ContentsInformation risk and information security managementIntegration of information security into ICT risk managementInformation security policies (mandatory content)Information classification & handling (explicit new requirement under DORA)Identity and access management (IAM) requirementsCore mandatory elementsSpecific BaFin clarificationVisual element (page 14)Data leakage prevention (DLP), secure data handling & environment separationDLP controlsData handling requirementsEnvironment separationLogging, monitoring & detection controlsMinimum logging requirementsMonitoring and detectionCryptographic controls and lifecycle management Information risk and information security management Integration of information security into ICT risk management Reference: page 11 The PDF makes clear that: A small diagram on page 11 illustrates the integration, showing “Information Security” inside the larger “ICT Risk Management” block. Information security … Continue reading Information risk and information security managementRead More →