The bCast Blog

Looking to Ensure DORA Compliance? These podcasts explore key strategies to help businesses meet the requirements of the Digital Operational Resilience Act (DORA) and mitigate risks.

Stay Compliant: The 10 Best DORA Compliance Podcasts: Must Know Strategies

Let's go!

1. Why DORA Is a Game-Changer for Financial Services

In this episode of CISO Conversations: EU Data Regulations, Richard Cassidy, EMEA Field CISO at Rubrik, is joined by Anna Delaney, Director of Productions at Information Security Media Group (ISMG), to explore why the Digital Operational Resilience Act (DORA) makes operational resilience a priority for financial services organizations. They discuss how DORA will impact your financial institution, how to best prepare for DORA and improve operational resilience, and how to increase oversight and accountability of third parties in the supply chain.

As an experienced broadcast journalist, Anna interviews senior cybersecurity leaders globally. Previously, she was the editor-in-chief of The European Information Security Summit (TEISS) website. Anna has also worked at Levant TV, Resonance FM, and as a researcher at the BBC and ITV in their documentary and factual TV departments.

With 24 years in cybersecurity and cloud technology, Richard is an experienced leader known for delivering exceptional results and driving innovation. He excels in advising and providing tailored solutions to SMBs and enterprises across various sectors, effectively managing risks. A member of the Forbes Technology Council, Richard is a recognized thought leader and media contributor in the industry.

Watch the playlist at YouTube.

Check out their latest episode here:

Subscribe here:

• YouTube

2. Let’s meet DORA

The European Union’s Digital Operational Resilience Act (“DORA”), a regulation aimed at enhancing the resilience of financial entities to digital disruptions, officially came into force on January 16, 2023 and will be applied from January 17, 2025. In the second episode of BDO Business Talks, Veronika Macháčková-Koch, Director of IT Audit, and Othmane Mouline, Senior Manager in ICT Security and Compliance, discuss the entities affected by DORA and provide insights on how companies can effectively navigate their compliance journey under this new legislative framework.

Hosted by Ausha. See ausha.co/privacy-policy for more information.

Check here for their latest episode:

Subscribe here:

• Apple Podcasts

3. The Segment: A Zero Trust Leadership Podcast

In the past two years, more than three-quarters of organizations have been attacked by ransomware, and over two-thirds have experienced at least one software supply chain attack. Attackers are smarter, more sophisticated and move more quickly than ever. If your organization hasn’t been breached yet, odds are you will be. On The Segment, you will hear from industry experts about the latest cybersecurity and ransomware trends. We will unpack how modern organizations can reduce risk and curtail impact with Zero Trust - a “never trust, always verify” approach to cybersecurity. Join us for The Segment: A Zero Trust Leadership Podcast, brought to you by Illumio.

Check here for their latest episode:

Subscribe here:

• Apple Podcasts

4. FinTech Scotland

Hear about the great fintech innovations in Scotland, news on the sector from our partners in Scotland, the UK and all around the world. Voted Top 35 Fintech Podcasts in 2021 by Feedspot https://blog.feedspot.com/fintech_podcasts/

Check here for their latest episode:

Subscribe here:

• Apple Podcasts

5. Navigating DORA: Compliance Through Cyber Resilience

In this episode, host Raghu Nandakumara sits down with Tristan Morgan, Managing Director Cyber Security at BT Group, and Mark Hendry, Digital Services Partner at Evelyn Partners to discuss DORA regulations and compliance in the financial services sector. They discuss the interplay between regulatory standards like NIS2 and DORA, the importance of proportionality and operational resilience, and the broader adoption of principles such as Zero Trust.

Learn more on how to achieve DORA compliance: Illumio.com/dora

--------

"If you did a search on DORA and looked for the word segmented, ss in micro-segmentation, instantaneous severing of elements of the network in order to contain and what have you, it's in there. It's absolutely in there. So, you just need to know what you're looking for and you'll find it. And Zero Trust will evolve. It might evolve into a different name or a different set of characteristics that we seek to achieve, but DORA should last. And we might find terms like Zero Trust start to pop up in regulatory technical standards or implementing technical standards that accompany it, but it's absolutely in there because it's such a good way to protect our organizations from harm, the types of harm that we've talked about." - Mark

"If you were to build something completely separate and ask all businesses to comply with something that was different, not only would there be significant cost, I think actually you get much greater resistance. Whereas, these regulations like DORA actually build upon industry-recognized best practices that many businesses are already adopting to a degree, and it actually is sensible, but it also makes the barrier to compliance less." - Tristan

Check here for their latest episode:

Subscribe here:

• Apple Podcasts

6. Everything You Need to Know About DORA

We dive deep into the Digital Operational Resilience Act with Liam Mckenna, Partner at Mazars and Austin Kelly from Mazars. If you would like to work with Liam and Austin, please contact them here.

