P5: Information Sharing
Legal Basis
- DORA: Article 45 (Chapter VI)
- No dedicated RTS/ITS – Regulated directly in the base legal act
Requirements
Voluntary Sharing (Art. 45)
Financial entities may enter into mutual arrangements for the exchange of information and intelligence on cyber threats.
Prerequisites:
- Exchange within trusted communities of financial entities
- Preservation of confidentiality and data protection
- Notification of the competent authority about participation
- Compliance with competition rules
Content of exchange:
- Indicators of Compromise (IoCs)
- Tactics, Techniques, and Procedures (TTPs)
- Security alerts
- Configuration tools and methods
Regulatory Information Provision
Supervisory authorities provide financial entities with anonymised information on:
- Relevant cyber threats
- Vulnerability information
- Incident trends
Financial entities must establish mechanisms to:
- Receive and verify this information
- Incorporate it into their own risk analysis
- Take appropriate measures
Cross-Sector Simulation Exercises
DORA provides for coordinated exercises to strengthen sector-wide resilience.
BAUER GROUP Relevance
As an ICT service provider, P5 is low priority for BAUER GROUP, but strategically relevant:
- Participation in ISACs (Information Sharing and Analysis Centers) recommended
- Threat intelligence feeds integrated into own monitoring
- Proactively inform clients about relevant threats (value-added service)
Automation
| Measure | Approach |
|---|---|
| Threat intelligence | MISP integration, STIX/TAXII feeds |
| IoC sharing | Automated import into SIEM |
| Client alerts | Template-based notifications |