Board Training DORA
Level 1

Board Training DORA / Level 1

Lesson_DORA_EN

Cyber Guru DORA

The training course on the EU DORA regulation is designed to provide knowledge and managerial skills aimed at ICT (Information and Communication Technologies) risk management, operational continuity, and regulatory compliance, with particular attention to incident prevention and response, supervision of third-party ICT service providers, and the “impact of emerging technologies such as Cloud and Artificial Intelligence. The course is aimed at entities obligated by the DORA regulation, such as financial institutions, critical ICT providers, and other actors in the” financial ecosystem.

SECTION I

REGULATORY FRAMEWORK
9 Lessons

SECTION II

CYBER RISKS

5 Lessons

 

SECTION III

CYBER ATTACKS

4 Lessons

 

SECTION IV

CYBER CASES

4 Lessons

SECTION I – REGULATORY FRAMEWORK

LESSON 1 – THE REGULATORY CONTEXT
This lesson explains how the regulatory framework that led to the “introduction of the DORA Regulation has evolved. It illustrates the concept of digital operational resilience applied to the financial sector, focusing on the” importance of the security of technological infrastructures (ICT) and the need to harmonize regulations among EU member states.

SECTION I – REGULATORY FRAMEWORK

LESSON 2 – OBJECTIVES AND SCOPE OF APPLICATION
This lesson explains how the DORA Regulation aims to ensure continuity and security of European financial services by defining common rules for managing digital risks. It illustrates the entities involved, the measures envisaged, and the principle of proportionality that governs the application to different financial entities.

SECTION I – REGULATORY FRAMEWORK

LESSON 3 – ICT RISK MANAGEMENT
This lesson explains how the DORA Regulation requires financial entities to integrate ICT risk management into corporate governance. It describes the tasks of top management, strategic and operational requirements to ensure digital resilience, including incident response and operational continuity.

SECTION I – REGULATORY FRAMEWORK

LESSON 4 – MANAGEMENT, CLASSIFICATION AND REPORTING OF ICT RISKS
This lesson explains how financial entities should behave in the face of ICT incidents. It starts from detection, moves on to classification based on severity and impact, up to mandatory notification according to European regulatory thresholds. It also clarifies the management of cases where DORA and NIS2 obligations overlap.

SECTION I – REGULATORY FRAMEWORK

LESSON 5 – DIGITAL OPERATIONAL RESILIENCE TESTING
This lesson explains how financial entities must organize periodic digital resilience tests to assess their ability to respond to cyber attacks. The tests include technical analyses and realistic simulations, managed by independent entities, and serve to identify vulnerabilities and implement corrective measures.

SECTION I – REGULATORY FRAMEWORK

LESSON 6 –MANAGEMENT OF ICT THIRD-PARTY RISKS
This lesson explains how financial entities must manage ICT risks associated with third-party providers. The DORA regulation imposes high standards for selection, monitoring, and contracting, as well as establishing obligations for transparency and collaboration with European supervisory authorities.

SECTION I – REGULATORY FRAMEWORK

LESSON 7 – SANCTIONS
This lesson explains how authorities, in case of DORA violations, can apply economic and operational sanctions. These range from fines and remediation plans to suspension of activities or personal liability of managers. The sanctions system also has reputational effects.

SECTION I – REGULATORY FRAMEWORK

LESSON 8 – DELEGATED REGULATIONS
This lesson explains how the EU delegated regulations define the fundamental technical and procedural aspects for implementing DORA. It addresses criteria for classifying incidents, guidelines on contracts with ICT providers, and standards for risk management and “identification of critical providers.”

SECTION I – REGULATORY FRAMEWORK

LESSON 9 –IMPLEMENTING RULES
This lesson explains how the implementation of DORA is supported by European and national regulations, including Directive 2022/2556 and Legislative Decree. 23/2025. It defines the powers of Italian authorities, the criteria for sanctioning violations, and the responsibilities of administrators and managers in case of non-compliance.

SECTION II – CYBER RISKS

LESSON 1 – CYBER RISK
Cyber risk management, an integral part of business activities, requires assessing and mitigating risks arising from digital vulnerabilities intentionally exploited by malicious actors. Risk reduction is based on two dimensions: lowering the probability of an attack through prevention and awareness, and limiting the impact through resilient assets and technological best practices.