Book a call with a Vendor and Contract Management Expert here - https://www.gatekeeperhq.com/book-gk-demo-step-1

GATEKEEPER'S GUIDE TO VENDOR LIFECYCLE MANAGEMENT Actionable checklists, tips and best practices. Download the ebook now for FREE: https://www.gatekeeperhq.com/free-vendor-management-ebook

Contact Liam from Mazars here: https://www.mazars.com/Users/our-team/liam-mckenna

We dive deep into the Digital Operational Resilience Act with Liam Mckenna and Austin Kelly from Mazars. If you would like to work with Liam and Austin, please reach out to them here.

DORA (Digital Operational Resilience Act) is a new regulation that aims to address the increased digital risk organisations face. It focuses on five key pillars, including ICT risk management, incident management and reporting, digital operation resilience testing, and third-party risk. Non-compliance with DORA can damage an organisation's relationship with regulators and lead to remediation programs and penalties. Organisations need to start preparing for DORA compliance by scoping the project, conducting a gap analysis, developing a roadmap, and implementing mitigation actions. Key challenges include weaknesses in IT risk management, lack of asset management, and the need for standardised contract clauses. Organisations should take DORA seriously and not just treat it as a compliance project. They should invest in ongoing risk assessments, engage with third parties, and commit to implementing robust controls.

Key Takeaways

-DORA is a new regulation that addresses the increased digital risk faced by organisations

-It focuses on five key pillars: ICT risk management, incident management and reporting, digital operation resilience testing, and third-party risk

-Non-compliance with DORA can damage an organisation's relationship with regulators and lead to penalties.

-Organisations must start preparing for DORA compliance by scoping the project, conducting a gap analysis, developing a roadmap, and implementing mitigation actions. Challenges include weaknesses in IT risk management, lack of asset management, and the need for standardised contract clauses

-Organisations should take DORA seriously, invest in ongoing risk assessments, engage with third parties, and commit to implementing robust controls

Chapters

00:00 Introduction

00:55 Overview of DORA

06:09 Non-Compliance and Penalties

09:44 Preparing for DORA Compliance

13:16 Challenges in DORA Compliance

25:25 Key Considerations and Conclusion

Check here for their latest episode:

Subscribe here:

• Apple Podcasts

7. Lessons in Resilience from DORA

Understanding ICT and DORA, with Mark Hughes, Global Managing Partner, Cybersecurity Services, IBM Consulting, and Romain Deslorieux, Strategic Partners Director, Global System Integrators at Thales

To learn more, visit: https://cpl.thalesgroup.com/compliance/emea/data-security-compliance-dora-resilience-act

Check here for their latest episode:

Subscribe here:

• Apple Podcasts

8. Mainframe Operational Resilience: DORA and Beyond

Led by Futurum's Steven Dickens, our panel discusses the EU's Digital Operational Resilience Act (DORA), how companies are preparing for it, and its benefits beyond regulatory requirements. Links: Webpage: What is DORA? The Digital Operational Resilience Act Explained - https://www.bmc.com/dora Blog Post: Navigating DORA Regulations: A Guide for Mainframe Operational Resilience - https://www.bmc.com/blogs/dora-regulations-mainframe-operational-resilience/ E-book: The Dora survival guide for mainframe operational resilience - https://documents.bmc.com/products/documents/56/27/545627/545627.pdf Infographic: “The clock is ticking on DORA. Is your mainframe ready?” - https://documents.bmc.com/products/documents/55/78/545578/545578.pdf Futurum Group Brief: “DORA Compliance and Resiliency for the Mainframe: Proactive Strategies for Operational Continuity” - https://documents.bmc.com/products/documents/55/93/545593/545593.pdf Blog Post: What DORA Means for Mainframe Teams in and Around EMEA - https://www.bmc.com/blogs/what-DORA-means-for-mainframe-teams-EMEA

Check here for their latest episode:

Subscribe here:

• Apple Podcasts

9. : Europe's Cybersecurity Game-Changer

DORA, or the Digital Operational Resiliency Act, is set torevolutionise cybersecurity regulations for financial institutions across europe. With a focus on enhanced security measures and resilience against cyber threats, DORA aims to ensure the stability and integrity of financial systems. As deadlines approach and legislation is finalized, the implications of DORA are poised to reshape the landscape of financial cybersecurity. Monitored by EU financial authorities, compliance isn't optional—it's essential for continued operation in the European market. Withdeadlines looming, the financial sector is bracing for a seismic shift in cybersecurity standards.

