
Information security and DORA
- Board members and managing directors of financial companies
- CISO and Compliance officer in Germany
805,-€
-
With the seminar, you will receive a certificate as proof of your expertise
(e.g. for submission to BaFin) -
Tasks of the Information Security Officer
-
Risk analysis to determine the need for IT protection
-
Ongoing monitoring duties of the Information Security Officer
Save the Dates
Programm
-
9.15 am – 1.00 pm
Tasks of the Information Security Officer
Overview of the range of tasks: interlocking IT strategy, information security and information risk management
Efficient communication and interface management with outsourcing, data protection and compliance officers
You need to know these “red lines”: Minimum requirements from DORA and regulatory requirements such as BAIT.
Introduction of the information security guideline with processes for identification, protection, detection, response and recovery
Establishment of an audit-proof management reporting system
Risk analysis to determine the need for IT protection
Risk analysis in information management
Implementation of the qualitatively tightened risk analysis on the basis of uniform scoring criteria
Assessment of the need for protection with regard to the goals of Integrity, availability, confidentiality and authenticity
Benchmarks for drawing up the catalogue of target measures and deriving the risk-reducing measures
Steering and control activities and their implementation
S+P Tool Box
- Organisational handbook for the Information Security Guideline (Length approx. 30 pages)
- Sample reporting for Information Security Officer
- S+P Tool Risk Assessment: Determination of IT protection needs
Information security
-
2.00 pm – 5.00 pm
Ongoing monitoring duties of the information security officer
New requirements for monitoring, control and reporting obligations
The focus on agility places high demands on user Authorisation management
Ad hoc reporting on significant IT projects and
IT project risks to the management
Mapping of significant project risks in risk management
New requirements for control and reporting obligations of the IT service provider and the outsourcing officer
Establish appropriate processes for IT application development
Delimit outsourcing and other external procurement of IT services in an auditable manner
Data protection concept of the ISB versus deletion concept of the DPO

