Beta

Source: OJ L, 2024/1774, 25.6.2024

EN

Recital 11 Vulnerability management

The fast-evolving nature of ICT landscapes, ICT vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; and cyber threats means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881; necessitates a proactive and comprehensive approach to identifying, evaluating, and addressing ICT vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat;. Without such an approach, financial entitiesas defined in Article 2, points (a) to (t), their customers, users, or counterparties may be severely exposed to risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident;, which would put at risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; their digital operational resilience means the ability of a financial entity to build, assure and review its operational integrity and reliability by ensuring, either directly or indirectly through the use of services provided by ICT third-party service providers, the full range of ICT-related capabilities needed to address the security of the network and information systems which a financial entity uses, and which support the continued provision of financial services and their quality, including throughout disruptions;, the security of their networks, and the availability, authenticity, integrity, and confidentiality of data that ICT security policies and procedures should protect. Financial entitiesas defined in Article 2, points (a) to (t) referred to in Title II of this Regulation should therefore identify and remedy vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; in their ICT environment, and both the financial entitiesas defined in Article 2, points (a) to (t) and their ICT third-party service providers means an undertaking providing ICT services; should adhere to a coherent, transparent, and responsible vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; management framework. For the same reason, financial entitiesas defined in Article 2, points (a) to (t) should monitor ICT vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; using reliable resources and automated tools, verifying that ICT third-party service providers means an undertaking providing ICT services; ensure prompt action on vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; in provided ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services;.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod