Skip to main content
Image coming soon

Operational Resilience Testing for Global Bank Security Officers

$199.00
Adding to cart… The item has been added

A focused course, tailored for you

Operational Resilience Testing for Global Bank Security Officers

Build the threat-led penetration testing programme your regulators expect, from scope to evidence pack.

Your TLPT scope document does not yet map cleanly to your Important Business Services register, and DORA Article 26 requires that it does. This course gives you the methodology to close that gap before the next supervisory review.

$199 one-time
Tailored to your situation. Access within 24 hours. 30-day money-back.

Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.

Why this course

Security Officers at large, internationally active banks are accountable for TLPT execution under DORA, but the programme sits at an uncomfortable intersection: regulatory policy (owned by Compliance), critical function mapping (owned by Operations or Risk), and technical execution (owned by the Red Team or an external tester). The scope justification document is typically the weakest link. It references the right frameworks, it names the right systems, but the chain of reasoning from Important Business Services through threat intelligence selection to in-scope system is rarely documented in a way that survives a supervisory deep-dive. When the ACPR or ECB examiner asks 'show me how you determined this system was in scope', the answer is often a spreadsheet, a slide deck from six months ago, and a verbal explanation. That is not what Article 26 asks for.

What you walk away with

  • Map your bank's Important Business Services register to a defensible TLPT scope document in the format supervisors expect.
  • Select and brief a threat intelligence provider using the criteria specified in the TIBER-EU framework.
  • Draft the Red Team test plan that satisfies both internal approval committees and external supervisory review.
  • Build the post-test remediation register with risk-ranked findings, remediation owners, and re-test dates.
  • Produce the DORA Article 26 submission package from the test report without starting from a blank template.
  • Run the annual TLPT cycle end-to-end with a documented audit trail that satisfies both internal audit and the lead supervisory authority.

The 12 modules

Module 1. DORA TLPT Obligations: What Article 26 Actually Requires
Walk through the exact text of DORA Article 26 and the accompanying RTS on TLPT. Identify the three documents you are legally required to produce: the scope justification, the red team test plan, and the post-test supervisory report. Understand which competent authority receives what, and what timeline applies to internationally active institutions under joint supervisory oversight by both the ECB and a national authority.
Module 2. Mapping Important Business Services to TLPT Scope
Start from your bank's existing IBS register (or build one if it does not exist in the right format). Learn the criteria for determining which services are 'critical or important' under DORA Article 3, how to document the mapping decision for each service, and how to handle services where the dependency chain crosses legal entities or geographies. This module produces the scope justification annex that sits at the front of every TLPT file.
Module 3. Threat Intelligence Selection and Briefing
TIBER-EU requires a Threat Intelligence provider separate from the Red Team. This module covers the selection criteria, the brief you hand the TI provider, and the Targeted Threat Intelligence report you receive back. Learn how to evaluate TI quality, how to identify when a TI report is too generic to drive a credible red team scenario, and how to request a revision that names specific TTPs relevant to your institution's sector and geography.
Module 4. Red Team Scoping: Systems, People, and Physical Perimeter
The TLPT scope covers IT systems, staff (social engineering), and in some cases physical access. This module walks through each perimeter: how to define the in-scope systems list with justification, how to set the boundaries on staff targeting so the test does not destabilise operations, and how to handle physical access testing in a multi-site, multi-country bank where the 'perimeter' is not a single data centre.
Module 5. Selecting and Contracting a Red Team Provider
Under DORA, the Red Team provider must meet specific criteria and in some jurisdictions must be pre-approved by the competent authority. This module covers the qualification checklist, the contract clauses that protect your bank (IP ownership of findings, non-disclosure of scope to other clients, liability caps), and the governance approval process inside a global bank where Legal, Procurement, and the CISO office each have a sign-off requirement.
Module 6. Coordinating the Test Without Tipping Off Controls
TLPT requires a small 'white team' inside the bank that knows the test is running, while the broader Security Operations team does not. This module covers white team composition, the information embargo, how to handle a situation where a SOC analyst detects the red team activity and escalates, and the post-test debrief process that explains the test to the teams who were defending against it without knowing.
Module 7. Running the Test Cycle: Timeline, Decision Points, and Escalation
A full TLPT cycle runs six to twelve months from scope approval to supervisory submission. This module lays out the timeline, identifies the decision points where the test can be paused or extended, and defines the escalation path when the red team achieves a finding that poses immediate risk (e.g. access to a payment system the white team did not anticipate). Learn how to document real-time decisions in a way that becomes part of the final supervisory report.
Module 8. Findings Classification and the Remediation Register
The post-test report classifies findings by severity using a framework that the competent authority recognises. This module covers the DORA-aligned classification scheme, how to assign remediation owners across Security, Operations, and IT teams who did not run the test, how to set re-test dates that are credible rather than aspirational, and how to track progress in a format that satisfies both internal audit and the supervisory authority's follow-up requests.
Module 9. Writing the DORA Article 26 Supervisory Submission
The supervisory submission is not the red team report. It is a separate document that summarises scope, methodology, key findings, and remediation commitments for the competent authority. This module provides the structure, the level of technical detail appropriate for a supervisory reader, and the specific assertions DORA requires you to make (including the confirmation that the test was conducted by a qualified provider against the declared scope). Includes a worked example from a plausible Tier 1 bank scenario.
Module 10. Managing Joint Supervision: ECB and National Authority Coordination
Internationally active banks are often supervised jointly by the ECB under the SSM and by one or more national competent authorities. TLPT submissions may need to satisfy both. This module covers how to structure the submission package for a joint supervisory arrangement, how to handle divergent requirements between the ECB TLPT framework and the national TIBER variant (TIBER-FR, TIBER-DE, TIBER-NL), and which authority gets the final sign-off on scope.
Module 11. ICT Third-Party Risk in the TLPT Scope
Many critical functions depend on third-party ICT providers that sit outside your direct control. DORA requires you to consider whether those providers should be included in or excluded from TLPT scope, and to document the decision. This module covers the inclusion criteria, how to contractually require a third party to cooperate with your red team, and what to do when a critical third party declines or is not contractually obligated to participate.
Module 12. Running the Annual TLPT Cycle and Keeping the Programme Current
DORA requires TLPT at least every three years for significant institutions, and your internal programme governance likely requires an annual review of scope even in non-test years. This module covers the annual review process: updating the IBS mapping, refreshing the threat intelligence, assessing whether last cycle's findings have been remediated to a standard that would survive re-test, and briefing the CISO and Board Risk Committee on programme status. Produces the annual TLPT programme report.

