Information Sharing (Cyber Threat Intelligence)
The exchange of threat intelligence, vulnerability information, and best practices between organizations and authorities. DORA Article 45 encourages financial entities to participate in information sharing arrangements to improve collective cybersecurity resilience.
Information sharing is the fifth pillar of DORA, recognizing that individual organizations benefit from collective threat intelligence. By sharing information about cyber threats, vulnerabilities, and attack techniques, financial entities can better prepare for and respond to emerging threats.
DORA Article 45 establishes a framework for voluntary information sharing among financial entities, subject to appropriate safeguards. Shared information may include indicators of compromise (IoCs), tactics, techniques and procedures (TTPs), security alerts, and configuration tools. Organizations must ensure that information sharing respects confidentiality, protects personal data, and doesn't compromise competitive positions.
Effective information sharing typically operates through sector-specific Information Sharing and Analysis Centers (ISACs), bilateral agreements between organizations, regulatory sharing mechanisms, and threat intelligence platforms. For the European financial sector, organizations like the European Financial ISAC (FI-ISAC) facilitate structured information exchange.
Learn More
Discover how Matproof can help you achieve Information Sharing (Cyber Threat Intelligence) compliance.
View framework pageRelated Terms
DORA (Digital Operational Resilience Act)
An EU regulation that establishes uniform requirements for the security of network and information systems in the financial sector. DORA became mandatory on January 17, 2025, and applies to banks, insurance companies, investment firms, and their critical ICT service providers.
ICT Risk Management
The process of identifying, assessing, and mitigating risks associated with information and communication technology systems. Under DORA, financial entities must maintain a comprehensive ICT risk management framework covering identification, protection, detection, response, and recovery.
Operational Resilience
The ability of an organization to deliver critical operations through disruption. In the context of DORA, it specifically refers to digital operational resilience — the capacity of financial entities to build, assure, and review their technological operational integrity.
Automate compliance with Matproof
DORA, SOC 2, ISO 27001 — get audit-ready in weeks, not months.
Request a demo