π TLPT Readiness Assessment
What is a TLPT?
Threat-Led Penetration Testing (TLPT) is an advanced intrusion test mandatory under DORA for critical financial entities. It simulates real cyberattacks conducted by malicious actors to test the resilience of your systems.
π’
1. Governance & Organization
0%
Is a dedicated cybersecurity team in place?
Does executive management actively support cybersecurity initiatives?
Is a dedicated budget allocated for advanced security testing?
Are clear roles and responsibilities for incident management defined?
π
2. Documentation & Procedures
0%
Is a complete inventory of critical assets maintained?
Are incident response procedures documented?
Is the network and system architecture documented and up-to-date?
Is a business continuity plan (BCP) in place?
π
3. Technical Security
0%
Are perimeter security controls deployed (firewall, IDS/IPS)?
Is network segmentation implemented to isolate critical systems?
Is multi-factor authentication (MFA) required for privileged access?
Are regular and tested backups in place?
Is an endpoint detection and response system (EDR/XDR) deployed?
ποΈ
4. Monitoring & Detection
0%
Is a SOC (Security Operations Center) or equivalent service operational?
Are security logs collected and analyzed continuously?
Are automated alerts for critical security events configured?
Is threat intelligence integrated into your detection processes?
π
5. Training & Awareness
0%
Is regular cybersecurity training provided to employees?
Are incident simulation exercises (tabletop exercises) regularly organized?
Is the technical team trained in advanced attack techniques?
π§ͺ
6. Testing & Validation
0%
Are regular penetration tests conducted?
Are identified vulnerabilities corrected within appropriate timeframes?
Is the business continuity plan tested annually?
Have you ever conducted a red team exercise or purple team exercise?
0%
TLPT Readiness
Complete the assessment