Autoplay
Autocomplete
Previous Lesson
Complete and Continue
DORA - Digital Operational Resilience Act Complete Training
Introduction to DORA
DORA Course Introduction - What we will cover? (4:48)
Foundations and Strategic Context
Welcome, Orientation, and How to Use This Course for Real Implementation (9:06)
The EU Digital Operational Resilience Act (DORA) in Context: Why It Matters (8:47)
Understanding DORA and Key Provisions (11:14)
DORA Implementation Journey (9:27)
Scope and Applicability: Determining If and How DORA Applies to You (13:46)
Regulatory Landscape Crosswalk: DORA, NIS2, GDPR, PSD2, and Beyond (11:51)
Governance and Management Body Responsibilities (Articles 5–6)
Accountability at the Top: Management Body Roles Under DORA (9:29)
Building a Governance Model and Oversight Committee for Resilience (11:43)
Embedding ICT Risk in Enterprise Risk Management (ERM) Structures (11:20)
ICT Risk Management Framework (Articles 6–14)
Designing a DORA-Compliant ICT Risk Management Framework (10:55)
Cyber Threats on ICT and the Financial Sector (10:38)
ICT Asset Inventory and Dependency Mapping in Practice (18:00)
Preventive, Detective, and Corrective Controls – Building Defense in Depth (12:59)
Detection Capabilities: SOC, SIEM, and UEBA for DORA Compliance (11:20)
Incident Response and Recovery Planning with Measurable RTO/RPO (11:37)
Post-Incident Learning and Continuous Improvement Loops (11:09)
Crisis Communication Plans: Internal and External Messaging Under Pressure (11:07)
Testing ICT Risk Management Controls – Audits, Pen Tests, and Simulations (12:46)
Integrating Third-Party Risks into the ICT Risk Framework (9:45)
ICT-Related Incident Classification and Reporting (Articles 15–20)
Defining and Classifying Major ICT Incidents Under DORA (12:16)
Reporting Timelines and Regulatory Notification Workflows (12:25)
Templates and Playbooks for Incident Reports (13:16)
Near-Miss Management and Minor Incident Tracking (8:58)
Post-Mortem Workshops and Regulatory Feedback Integration (15:17)
Digital Operational Resilience Testing (Articles 21–24)
Designing a Multi-Year Digital Operational Resilience Testing (DORT) Program (11:47)
Threat-Led Penetration Testing (TLPT) Aligned with TIBER-EU (13:45)
Scenario-Based and Crisis Simulation Testing Across Departments (15:35)
Testing Third-Party Resilience and Recovery Capabilities (11:07)
ICT Third-Party Risk Management (Articles 25–39)
Critical vs. Non-Critical ICT Service Providers – Risk Classification (12:14)
DORA-Compliant Contract Clauses and SLA Requirements (13:07)
Maintaining the Third-Party Contract Register (13:08)
Ongoing Monitoring and Exit Strategy Planning for Vendors (11:20)
Cloud Service Provider Oversight Under DORA (12:10)
Information Sharing and Threat Intelligence (Articles 40–41)
Safe-Harbor Information Sharing Under DORA (12:49)
Building or Joining an Information Sharing Arrangement (ISA) (12:29)
Operationalizing Threat Intelligence for Proactive Defense (10:53)
Implementation, Continuous Monitoring, and Audit
Performing a DORA Gap Analysis and Maturity Assessment (10:31)
Developing a Roadmap and Project Plan for Compliance (9:19)
Continuous Monitoring KPIs and KRIs for Operational Resilience (9:05)
Internal Audit Programs for Ongoing Assurance (9:08)
Preparing for Regulator Inspections and Supervisory Reviews (12:26)
Enforcement, Lessons Learned, and Staying Ahead
Understanding DORA Penalties and Enforcement Trends (14:09)
Maintaining Compliance Post-Implementation – Beyond 2025 (11:42)
Case Studies
Case Studies from EU Financial Institutions (13:55)
Full DORA Implementation Simulation – From Risk Register to Regulator Report (12:42)
Hands-On Lab: Running a DORA Incident Tabletop Exercise (12:15)
Hands-On Lab: Creating a Third-Party Risk Register (7:31)
DORA Compliance
Final Review, Self-Assessment, Next Steps toward Preparation (9:46)
Internal Audit Programs for Ongoing Assurance
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock