Name: What are the key differences between NIS2 and DORA?
Start: 2025-07-09T10:26:00Z
End: 2025-07-09T10:26:03.000Z
Location: BrightTALK

Panaseer helps organisations proactively understand their security posture with automated trusted security metrics using Continuous Controls Monitoring (CCM).

Panaseer provides Cyber Asset Management - A trusted inventory of all assets that is business enriched with context, criticality and ownership and Security Controls Management – The ability to understand security control effectiveness and identify gaps in protection across eight security domains: Vulnerability Management, Endpoint Management, Patch Management, Identity and Access Management, Privileged Access, Security Awareness, Cloud Security & Application Security.

By taking all the data from disparate business, IT and security tools and bringing it together using data science; we give organisations the ability to prioritise risk based on business context, so they can make better decisions and prioritise and track remediation campaigns all of which is helping organisations fully understand their security posture without the need for manual reporting. 

Visit panaseer.com to find out more.

As a security leader, you’re called upon to translate your posture into something your executive team can understand. It means you need more than data – you need insights. 

In this short demo, discover how Panaseer’s approach to Continuous Controls Monitoring (CCM) helps you translate complex technical data into clear, strategic insights that resonate with executive stakeholders. 

Designed for CISOs and security leaders across industries, this session will show how CCM enables you to build impactful reports that align cyber risk with business priorities - turning security data into boardroom-ready narratives.  

Learn how to: 

- Create executive-ready cyber reports that speak the language of the business 
- Map control data and metrics to business objectives and risk outcomes 
- Provide stakeholders with a clear view of your security posture and priorities 
- Use real-time data to inform strategic decisions, not just operational fixes 

Get a quick walkthrough of how Panaseer helps security leaders move from reactive reporting to proactive influence, arming you with the tools to drive action and investment at the highest level.

Get the full cyber picture; A demo of Panaseer's Continuous Controls Monitoring platform

To keep organizations safe, modern security teams must stay on top of a constant stream of metrics, from key control indicators (KCIs) that measure control effectiveness to key risk indicators (KRIs) that track emerging threats and internal compliance controls. This means facing a daily flood of alerts, dashboards, and reports. But knowing which deviations truly matter and what to do about them is the real challenge. 

In this session, Panaseer's Thordis Thorsteins, Lead AI Data Scientist, and Adam Kosky, Senior Customer Success Manager will explore and demonstrate how MetricIQ, Panaseer’s latest AI solution, helps security teams' triage, interpret, and act on critical metrics in seconds instead of hours. 

In under 20 minutes, you’ll discover how to: 

- Focus on the metrics that matter most without burning out chasing alerts 
- Understand the business impact of security metrics
- Make faster, more confident decisions with clear, actionable next steps 
- Scale SOC operations efficiently without adding headcount 

If you’ve ever spent hours digging through dashboards, spreadsheets, or multiple security tools to understand your measurements, this session will show you how to get those answers in seconds using AI-powered metric triage within Panaseer’s Continuous Controls Monitoring (CCM) platform.

AI in Action: Accelerating security operations through smarter AI powered metric triage

AI in action: Accelerating security operations through smarter AI-powered metric triage

Security teams aren’t short of data – but turning that data into something useable and actionable is hard. 

In this  session, Thordis Thorsteins, Senior AI Data Scientist at Panaseer, will demonstrate how AI-powered key driver analysis can quickly surface the root causes behind shifts in your KPIs and cybersecurity metrics, enabling faster investigations, clearer reporting, and smarter, data-driven decisions. 

In15 minutes, you’ll discover how to: 

- Use AI to explain the changes behind your security metrics 
- Investigate anomalies and emerging risks in minutes, not days 
- Provide stakeholders with clear, evidence-backed explanations they can act on 
- Move from reactive analysis to proactive, continuous improvement 

If you’ve ever been challenged to explain a sudden change in your cybersecurity performance, or wished you could turn data into answers and actions without the heavy lifting, this session will show you how by leveraging key driver analysis within a Continuous Controls Monitoring (CCM) platform.

Transforming raw data to actionable insights using AI

Too many organizations operate in the dark when it comes to cyber risk.  

Security teams are drowning in data from countless cybersecurity tools – each telling a different story but not one giving the full picture. These fragmented tools, inconsistent data, and manual analysis leave hidden control gaps undetected. Security leaders are living with risk they can’t see, can’t measure, and can’t remediate quickly. 

Continuous Controls Monitoring (CCM) turns data into action, unifying control data to get a single, trusted view of your cyber risk posture. 

Designed for security teams managing sprawling environments, this session explores how Panaseer’s CCM platform delivers accurate, real-time, contextualized insights - uncovering previously hidden risks, automating trust in control data, and enabling security teams to manage and report on control effectiveness with clarity and confidence. 

You’ll see how Panaseer gives teams the oversight to own their security performance, prioritize remediation based on real risk, and prove control effectiveness to stakeholders. 

Learn how to: 
- Consolidate and normalize data from multiple security tools into one trusted platform
- Identify and prioritize cyber risk based on known business context
- Replace error-prone manual reporting with automated, reliable insights   

Understand how security leaders use Panaseer to replace fragmented data with a single source of truth and make their cyber risk measurable, manageable, and meaningful. Clear insights. Confident decisions. All in just 15 minutes.