Check here for their latest episode:

Subscribe here:

• Apple Podcasts

10. Exploring DORA

In this episode, our podcast host, Matthew O’Neill takes us on a deep dive “Exploring DORA”, Europe’s new Digital Operational Resilience Act which is being suggested, will be as significant for Financial Services as GDPR has been to the rest of us.

Matthew discusses the key provisions of DORA and how it aims to ensure the robustness and resilience of the financial system in the digital age. We'll uncover Matthew’s take on the motivations behind the act, its implications for financial institutions, IT service provider partners, and even the regulators, all with the aim of providing protection for consumers.

From cyber threats to operational disruptions, DORA's framework addresses a wide range of risks and sets new standards for digital operational resilience. Matthew makes it clear that regulators from other jurisdictions are watching with interest.

In addition, we learn of Matthew’s unprecedented journey in the financial sector; from an office junior at a local bank in the UK to becoming the Head of Infrastructure and Operations in Asia and then the Global Head of Data centres and IT Service Management at one of the world’s largest banks, and then on to his landing here at VMware.

Matthew’s take on DORA gives you a true insider’s perspective. It’s a must-listen!

3 Takeaways:

1. DORA emphasizes that operational resilience is not limited to financial services firms alone. The entire ecosystem supporting critical services must be considered. This means mapping out end-to-end processes, understanding who and what is involved, and ensuring full observability to keep things running optimally.
2. DORA introduces a significant shift in regulatory testing. Supervisors will now conduct tests on production systems especially where these are sharing cloud infrastructure with multiple firms. Stress testing operational resilience will become a priority, moving away from a mere tick-box exercise.
3. To comply with DORA's requirements, both financial service providers and their partner firms should invest in regulatory risk professionals and banking risk specialists. The act will challenge existing assumptions and practices. It might reveal whether claims of regulatory constraints are genuine or merely used as an excuse for avoiding technological advancements. This suggests that firms will need to navigate a potentially uncomfortable period of reevaluation and adaptation.

Key Quotes:

• It's not just about the financial services firm. It's also about, the whole ecosystem that supports you in the provision of what are deemed as critical or important services. So, if you have one of those types of service, you've really got to map out end to end, how that operates, who operates through, who's touching what part of it and making sure that you're not just monitoring it, but you've got like full observability as to what's going on, who's doing what, where, when, and why, and if anything goes wrong, how quickly you can bring that back.
• The big differences now though, is that there will now be testing performed and you've got to perform tests, but it's also the supervisors are likely to be performing tests and they'll be performing tests on production systems that are potentially running on the same cloud infrastructures as many other [financial service] firms and many other firms. So, there's going to be much more stress testing of that operational resilience than it ever being a kind of a governance, tick box exercise. So I think that's one thing that's got folks concerned.
• What's going to happen here is there's going to be an increased level of transparency. I can kind of say maybe an implicit increase in levels of trust between FSI firms and their supplier partners, because the supplier partners are going to be held to account for what's running. And if they don't know what's running, that's a little bit of a hard position

Check here for their latest episode:

Subscribe here:

• Apple Podcasts

There you have it...

The 10 Best DORA Compliance Podcasts: Must Know Strategies on the internet right now.

Conclusion

As the Digital Operational Resilience Act (DORA) becomes increasingly crucial for financial institutions and other sectors, staying compliant is vital for operational success and risk management. The best DORA compliance podcasts offer expert insights into the regulatory landscape, breaking down complex requirements into actionable strategies. By tuning into these podcasts, businesses can learn how to align their systems, stay secure, and meet compliance standards with confidence. For any organization navigating DORA, these podcasts provide essential guidance on building resilience and managing risks in an ever-evolving regulatory environment.

Subscribe to the ones that interest you, and send us an email at grow@fame.so if you know of any awesome DORA compliance podcasts that we've missed!