DORA christmas

Edit Answers
1234567891011121314151617181920
Across
  1. 3. What must cryptographic keys be protected against throughout their lifecycle?
  2. 6. What is the name of the Dutch IT-association that published the first DORA-control framework?
  3. 7. "The control team lead shall select at least three ********* to conduct the TLPT, on the basis of all of the following elements: (a) the recommendation by the threat intelligence provider and the threat-led nature of each scenario; (b) the input provided by the test managers; (c) the feasibility of the proposed scenarios for execution, based on the expert judgement of the testers; (d) the size, complexity and overall risk profile of the financial entity and the nature, scale and complexity of its services, activities and operations."
  4. 11. What technique can be used in network design to limit contagion during cyber attacks?
  5. 13. The **** plan with a third party must be based on realistic scenarios and assumptions.
  6. 14. Financial entities shall identify, classify and adequately document all ICT supported business functions, roles and responsibilities, the information ****** and ICT ****** supporting those functions, and their roles and dependencies in relation to ICT risk.
  7. 15. What must financial entities use for advanced testing of ICT tools?
  8. 16. How often per year should a review of access rights for ICT systems that support critical or important functions be performed
  9. 18. What percentage of affected clients using a service meets the materiality threshold for major incidents?
  10. 20. What must ICT security policies ensure regarding data?
Down
  1. 1. Information of subcontractors should **** be in the Register of Information that effectively underpin ICT services supporting critical or important functions or material parts thereof.
  2. 2. What is the main subject matter of DORA?
  3. 4. Who is responsible for implementing the ICT risk management framework in financial entities?
  4. 5. What must financial entities report to relevant authorities?
  5. 8. "The Register of Information has six criteria: Financial entities shall ensure that the information contained in the templates referred to in paragraph 1 adhere to the following principles of data quality. Five of them are: accuracy; completeness; integrity; uniformity; validity. What is the six criteria?"
  6. 9. What must be promptly renewed to ensure ongoing security?
  7. 10. What is the abbreviation of " a function, the disruption of which would materially impair the financial performance of a financial entity, or the soundness or continuity of its services and activities, or the discontinued, defective or failed performance of that function would materially impair the continuing compliance of a financial entity with the conditions and obligations of its authorisation, or with its other obligations under applicable financial services law;"
  8. 12. We enter the run phase of DORA. The ICT framework should be reviewed yearly. This report is quite extensive. So early start is important. Internal ***** should also start early to ***** this ICT Framework.
  9. 17. How frequently should vulnerability scanning be performed on critical ICT assets?
  10. 19. What should financial entities have to ensure data restoration?