SECTION II – CYBER RISKS

LESSON 2 – CYBER RISK ANALYSIS
Risk analysis is fundamental for understanding threats, probabilities, and impacts, and defining countermeasures. Following standards like ISO or NIST, it is articulated in six phases: identifying the context and risks, analyzing them, defining priorities, preparing responses, and continuously monitoring. The main output is the Risk Register, which maps cyber and non-cyber risks, essential for multi-risk security strategies as required by DORA.

SECTION II – CYBER RISKS

LESSON 3 – RISK MEASUREMENT
Risk assessment involves “analyzing the probability and impact of an adverse event to make informed decisions. Analyses can be qualitative, simpler but subjective, or quantitative, more complex but precise and useful for justifying mitigation investments. Measuring risk helps choose the best treatment strategies, reducing” uncertainty and overcoming biases related to personal perception.

SECTION II – CYBER RISKS

LESSON 4 – SECURITY CONTROLS
Security incident management is based on analyzing logs generated by digital infrastructures to identify and prevent critical situations. The Security Operations Center (SOC) processes alerts through a structured operational flow articulated in three phases: preliminary analysis, detailed analysis, and definition of containment and remedy actions. The use of Artificial Intelligence (AI) helps reduce false positives, improving operational efficiency.

SECTION II – CYBER RISKS

LESSON 5 – THE DAMAGE
The “impact represents the damage caused by an adverse event, classifiable as direct, civil liability, indirect, and consequential. In cyber risk, damages are distinguished between own (business interruption, system restoration, incident management) and third-party (litigation, data breaches). While material damages are more easily estimable, immaterial ones require complex assessments.”

SECTION III – CYBER ATTACKS

LESSON 1 – THE DYNAMICS OF AN ATTACK
The dynamics of cyber risk follow a model where a threat exploits a vector and a technique to target a vulnerability, generating damage. Understanding threats, vectors, and techniques is crucial: threats range from individuals to complex organizations; vectors include email, malicious apps, or botnets; techniques vary from phishing to malware. Email is the most common vector, while botnets, composed of compromised devices, are used for attacks like DDoS.

SECTION III – CYBER ATTACKS

LESSON 2 – MAIN ATTACK TECHNIQUES
Cyber attack techniques include malware, vulnerability exploitation, and Distributed Denial of Service (DDoS) attacks. Malware, including zero-days, exploits unknown vulnerabilities, while vulnerabilities exposed on the Internet allow data theft and privileged access, often through social engineering. DDoS attacks overload infrastructures or applications, rendering them unusable.

SECTION III – CYBER ATTACKS

LESSON 3 – VULNERABILITIES
Vulnerabilities represent a risk only if they are not mitigated by technical or procedural controls. Their lifecycle goes through four phases: discovery, disclosure, countermeasure identification, and application, with the first two being particularly critical. Effective vulnerability management requires an industrialized process, based on constant updates, complete asset inventories, and a priority-based strategy.

SECTION III – CYBER ATTACKS

LESSON 4 – SECURITY INCIDENTS
Security incident management is based on “analyzing logs produced by digital infrastructures, used to identify and prevent critical situations. The Security Operation Center (SOC) processes alerts through an operational flow articulated in three phases: preliminary analysis, detailed analysis, and definition of containment and remedy actions. The” use of “Artificial Intelligence reduces false positives, improving” efficiency.

SECTION IV – CYBER CASES

LESSON 1 – CEO FRAUD
A cybercriminal compromises or falsifies the CEO’s or another Board member’s email and sends an urgent email to the CFO or a financial executive, ordering a wire transfer of millions of euros to a foreign account.

SECTION IV – CYBER CASES

LESSON 2 – RANSOMWARE ATTACK WITH EXTORTION
A leading company in the energy sector suffers a ransomware attack that blocks IT systems and paralyzes operations. The criminals threaten to publish sensitive Board data if the ransom is not paid.

SECTION IV – CYBER CASES

LESSON 3 – SUPPLY CHAIN ATTACK
A cloud service provider used by the company suffers an attack. Hackers use its credentials to access confidential data of the Board and strategic clients.

SECTION IV – CYBER CASES

LESSON 4 – DATA BREACH
A targeted attack steals financial and personal data of Board members. The press becomes aware of it, and the company suffers reputational damage, in addition to risks for non-compliance with DORA and GDPR.

More

Want to Know more?

Do You Want to Know More