Certified DORA Practitioner

The "Certified DORA Practitioner" advanced training programme is tailored to equip highly involved and experienced professionals with the skills and knowledge required for the practical implementation of the Digital Operational Resilience Act (DORA) within their organisations. The training will deepen the understanding of DORA's regulatory framework, focusing on advanced techniques for ensuring compliance and enhancing digital operational resilience. This program will include practical exercises, case studies, and a final MCQ exam to certify the participants' competencies as DORA practitioners.

This advanced training aims to build upon the foundational knowledge of DORA, focusing on the practical aspects of implementing its requirements. Participants will discuss advanced risk management, security strategies, business continuity and disaster recovery planning, resilience testing, third-party risk management, and effective information sharing. Through workshops, case studies, and hands-on exercises, attendees will develop a comprehensive strategy for DORA compliance that aligns with their organisation's specific needs.

Participants will:

• Gain an in-depth understanding of the DORA regulatory framework and its application in real-world scenarios.
• Develop advanced skills in ICT risk assessment, mitigation strategies, and security measures.
• Master the intricacies of business continuity, disaster recovery planning, and incident management in alignment with DORA.
• Learn to design and plan advanced resilience tests tailored to DORA standards, including penetration testing and red teaming.
• Enhance their ability to manage third-party risks and foster effective information sharing.
• Prepare to audit, implement, and ensure compliance with DORA regulations effectively.

Day 1: Advanced ICT Risk Management and Security Measures

• Deep dive into DORA's risk management framework, focusing on advanced assessment and mitigation strategies.
• Advanced security measures, including cybersecurity defences and response strategies.
• Workshop: Designing and implementing a comprehensive ICT risk management framework.

Day 2: Business Continuity, Disaster Recovery, and Incident Management

• Advanced strategies for business continuity and disaster recovery planning.
• Deepening knowledge of DORA's incident management, classification and reporting requirements, focusing on escalation, response, and recovery processes.
• Simulation exercise: Responding to a cybersecurity incident and managing the recovery process.

Day 3: Resilience Testing and Third-Party Risk Management

• Advanced resilience testing methodologies, planning, and analysis.
• Strategies for identifying, assessing, and mitigating third-party risks in compliance with DORA.
• Group activity: Build a resilience testing plan.

Day 4: Information Sharing, Revision, and MCQ Examination

• Enhancing mechanisms for information sharing within the financial sector.
• Review session: Revisiting key concepts and strategies discussed during the training.
• Final MCQ exam to assess participants' understanding and readiness to implement DORA.

The program is designed explicitly for mid- to senior-level professionals managing and securing ICT systems, driving and/or designing tests, and managing ICT third-party risk management and governance within the financial sector. This includes:

• ICT Managers
• Security Managers
• Information Security Officers
• Cybersecurity Specialists
• Network Security Engineers
• Business Continuity Managers
• Disaster Recovery Specialists
• Risk Management Professionals
• ICT/Security Architects
• IT Project Managers

This training will empower them with the advanced skills required to implement and manage DORA's regulations, enhancing their organisations' digital operational resilience.

Educational Background:

A general knowledge and understanding of the concepts of Information Security, Business Continuity, and ICT Governance principles.

Professional Experience:

At least three (3) years of professional experience in one or more of the following areas: Information Security, Business Continuity Management, or ICT Governance.

The knowledge acquired in the seminar will be validated through an examination. The examination will be held in English and is based on a MCQ questionnaire. The required passing rate is 60%.