Digital Operational Resilienec Act (DORA)/26/en Die Seite wurde neu angelegt: „To support financial entities in implementing these requirements, the European Supervisory Authorities have issued several technical regulatory standards. These include provisions on the tools, methods, processes, and policies for ICT risk management, as well as simplified risk management frameworks for microenterprises. Further RTS specify criteria for classifying ICT incidents and cyber threats, as well as materiality thresholds and reporting requiremen…“ aktuell
• 13:0313:03, 3. Jun. 2025 Unterschied Versionen +609 N Translations:Digital Operational Resilienec Act (DORA)/25/en Die Seite wurde neu angelegt: „Furthermore, financial entities must establish processes to ensure that ICT-related incidents are promptly identified, addressed, classified, and reported. Particularly severe ICT incidents, as defined under Article 18(1) DORA, must be reported to the competent supervisory authorities through a three-stage procedure. In cases where serious ICT incidents affect the financial interests of customers, financial entities must inform their customers immediately…“ aktuell
• 13:0313:03, 3. Jun. 2025 Unterschied Versionen +31 N Translations:Digital Operational Resilienec Act (DORA)/24/en Die Seite wurde neu angelegt: „==== ICT-Related Incidents ====“ aktuell
• 13:0313:03, 3. Jun. 2025 Unterschied Versionen +482 N Translations:Digital Operational Resilienec Act (DORA)/23/en Die Seite wurde neu angelegt: „A central aspect of DORA is the responsibility of the management body (e.g., board of directors) for digital resilience. Business Continuity Management (BCM) serves as the key entry point for implementing this responsibility in practice. DORA requires that the management body itself possesses the necessary expertise and may no longer rigorously delegate it. This could lead to structural changes in corporate governance, such as the integration of a CIO or…“ aktuell
• 13:0313:03, 3. Jun. 2025 Unterschied Versionen +778 N Translations:Digital Operational Resilienec Act (DORA)/22/en Die Seite wurde neu angelegt: „Under DORA, financial entities are required to establish a comprehensive internal governance and control framework for managing information and communication technology (ICT) risks. This framework must be regularly reviewed and documented, with microenterprises only needing to conduct regular reviews. The goal is to effectively address ICT risks. The specific requirements for ICT risk management are set out in Article 5(2) DORA. Responsibility for definin…“ aktuell
• 13:0313:03, 3. Jun. 2025 Unterschied Versionen +19 N Translations:Digital Operational Resilienec Act (DORA)/21/en Die Seite wurde neu angelegt: „==== ICT Risks ====“ aktuell
• 13:0313:03, 3. Jun. 2025 Unterschied Versionen +45 N Translations:Digital Operational Resilienec Act (DORA)/20/en Die Seite wurde neu angelegt: „=== Management of ICT Risks and Incidents ===“ aktuell
• 13:0313:03, 3. Jun. 2025 Unterschied Versionen +18 N Translations:Digital Operational Resilienec Act (DORA)/19/en Die Seite wurde neu angelegt: „== Core Content ==“ aktuell
• 13:0313:03, 3. Jun. 2025 Unterschied Versionen +552 N Translations:Digital Operational Resilienec Act (DORA)/18/en Die Seite wurde neu angelegt: „The territorial scope of DORA primarily includes all financial entities and relevant ICT service providers operating in the European Union. In addition to EU-based financial entities and ICT service providers, DORA also applies to branches and subsidiaries of EU financial entities located outside the Union, provided these branches and subsidiaries provide services into the EU. This is to ensure the operational resilience of the financial sector across the…“ aktuell
• 13:0313:03, 3. Jun. 2025 Unterschied Versionen +27 N Translations:Digital Operational Resilienec Act (DORA)/17/en Die Seite wurde neu angelegt: „==== Territorial Scope ====“ aktuell
• 13:0313:03, 3. Jun. 2025 Unterschied Versionen +400 N Translations:Digital Operational Resilienec Act (DORA)/16/en Die Seite wurde neu angelegt: „DORA applies to all financial entities within its scope, regardless of their size or structure. Local-level limitation of scope is not possible. Definitions such as "critical services" and "essential services" cannot be modified. If a company is affected, it applies to the entity in its entirety, including any subsidiaries or ancillary operations (in theory, even company-run childcare facilities).“ aktuell
• 13:0313:03, 3. Jun. 2025 Unterschied Versionen +182 N Translations:Digital Operational Resilienec Act (DORA)/15/en Die Seite wurde neu angelegt: „Microenterprises (i.e. financial entities with fewer than ten employees and an annual turnover or balance sheet total not exceeding EUR 2 million) are widely exempt from obligations.“ aktuell