How this addresses your situation

Specific modules that map to what you said you are dealing with.

If your IBS-to-scope mapping is the weak point: start with modules 1 and 2, then jump to module 9 to see what the supervisor will ask.
If you are mid-procurement for a red team provider: modules 5 and 6 are immediately applicable.
If a test is already running and you need to manage the white team and SOC interaction: module 6 and module 7.
If you are writing the supervisory submission for the first time: module 9, then work backwards through modules 8 and 10.

What you get with this course

  • 12 written modules covering the full TLPT lifecycle from IBS mapping to supervisory submission.
  • Scope justification template aligned to DORA Article 26 and TIBER-EU.
  • Remediation register template with severity classification and re-test tracking.
  • Supervisory submission structure guide with annotated worked example.
  • Red team provider qualification checklist and contract clause reference.
  • Hand-built implementation playbook tailored to your institution's regulatory context, delivered alongside course access.

What you will have in hand by Day 1, Week 1, Month 1

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

Before and after

Before

Your TLPT scope document exists, but the chain of reasoning from IBS register to in-scope system is verbal rather than documented. The supervisory submission from the last cycle was assembled under time pressure from a combination of the red team report and slides from the kick-off meeting.

After

You have a repeatable TLPT programme with documented scope justification, a structured remediation register, and a supervisory submission template that produces the Article 26 package without starting from scratch each cycle. The next ECB or ACPR review finds a complete, traceable evidence pack.

What happens if you do not address this

DORA's TLPT requirements for significant institutions are not advisory. Supervisory authorities have the power to require remediation of programme gaps identified during review, and persistent gaps in TLPT documentation quality feed directly into SREP scores. A scope justification that cannot be traced to the IBS register is a finding, not a recommendation.

Who it is for

This course is for Security Officers and their direct reports at Tier 1 and Tier 2 global banks who are accountable for TLPT programme delivery under DORA. It assumes you already understand your bank's control framework and have some familiarity with red team concepts. You do not need to be a penetration tester yourself; you need to build and own the programme that governs the testers.

Who this is NOT for. Security analysts looking for hands-on penetration testing technique. Internal auditors reviewing a programme someone else runs. Compliance officers whose only exposure to TLPT is reading the DORA text.

How it arrives

Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access.

Time investment. Each module is self-contained and reads in 20-35 minutes. The full course is completable in a single focused week or across several working sessions.

Why $199 is the right number

The TIBER-EU framework documentation is publicly available but describes process at a regulatory level, not an implementation level. External consultants who run TLPT programmes charge day rates that make a full programme review expensive. This course teaches you to build and own the programme yourself, so you are the one who understands it when the supervisor asks.

FAQ

We already have a TLPT programme. Is this still relevant?
Most likely yes. The course focuses specifically on the documentation and evidence requirements that satisfy DORA Article 26 supervisory review, which differ from what most internal programmes were built to produce before DORA came into force.
Does this cover TIBER-EU specifically or DORA TLPT?
Both. DORA TLPT for EU-supervised institutions is built on the TIBER-EU framework. The course treats them as a single methodology and notes where national variants (TIBER-FR, TIBER-DE) diverge.
Our red team is outsourced. Is this still applicable?
Yes. The course is written from the Security Officer perspective, not the red team perspective. The accountability for scope, documentation, and supervisory submission stays with you regardless of who runs the test.

30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.