PILLAR 3: DIGITAL OPERATIONAL RESILIENCE TESTING 

​

Nemesis BAS allows organizations to continually test scenarios that can impact their cyber security posture, and assist in their vulnerability assessments in accordance with Articles 24 and 25. Persistent Security Industries covers articles 26 and 27 as part of the consulting branch. 

​

Practically Persistent Security Industries can assist with the following tests:
 

• vulnerability assessments and scans

• open source analyses

• network security assessments

• gap analyses

• physical security reviews

• questionnaires and scanning software solutions

• source code reviews where feasible

• scenario-based tests

• compatibility testing

• performance testing 

• end-to-end testing 

• penetration testing

 

For more information download our DORA brochure on top of this page.

​​​

PILLAR 2: ICT RISK MANAGEMENT 

​

Nemesis is a Breach and Attack Simulation software which allows you to simulate the scenarios commonly used by Threat Actors and scenarios based on threat intelligence in accordance with Articles 9, 10 and 16.

For more information download our DORA Brochure here.

​

As written in Article 9 of DORA: Protection and Prevention
 

"For the purposes of adequately protecting ICT systems and with a view to organizing response measures, financial entities shall continuously monitor and control the security and functioning of ICT systems and tools and shall minimize the impact of ICT risk on ICT systems through the deployment of appropriate ICT security tools, policies and procedures."

​

 

As written in Article 10 of DORA: Detection 
 

"To detect anomalous activities, ICT network performance issues and ICT-related incidents, financial entities shall implement detection mechanisms allowing them to collect, monitor and analyze all of the following:

(i) internal and external factors
(ii) potential internal and external cyber threats, considering scenarios commonly used by threat actors and scenarios based on threat intelligence activity
(iii) ICT-related incident notification from an ICT third-party service provider of the financial entity detected in the ICT systems and networks of the ICT third-party service provider and which may affect the financial entity.

​

As written in the ESA Guidelines Article 36 in accordance to DORA Article 16 : Simplified ICT risk management framework

 

"Financial entities shall establish and implement an ICT security testing plan to validate the effectiveness of their ICT security measures and ensure that this plan considers threats and vulnerabilities identified as part of the ICT risk management framework. Financial entities shall ensure that reviews, assessments and tests of ICT security measures are conducted taking into consideration the overall risk profile of the financial entity.  Financial entities shall monitor and evaluate the results of the security tests and update their security measures accordingly without undue delay in the case of ICT systems supporting critical or important functions."
 

​

​

​