All news with #dora tag

From Adoption to Impact — DORA AI Capabilities Model Guide

🤖 The 2025 DORA companion guide highlights that AI acts as an amplifier, boosting strengths and exposing weaknesses across teams. Drawing on a cluster analysis of nearly 5,000 technology professionals, it identifies seven foundational capabilities — including a clear AI stance, healthy and AI-accessible data, strong version control, small-batch workflows, user-centric focus, and quality internal platforms — that increase the odds of positive outcomes. The guide maps seven team archetypes to help leaders diagnose where to start and offers a Value Stream Mapping facilitation to direct efforts toward system-level constraints so AI-driven productivity scales safely.

Vaillant CISO: Act Now on Security and Regulatory Change

🔐 Vaillant CISO Christoph Reiß says rising geopolitical tensions and the professionalization of cybercrime — amplified by accessible AI tools — are elevating the threat to the heating and energy sector. Vaillant relies on a holistic, multilayered security strategy that combines preventative and reactive measures and protects IT, production, and customer products. Employee-focused training, from gamification to practical compliance, is central, and Reiß highlights regulatory complexity (e.g., NIS2, DORA, Cyber Resilience Act) while urging organizations to start, don’t wait on pragmatic implementation.

Vaillant CISO: From Technology to Strategic Cyber Leadership

🔒 Raphael Reiß, CISO at Vaillant Group, warns that rising geopolitical tensions and increasingly professional cybercriminals — now aided by AI — have lowered the barrier to complex attacks. Vaillant applies a holistic, multilayered security approach that spans IT, global production and customer-facing products, combining preventive and reactive controls. Reiß emphasises people-first awareness training and pragmatic compliance with standards such as NIS2, DORA and the Cyber Resilience Act. His advice is direct: analyse your starting point and start rather than wait.

Securing Critical Infrastructure: Europe’s Risk-Based Rules

🔒 In this Deputy CISO post, Freddy Dezeure of Microsoft explains how recent EU laws are reshaping cybersecurity for critical infrastructure. He argues that NIS2 and DORA broaden the CISO role across IT, OT, IoT, AI, and supply chains and push for stronger board-level accountability. The piece emphasizes a risk-based, prioritized approach—focusing on a few high-impact controls such as phishing-resistant multifactor authentication, comprehensive asset inventory, timely patching, and resilience testing.