• 13:0313:03, 3. Jun. 2025 Unterschied Versionen +677 N Translations:Digital Operational Resilienec Act (DORA)/14/en Die Seite wurde neu angelegt: „Entities falling outside the scope of DORA under Article 2(3) include: (a) alternative investment fund managers referred to in Article 3(2) of Directive 2011/61/EU, (b) insurance and reinsurance undertakings under Article 4 of Directive 2009/138/EC, (c) institutions for occupational retirement provision operating pension schemes with fewer than 15 active members, (d) natural or legal persons exempted under Articles 2 and 3 of Directive 2014/65/EU, (e) ins…“ aktuell
• 13:0313:03, 3. Jun. 2025 Unterschied Versionen +16 N Translations:Digital Operational Resilienec Act (DORA)/13/en Die Seite wurde neu angelegt: „'''Exemptions'''“ aktuell
• 13:0313:03, 3. Jun. 2025 Unterschied Versionen +161 N Translations:Digital Operational Resilienec Act (DORA)/12/en Die Seite wurde neu angelegt: „The regulation also covers companies that provide IT services to financial entities (so-called “ICT third-party service providers”), such as cloud providers.“ aktuell
• 13:0213:02, 3. Jun. 2025 Unterschied Versionen +1.087 N Translations:Digital Operational Resilienec Act (DORA)/11/en Die Seite wurde neu angelegt: „DORA applies to the activities listed in Article 2(1)(a) to (t) DORA (so-called “financial entities”). These include (a) credit institutions, (b) payment institutions, including those exempted under Directive (EU) 2015/2366, (c) account information service providers, (d) electronic money institutions, including those exempted under Directive 2009/110/EC, (e) investment firms, (f) crypto-asset service providers authorised under the so-called “Markets…“ aktuell
• 13:0213:02, 3. Jun. 2025 Unterschied Versionen +35 N Translations:Digital Operational Resilienec Act (DORA)/10/en Die Seite wurde neu angelegt: „==== Personal / Material Scope ====“ aktuell
• 13:0213:02, 3. Jun. 2025 Unterschied Versionen +11 N Translations:Digital Operational Resilienec Act (DORA)/9/en Die Seite wurde neu angelegt: „== Scope ==“ aktuell
• 13:0213:02, 3. Jun. 2025 Unterschied Versionen +647 N Translations:Digital Operational Resilienec Act (DORA)/8/en Die Seite wurde neu angelegt: „In relation to the NIS2 Directive, DORA takes a special position as, according to Recital 16 DORA, it is considered lex specialis and thus takes precedence over the NIS2 Directive. This precedence means that DORA provisions are primarily applicable to financial entities. In areas where the NIS2 Directive provides more specific rules than DORA, these NIS2 provisions apply in addition to DORA. The implementation of DORA and transposition of NIS2 legislation…“ aktuell
• 13:0213:02, 3. Jun. 2025 Unterschied Versionen +78 N Translations:Digital Operational Resilienec Act (DORA)/7/en Die Seite wurde neu angelegt: „Delegated Regulation (EU) 2024/1774 of 13 March 2024 further supplements DORA.“ aktuell
• 13:0213:02, 3. Jun. 2025 Unterschied Versionen +690 N Translations:Digital Operational Resilienec Act (DORA)/6/en Die Seite wurde neu angelegt: „Alongside DORA, Directive 2022/2556 on digital operational resilience in the financial sector (“DORA Directive”)<ref>Directive (EU) 2022/2556 of the European Parliament and of the Council of 14 December 2022 amending Directives 2009/65/EC, 2009/138/EC, 2011/61/EU, 2013/36/EU, 2014/59/EU, 2014/65/EU, (EU) 2015/2366 and (EU) 2016/2341 on digital operational resilience in the financial sector, OJ L 2022/333, 153.</ref> and Directive (EU) 2022/2557 on the…“ aktuell
• 13:0213:02, 3. Jun. 2025 Unterschied Versionen +362 N Translations:Digital Operational Resilienec Act (DORA)/5/en Die Seite wurde neu angelegt: „The DORA Regulation (Digital Operational Resilience Act) is a comprehensive regulation on digital resilience, specifically developed for the financial sector of the European Union. It complements existing regulations and builds on established concepts such as information security, data protection, and risk management to strengthen resilience against ICT risks.“ aktuell
• 13:0213:02, 3. Jun. 2025 Unterschied Versionen +18 N Translations:Digital Operational Resilienec Act (DORA)/4/en Die Seite wurde neu angelegt: „== Introduction ==“ aktuell
• 13:0013:00, 3. Jun. 2025 Unterschied Versionen +659 N Translations:Digital Operational Resilienec Act (DORA)/3/en Die Seite wurde neu angelegt: „{| class="wikitable" |+ !Objectives !Scope of Application !Content !Synergy !Consequences |- |Strengthening operational resilience in the financial sector |Financial institutions |Management of ICT risks and incidents |NIS2 Directive |Nationally defined administrative fines against financial institutions<ref>DORA Implementation Act (DORA-VG) https://www.parlament.gv.at/gegenstand/XXVII/I/2596.</ref> |- | |ICT service providers |Testing digital operational…“ aktuell
