Detection


TL;DR This article of the EU's Digital Operations Resilience Act sets out rules for financial entities to ensure their operations are secure. These rules include putting in place mechanisms to promptly detect anomalous activities, regular testing, devoting sufficient resources and capabilities to monitoring user activity and the occurrence of ICT anomalies, and having systems to effectively check trade reports for completeness. These steps ensure that financial entities are able to respond to ICT-related incidents, including cyber-attacks, in a timely manner and with appropriate resources.
  1. Financial entitiesas defined in Article 2, points (a) to (t) shall have in place mechanisms to promptly detect anomalous activities, in accordance with Article 17, including ICT network performance issues and ICT-related incidentsmeans a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity;, and to identify potential material single points of failure.

    All detection mechanisms referred to in the first subparagraph shall be regularly tested in accordance with Article 25.

  2. The detection mechanisms referred to in paragraph 1 shall enable multiple layers of control, define alert thresholds and criteria to trigger and initiate ICT-related incidentmeans a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity; response processes, including automatic alert mechanisms for relevant staff in charge of ICT-related incidentmeans a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity; response.

  3. Financial entitiesas defined in Article 2, points (a) to (t) shall devote sufficient resources and capabilities to monitor user activity, the occurrence of ICT anomalies and ICT-related incidentsmeans a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity;, in particular cyber-attacksmeans a malicious ICT-related incident caused by means of an attempt perpetrated by any threat actor to destroy, expose, alter, disable, steal or gain unauthorised access to, or make unauthorised use of, an asset;.

  4. Data reporting service providersmeans a data reporting service provider within the meaning of Regulation (EU) No 600/2014, as referred to in Article 2(1), points (34) to (36) thereof; shall, in addition, have in place systems that can effectively check trade reports for completeness, identify omissions and obvious errors, and request re-transmission of those reports.