⚙️Build trust faster with streamlined custody and AI-driven assurance. Register now
MarketplaceCybersecurity
CybersecurityGuidelineIn 6clicks App

Guidelines on ICT and Security Risk Management

The EBA Guidelines establish requirements for credit institutions, investment firms, and payment service providers on mitigating and managing information and communication technology (ICT) risks. They aim to ensure a consistent and robust approach to ICT and security risk management across the EU financial sector.

Talk to a GRC ExpertView source ↗
These Guidelines were developed by the European Banking Authority (EBA) to standardize ICT and security risk management practices in the EU financial system. They apply to credit institutions, investment firms, and payment service providers and aim to mitigate operational and ICT risks effectively. The Guidelines will replace the EBA GL/2017/17 Guidelines on security measures for operational and security risks. They are aligned with the Digital Operational Resilience Act (DORA), which harmonizes ICT risk management practices in the financial sector. The Guidelines focus on a simplified framework for managing ICT risks, including operational resilience, and are set to take effect on May 20, 2025.
#ict risk#security management#financial sector#operational resilience#compliance

Related in Cybersecurity

CybersecurityGuidelineIn 6clicks App

CISA ZTMM V2 — CISA Zero Trust Maturity Model V2

The CISA Zero Trust Maturity Model V2 provides a structured roadmap for organizations implementing a zero trust architecture. It outlines five key pillars and associated maturity levels to guide strategies and execution.

Issuer
US Department of Homeland Security (DHS)
Jurisdiction
United States
Version
2
Updated
Apr 2023
View detailszero trust · cybersecurity
CybersecurityFrameworkIn 6clicks App

C2M2 — Cybersecurity Capability Maturity Model

The Cybersecurity Capability Maturity Model (C2M2) is a tool developed by the U.S. Department of Energy to help organizations evaluate and enhance their cybersecurity capabilities. It focuses on both IT and OT environments, offering a structured framework of over 350 practices organized into 10 domains.

Issuer
U.S. Department of Energy
Jurisdiction
United States
Version
2.1
Updated
Jun 2022
View detailscybersecurity · maturity model
CybersecurityControl setIn 6clicks App

ECC 2-2024 — Essential Cybersecurity Controls

The Essential Cybersecurity Controls (ECC 2-2024) aim to enhance cybersecurity at the national level in Saudi Arabia. They provide policies and controls to protect the information and technological assets of national entities.

Issuer
National Cybersecurity Authority
Jurisdiction
Kingdom of Saudi Arabia
Version
2-2024
Updated
Apr 2026
View detailscybersecurity · controls