How does DORA apply in the UK? Although the Digital Operational Resilience Act (DORA) is an EU regulation, its influence will extend beyond EU borders—particularly into the UK financial sector. Given the UK’s strong financial ties with Europe, many firms operating in or interacting with EU markets will need to align with DORA’s standards to […]
24
Oct
Oct
Achieving compliance with the Digital Operational Resilience Act (DORA) may seem challenging, but with the right approach, your organisation can meet the requirements while also enhancing operational resilience. Below is a step-by-step guide that breaks down the compliance process, ensuring you cover all essential areas and keep your business on the right track. DORA Regulatory […]
24
Oct
Oct
What is DORA and How Does it Differ from Existing Risk Management Frameworks? Well, DORA goes beyond traditional compliance frameworks by requiring organisations to embed ICT risk management into the core of their financial operations. Few frameworks focus on the importance of “integration” and this makes all the difference. What do you need to integrate? […]
20
May
May
Navigating the Treacherous Landscape of Security Risks In today’s fast-paced digital world, the adoption of cloud services has become a necessity rather than a luxury for businesses and individuals alike. The convenience and scalability that cloud computing offers are hard to match by traditional on-premises IT infrastructure. However, with great power comes great responsibility – […]
18
Apr
Apr
Understanding SAMA’s Cyber Security Framework Due to the increasing ubiquity of cyber-attacks, the financial sector of Saudi Arabia has realised the need to strengthen its defences or risk untold losses. As a result, the Saudi Arabian Monetary Authority set about creating the SAMA Cyber Security Framework. This guide will walk you through what the framework […]
16
Apr
Apr
Trying to understand DORA? Think of it like this: The Digital Operational Resilience Act (DORA) sets a clear framework of regulatory technical standards to ensure that financial institutions and their ICT service providers remain resilient against cyber threats, technology failures and other operational risk oversights. With the growing dependence on technology, the ability to maintain […]
20
Mar
Mar
AI in Simple Terms At its core, AI is simply software that can ‘think’, ‘learn’, and ‘make’ decisions – somewhat like we humans do. AI systems aren’t programmed in the traditional way – but instead, and to an extent, program themselves. Generative AI is a specific type of AI that can generate content that didn’t […]
19
Mar
Mar
EU Cyber Resilience Act The Cyber Resilience Act (CRA) exists to bolster cyber security for the EU. But it has not been without controversy. Many open-source organisations have criticised the act for creating ‘a chilling effect on open-source development.’ The proposal spells out defence and resilience on several fronts. One is to protect consumers […]
18
Dec
Dec
Risk Rating: CRITICAL CVSS Score: 9.8 Vulnerability Type: Remote Code Execution (RCE) CVE Identifier: CVE-2023-50164 Exploitation Status: Actively exploited. Affected Version: Struts 2.0.0-2.3.37(EOL), 6.0.0-6.3.0.1, 2.0.0-2.5.32. Link: Apache.org Introduction Recently discovered, CVE-2023-50164 reveals a critical flaw in Apache Struts that could allow hackers to execute code remotely by manipulating file upload settings. Actively exploited, this poses an […]
14
Sep
Sep
You know that feeling when you walk into an office, and it looks like a hurricane just blew through? Papers litter the area, sticky notes cling to computer monitors like colourful barnacles, and chaos fills the air. The implications of these might seem obvious but they pose greater problems — Information and Cyber Security Risks. […]