Artykuł w czasopiśmie
Ładowanie...
Miniatura
Licencja

CC-BY-NC-SACC-BY-NC-SA - Uznanie autorstwa - Użycie niekomercyjne - Na tych samych warunkach

Threat-led penetration testing (TLPT) – a new approach to testing digital resilience of financial entities in Poland in the perspective of requirements under the Digital Operational Resilience Act (DORA)

Autor
Punktacja ministerialna
20
Data publikacji
Abstrakt (EN)

Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (Digital Operational Resilience Act, DORA) launched a new model for testing the digital resilience of financial services operating in the Polish financial market into the EU and thus into the domestic legal framework. The primary purpose of this article is to discuss and evaluate the Threat-Led Penetration Testing (TLPT) model. TLPT tests can include both technical and sociotechnical components. The hypothesis of the article is that TLPT testing will have a positive impact on enhancing the digital resilience of financial stakeholders because these tests are designed to simulate real-world cyber attacks, enabling organisations to understand their resilience to threats and initiate relevant countermeasures. The results obtained from the analysis confirm the validity of the proposed research hypothesis. This follows from the fact that the main premise of TLPT testing is to replicate realworld attack scenarios as accurately as possible, thereby enabling a more reliable and detailed assessment of organisation’s security level. The authors emphasise that such an approach allows not only for the verification of the effectiveness of information system safeguards, but also for the evaluation of the resilience of operational processes and the level of employee awareness regarding cyber threats.

Dyscyplina PBN
nauki o bezpieczeństwie
Inny tytuł

Testy threat-led penetration testing (TLPT) – nowe podejście do testowania cyfrowej odporności podmiotów finansowych w Polsce w kontekście obowiązków wynikających z rozporządzenia Digital Operational Resilience Act (DORA)

Czasopismo
Przegląd Bezpieczeństwa Wewnętrznego
Zeszyt
34
Strony od-do
237-258
ISSN
2080-1335
eISSN
2720-0841
Data udostępnienia w otwartym dostępie
2026-04-13
Licencja otwartego dostępu
Uznanie autorstwa - Użycie niekomercyjne - Na tych samych warunkach