PL | ES | EN

Free Legal Geek resource

ITSec guidelines for DORA and NIS2

More than 1,250 guidelines across 26 categories. Download a ready-to-use resource for compliance, security and IT teams.

Get the free e-book View series
E-book cover: ITSec guidelines for DORA and NIS2

what you get in the resource

The guidelines are organised so you can move from diagnosis to a concrete list of implementation actions.

1250+ guidelines

An extensive base of cyber and digital resilience practices for regulated organisations.

Subcategory

The split into operational areas makes it easy to assign actions to process owners.

DORA and NIS2

The material was created with financial institutions and ICT providers in mind.

Implementation-ready format

Checklists and guidance for working with your team, the auditor, and outsourcers.

26 categories of guidelines

The categories are ready to be used as a backlog for implementation and maintenance work.

  • Secure data management
  • Source update
  • Secure coding
  • Monitoring and detection
  • Business continuity planning
  • Access management
  • Infrastructure security
  • Education and awareness
  • API security
  • Regulatory compliance
  • Human risk management
  • Remote work security
  • Mobile device security
  • Open source security
  • Phishing protection
  • Physical security
  • Service maintenance and management
  • Cloud security
  • Security incident management
  • Supply chain security
  • Digital resilience standards
  • PCI DSS compliance
  • Applying CIS Controls
  • NIST Cybersecurity Framework
  • IoT security
  • AI and machine learning risk

sample guidelines from the resource

Below is an excerpt of the content you will receive after downloading the PDF.

1. Secure data management

1.1. Data classification and inventory

  • Build a data classification system that takes confidentiality into account.
  • Carry out an inventory of all data assets.
  • Identify data owners and keep the processing register up to date.

Source update

2.1. System update management

  • Develop an update policy and schedule.
  • Implement a process for testing updates before production rollout.
  • Monitor patch availability and document deployments.

3. Secure coding

3.2. Code reviews and security testing

  • Establish code reviews with a focus on security aspects.
  • Add automated code scanning to your CI/CD pipeline.
  • Run internal and external penetration tests on a regular basis.

9. API security

9.2. Rate limiting and API usage monitoring

  • Implement request limits for API clients.
  • Configure alerts for traffic anomalies.
  • Monitor API metrics for abuse and performance.

11. Human risk management

11.4. Segregation of duties

  • Identify critical processes that require role separation.
  • Introduce multi-level authorisation for critical actions.
  • Regularly audit access and responsibility matrices.

11. Human risk management

11.7.1. Identify key roles and processes exposed to human risk

  • Map roles with access to critical systems and data.
  • Assess how vulnerable processes are to human error and intentional misuse.
  • Develop risk mitigation plans for the identified roles.

download the ITSec guidelines

Fill in the form. We will send the download link to the email address you provide.

E-book cover: ITSec guidelines for DORA and NIS2

A comprehensive resource for financial institutions and ICT providers.