• 13:0013:00, 3. Jun. 2025 Unterschied Versionen +6 Translations:Digital Operational Resilienec Act (DORA)/2/en Keine Bearbeitungszusammenfassung aktuell
• 13:0013:00, 3. Jun. 2025 Unterschied Versionen +7 N Translations:Digital Operational Resilienec Act (DORA)/2/en Die Seite wurde neu angelegt: „Summary“
• 13:0013:00, 3. Jun. 2025 Unterschied Versionen +77 N Translations:Digital Operational Resilienec Act (DORA)/1/en Die Seite wurde neu angelegt: „|Citation=OJ L 2022/333, 1|Applicable from=17 January 2025|Valid=applicable}}“ aktuell
• 12:5812:58, 3. Jun. 2025 Unterschied Versionen +831 Digital Operational Resilienec Act (DORA) Diese Seite wurde zum Übersetzen freigegeben aktuell
• 12:5712:57, 3. Jun. 2025 Unterschied Versionen +15 N Translations:Network and Information Security Directive (NIS2-RL)/198/en Die Seite wurde neu angelegt: „=== Sources ===“ aktuell
• 12:5712:57, 3. Jun. 2025 Unterschied Versionen +18 N Translations:Network and Information Security Directive (NIS2-RL)/196/en Die Seite wurde neu angelegt: „=== Commentary ===“ aktuell
• 12:5712:57, 3. Jun. 2025 Unterschied Versionen +25 N Translations:Network and Information Security Directive (NIS2-RL)/194/en Die Seite wurde neu angelegt: „=== Collected Volumes ===“ aktuell
• 12:5712:57, 3. Jun. 2025 Unterschied Versionen +26 N Translations:Network and Information Security Directive (NIS2-RL)/192/en Die Seite wurde neu angelegt: „=== Introductory Works ===“ aktuell
• 12:5612:56, 3. Jun. 2025 Unterschied Versionen −359 Network and Information Security Directive (NIS2-RL)/en Die Seite wurde neu angelegt: „Note: Alerts forwarded to the operator do not qualify as formal reports under § 34 NISG<ref>S. 21</ref>.“
• 12:5612:56, 3. Jun. 2025 Unterschied Versionen +662 N Translations:Network and Information Security Directive (NIS2-RL)/125/en Die Seite wurde neu angelegt: „The company NisExperts AG is an IT service provider based in Styria, employing 66 staff members and recording an annual balance sheet total of nine million euros. NisExperts AG operates several data centers that host the IT infrastructure for multiple Austrian hospitals and the control system of a major Styrian network operator. On Friday afternoon at 4:00 p.m., the Security Operations Center (SOC) of NisExperts AG detects an unusually high number of requ…“ aktuell
• 12:5612:56, 3. Jun. 2025 Unterschied Versionen +204 N Translations:Network and Information Security Directive (NIS2-RL)/123/en Die Seite wurde neu angelegt: „In addition, [https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L_202402690 Implementing Regulation (EU) 2024/2690] defines what constitutes a significant cybersecurity incident for certain entities.“ aktuell
• 12:5412:54, 3. Jun. 2025 Unterschied Versionen +17 N Translations:Network and Information Security Directive (NIS2-RL)/92/en Die Seite wurde neu angelegt: „Main aspects are:“ aktuell
• 12:5412:54, 3. Jun. 2025 Unterschied Versionen +14 N Translations:Network and Information Security Directive (NIS2-RL)/82/en Die Seite wurde neu angelegt: „These include:“ aktuell
• 12:5312:53, 3. Jun. 2025 Unterschied Versionen −678 Network and Information Security Directive (NIS2-RL)/en Die Seite wurde neu angelegt: „The regulation of risk management measures under NIS2 follows a risk-based and proportionate approach<ref>https://www.handelsverband.at/fileadmin/content/Presse_Publikationen/Presseaussendungen/2024/03_Mar/2024-03_HV_NIS2-Leitfaden_extra.pdf</ref>. Companies must consider the following factors when implementing security measures:“
• 12:5312:53, 3. Jun. 2025 Unterschied Versionen −678 Translations:Network and Information Security Directive (NIS2-RL)/4/en Keine Bearbeitungszusammenfassung aktuell
• 12:5112:51, 3. Jun. 2025 Unterschied Versionen −1.691 Network and Information Security Directive (NIS2-RL)/en Die Seite wurde neu angelegt: „=== Overlaps ===“
• 12:5112:51, 3. Jun. 2025 Unterschied Versionen +22 N Translations:Network and Information Security Directive (NIS2-RL)/190/en Die Seite wurde neu angelegt: „=== Focus articles ===“ aktuell
• 12:5112:51, 3. Jun. 2025 Unterschied Versionen +25 N Translations:Network and Information Security Directive (NIS2-RL)/188/en Die Seite wurde neu angelegt: „=== Overview articles ===“ aktuell
• 12:5012:50, 3. Jun. 2025 Unterschied Versionen +21 N Translations:Network and Information Security Directive (NIS2-RL)/187/en Die Seite wurde neu angelegt: „== Further Reading ==“ aktuell