DORA and operational resilience: Credential management as a financial risk control
Summary
Article 9 of the Digital Operational Resilience Act (DORA) in the EU mandates financial entities to implement strong authentication and access control measures. The article highlights the legal obligations under this regulation and illustrates the risks associated with inadequate credential management.
IFF Assessment
The regulation imposes security requirements, which, if implemented correctly, will improve the security posture of financial entities and make them more resilient to attacks.
Defender Context
Financial institutions must prioritize robust credential management and access control to comply with DORA regulations. Defenders should focus on implementing multi-factor authentication, least privilege principles, and regular access reviews to mitigate risks associated with compromised credentials.