News & Events

What is the big deal with Digital Operational Resilience?

Everyone is talking about digital resilience lately, and you might be wondering how it relates to managing risks on NonStop systems. The Digital Operational Resilience Act entered into effect in the EU on January 17, 2025, and ICT Risk Management is one of the key pillars of DORA’s framework.

Several other jurisdictions, including North America, have begun implementing similar Operational Risk Management frameworks.

These requirements are defined as comprehensive risk management frameworks for ICT systems, including establishing policies, procedures, regular assessments, and programs to ensure operational resilience in case of attachs.

Financial entities must have internal governance and control frameworks to ensure effective and prudent management of ICT risk and achieve strong digital operational resilience. That means critical information stored on NonStop systems.

At the highest level, DORA sets comprehensive and continuous standards for resilience and security. From an organizational standpoint, operational risk management requires several collaborative defensive systems to properly assess and manage risk, including vulnerability scanning, user validation, and threat detection.

Why is Vulnerability Management important for an organization’s Digital Resilience strategy?

Vulnerability management is the ongoing practice of managing vulnerabilities in your IT systems.  It is an essential pillar of cybersecurity and a critical part of any organization’s overall security and digital resilience strategy.

Every system has vulnerabilities and weak spots that present prime targets for threat actors. Adapting a vulnerability management process will help reduce your system’s attack surface, strengthen your security posture, and enhance your digital resilience strategy.

It’s hard to defend your organization if you don’t understand the threats you face. As such, the first step to approaching DORA compliance is profiling not only the threat actors that target the financial services sector, but specifically which actors will attack and how they will carry out those attacks.

How can Vulnerability Scanning strengthen Digital Resilience?

Vulnerability Scanning is an integral part of a holistic approach to Vulnerability Management. It is defined as the practice of identifying security weaknesses in systems, networks, and applications. Organizations can proactively address vulnerabilities by conducting regular scans, which reduce the risk of cyberattacks and data breaches.

Vulnerability scanning also helps organizations maintain compliance with industry regulations and security standards, as many frameworks require periodic vulnerability assessments. Implementing vulnerability scanning also demonstrates a commitment to data protection, instills confidence in stakeholders, and strengthens overall security measures.

DORA compliance is no small undertaking. It requires the right partner to ensure not only compliance but also an environment of readiness and continuous improvement.

How can you Effectively Identify Vulnerabilities in your System?

CSP has been an innovator in NonStop security for over thirty years and understands the complex security challenges facing the NonStop platform.

No organization is immune to threats. Corporations cannot trust any single element within their organizations. Inaction to provide protection, hoping for the best, is not a strategy.

CSP understands enterprises must continuously check their NonStop systems for inconsistencies, so we developed CSP Vulnerability Scanner v3.0, an easy-to-use vulnerability scanning and reporting tool for NonStop Systems.

CSP Vulnerability Scanner is a vulnerability scanning and reporting solution for HPE NonStop systems that analyzes risks and identifies vulnerabilities by checking the Nonstop system’s configuration, access permissions, and security settings. It generates insightful reports for users and recommends changes to improve the security posture.

There is no GUI to install, and users can run reports from TACL and export using Spoolview. Vulnerability Scanner is also easy to install and use.

CSP Vulnerability Scanner version 3.0 is available now. VulScan v3.0 can now scan Pathways and the OSS environment.

It includes all the features and reports from our previous release, but we have now enhanced it with several new OSS and Pathway reports.

New OSS Reports in v3.0

• OSS File Verification Report
• OSS User Access Report
• OSS Orphan Files Report
• OSS SetUID/SetGID report
• OSS Directory Contents report
• OSS Symbolic Links report

New Pathway Reports in v3.0

• Pathway Files Report: List files containing Pathway commands and TPS objects.
• Compare History of Pathway Files:
  • Summary report of Pathway files added/deleted between two reports.
  • Details report of Pathway files added/deleted between two reports.

Key Features:

• Scans NonStop systems to identify vulnerabilities
• Provides recommendations to improve security
• Very easy to install and use
• Quickly perform scans and generate insightful reports
• Easily select from list of available reports
• Export reports with Spoolview
• Share reports with management and auditors

Vulnerability Scanner includes various reports within each report category, which helps generate more customized and focused reports. When it comes to securing your NonStop Systems, you have options.

CSP – The Superior Choice in NonStop Security

For complimentary access to CSP-Wiki®, an extensive repository of NonStop security knowledge and best practices, please visit wiki.cspsecurity.com

We Built the Wiki for NonStop Security ®

The CSP Team      

+1(905) 568 –8900