REMINDER: The deadline to apply for the #SSSA2024ScholarshipProgram in May 1st. For more information on the requirements and how to apply, click the link: https://lnkd.in/gcgWYJmV
Southern States Sign Association Official’s Post
More Relevant Posts
-
I'm interested in the views of DORA practitioners on the requirements for mapping. My question is, are practitioners interpreting the regulations and mapping all ICT assets from the get go? Or do you think there is some flexibility, linked to proportionality, that firms could first prioritise mapping the CIFs to the required level of detail in the transition period, and then moving to a more complete picture over time (with a lighter touch on mapping non-critical ICT assets)? Cases for the prosecution and defence are below.... 👇 There are three clauses in the Regulation (2022/2554) and a published response in the RTS regarding mapping and the ICT RMF, which I've included below. The first two clauses (Art. 6, Paragraph 2 and Art. 8 paragraph 1) clearly outline the requirement to map all ICT assets, however the third clause (Art. 8, paragraph 4) suggests a requirement to identify all assets, yet only to map critical assets to the depth and granularity of hardware and networks. There is also a response from ESAs buried deep on p125 of the ICT Risk Framework Regulatory Technical Standards (JC_2023_86). The response, whilst suggesting that firms should include all ICT assets in the ICT RMF by stating that only including ICT assets that support CIFs would leave a firm potentially vulnerable. However, it also infers some flexibility, based on proportionality, for firms wishing to follow their own approach. #DORA #operationalresilience #digitaloperationalresilience
To view or add a comment, sign in
-
IT Director | CISO | Program/Project Manager | IT Transformation | IT Strategy | IT Change Management | Technology Consultant | NED | Interim |
Hey Dan, Going with other views already shared .. it is ambigous and obviously depends on size and complexity of ICT infrastructure and risk profile but in practice, a balanced approach might be the most pragmatic. Given the emphasis on proportionality in the ESAs' response, you would initially focus on mapping critical assets to ensure compliance with the crucial aspects of DORA. Then a phased approach to gradually include all ICT assets, thereby aligning with the comprehensive requirements over time.
I'm interested in the views of DORA practitioners on the requirements for mapping. My question is, are practitioners interpreting the regulations and mapping all ICT assets from the get go? Or do you think there is some flexibility, linked to proportionality, that firms could first prioritise mapping the CIFs to the required level of detail in the transition period, and then moving to a more complete picture over time (with a lighter touch on mapping non-critical ICT assets)? Cases for the prosecution and defence are below.... 👇 There are three clauses in the Regulation (2022/2554) and a published response in the RTS regarding mapping and the ICT RMF, which I've included below. The first two clauses (Art. 6, Paragraph 2 and Art. 8 paragraph 1) clearly outline the requirement to map all ICT assets, however the third clause (Art. 8, paragraph 4) suggests a requirement to identify all assets, yet only to map critical assets to the depth and granularity of hardware and networks. There is also a response from ESAs buried deep on p125 of the ICT Risk Framework Regulatory Technical Standards (JC_2023_86). The response, whilst suggesting that firms should include all ICT assets in the ICT RMF by stating that only including ICT assets that support CIFs would leave a firm potentially vulnerable. However, it also infers some flexibility, based on proportionality, for firms wishing to follow their own approach. #DORA #operationalresilience #digitaloperationalresilience
To view or add a comment, sign in
-
Yes, please have a look at the description of the regulation of #BNetzA about §14a and TR-03109-5 of #BSI. The requirements are basically about functional and IT security requirements for the control interface and documentation obligations. Both are fulfilled by the use of #EEBUS.
To view or add a comment, sign in
-
Helping CISOs, IT & IoT teams with TLS & PKI Certificate Management. Let me show you how I can streamline your operations, reduce risk of data breaches, and minimize expensive outages or downtime.
Entrust distrust on your mind? Don’t worry– I’ve got you with HID Enterprise SSL-as-a-Service: https://ow.ly/qVwY30sERuV Discover the HID difference with a TLS/SSL provider that prioritizes compliance and adheres to all CA/B Forum requirements to establish higher trust. Message me if you’d like to chat further. #SSLProvider #DigitalCertificates #EntrustAlternative #CertificateProvider
To view or add a comment, sign in
-
Check out the latest updates for the South Central Climate Resilience Forum!
🚨 See below for important #SCCRF2024 updates:
To view or add a comment, sign in
-
Entrust distrust on your mind? Don’t worry– I’ve got you with HID Enterprise SSL-as-a-Service: https://ow.ly/rHR430sFvCQ Discover the HID difference with a TLS/SSL provider that prioritizes compliance and adheres to all CA/B Forum requirements to establish higher trust. Message me if you’d like to chat further. #SSLProvider #DigitalCertificates #EntrustAlternative #CertificateProvider
To view or add a comment, sign in
-
Entrust distrust on your mind? Don’t worry– I’ve got you with HID Enterprise SSL-as-a-Service: https://ow.ly/k2WX30sELXH Discover the HID difference with a TLS/SSL provider that prioritizes compliance and adheres to all CA/B Forum requirements to establish higher trust. Message me if you’d like to chat further. #SSLProvider #DigitalCertificates #EntrustAlternative #CertificateProvider
To view or add a comment, sign in
-
Calling all QSA Companies 27k1 Ltd's ROC Management System (RMS) helps you make better use of your resources and time. What makes more sense? 1. Have each of your QSAs complete section 1.1 of the ROC template (and the same for the supporting AOCs) for every level 1 PCI DSS v4.0 assessment. Or, 2. Complete this static information once and automatically apply it to every level 1 PCI DSS v4.0 assessment. #pcidss #pcidssv4 #worksmarternotnarder #digitalisation
To view or add a comment, sign in
-
You too can be a standards expert! In this session by Frédéric Desbiens from the Eclipse Foundation you’ll learn about the major organisations shaping international standards, such as ISO, IEC, ISO/IEC JTC 1, IEEE, and W3C. Register for #OCX24 now! https://hubs.la/Q02M8ZLB0
To view or add a comment, sign in
506 followers