Uncover hidden cyber risk and own control effectiveness

What's the main cause of security breaches? Most business executives would probably point to zero-days or sophisticated hacks, but the reality is more mundane. 

In this webinar, Dave Ferguson from the Bank of England joins Panaseer's Nick Lines to discuss why control failures continue to be a huge problem for security teams. Using the findings from a recent Dark Reading report, they explore: 

Why cyber hygiene should be a higher priority 
How the Bank of England gets actionable insights from security data 
How to bring the sexy back to cybersecurity fundamentals

Why control failures are the cybersecurity industry's dirty little secret

Regulatory expectations are rising – and so is the pressure to deliver timely and credible compliance reporting. But with data scattered across silos and manual processes slowing you down, how can you be sure what you're reporting is accurate? 

In just 15-minutes, understand how Continuous Controls Monitoring (CCM) empowers security leaders to move from point-in-time checks to continuous compliance – ensuring you’re always ready to report with confidence. We’ll explore how to automate control monitoring, align with regulatory frameworks, and proactively surface compliance gaps before they become audit issues. 

Learn how to: 
- Shift from manual reporting to automated, continuous compliance   
- Gain real-time visibility into your compliance efforts across frameworks   
- Confidently respond to regulatory inquiries with trusted, consistent data   
- Prove control effectiveness with defensible evidence – continuously. 

See real-world examples of how organizations use Panaseer to stay audit-ready year-round and reduce the time, cost, and risk of compliance – and all in the time it takes to drink your morning cup of coffee!

Stay audit-ready with a continuous compliance approach; a short demo of Continuous Controls Monitoring (CCM)

Exploring key drivers: transforming raw data to actionable insights using AI

Too many security dashboards lull leadership into complacency by showcasing a sea of reassuring green. In this highlight reel, veteran CISO Jim Routh argues that true resilience starts when discussions centre on reds. 

In less than three-minutes, Jim covers: 
- How to reframe red metrics as actionable priorities rather than bad news
- Ways to prioritize resource allocation and policy updates to resolve reds and document the control improvements regulators expect
- Why creating a culture that celebrates tackling reds as proof of proactive governance leads to a more resilient organization

Embrace the reds: turning alerts and compliance dashboards into strategic action

In this rapid-fire briefing, CISO Andy Jaquith unveils his disciplined approach to risk management that cuts through noise and bureaucracy. Rather than wrestling with hundreds of theoretical threats, Andy shares how to:

- Pinpoint the 20 - 30 most salient risks that genuinely threaten mission success.
- Map each risk to relevant controls, revealing powerful patterns of overlap.
- Replace scattershot control inventories with a concise “play map” executives can understand and fund.

Ideal for CISOs and security executives seeking a pragmatic blueprint for aligning finite resources to the controls that matter most, this talk reframes risk reduction as an exercise in strategic control consolidation, linking to frameworks and regulations where necessary.

The CISO play-map for tackling top cyber risks using automation

Former Global CISO Oli Newbury challenges the dangerous comfort zone of periodic compliance checks and bureaucratic inertia that leaves organizations vulnerable between assessments. He exposes the critical flaw in traditional compliance thinking: the false security of assuming "everything's fine because it was fine last time we looked."

In this essential discussion, Oli breaks down:
- Why it's time to take stock and challenge entrenched bureaucratic compliance processes
- The fundamental shift from periodic snapshots to dynamic, continuous risk visibility
- How continuous compliance transforms your entire risk profile, not just reporting efficiency
- Moving beyond automation as a reporting tool toward real-time risk intelligence

Oli's insights reveal why the security leaders who are applying continuous compliance frameworks are building the most resilient organizations - ditching the dangerous illusion of point-in-time compliance in favor of always-on risk awareness.

Why continuous compliance is the new risk reality

Cyber threats are evolving faster than ever, with AI-powered attacks connecting multiple vulnerabilities and driving the down the time-to-exploit. It's impacting the way we now must measure and approach cyber risk.

Join us for an deep dive into Panaseer's compound risk metrics with Director of Product Nick Emanuel as he explores how this latest innovation exposes the hidden dangers traditional security metrics often miss.

In this webinar, you'll learn:

- Why compound risk metrics matter now more than ever
- How toxic combinations (hidden intersections of control gaps) create unseen but high-impact risk
- Why siloed signals and isolated metrics fail to tell the whole story
- How compound risk metrics provide contextual, actionable insight to inform better security decisions

You’ll leave with a clear understanding of how to identify, measure, and act on risks your existing controls assurance and reporting may be missing.

How to surface hidden risk hiding in your cyber security metrics

Group Chief Information Security Officer (CISO) and security strategist Elaine Bucknor challenges the status quo of rigid compliance frameworks that have become a business liability in today's dynamic threat environment. In under three minutes, she exposes how traditional "checkbox approaches" create a false sense of security while actually functioning as anchors that prevent organizations from responding effectively to modern challenges.

In this thought-provoking reel, Elaine explores:
- Why compliance-as-doctrine fails in the face of geopolitical threats and supply chain disruptions
- The critical difference between doing what's "required" versus what's "absolutely necessary" for business protection
- Strategies for creating responsive security environments that anticipate and adapt to regulatory changes

Ideal viewing for CISOs, security executives, and compliance leaders on-the-go who recognize that yesterday's rigid frameworks won't protect tomorrow's dynamic businesses.

Why breaking free from checkbox compliance can lead to strategic cyber agility

Tired of the manual burden of audits, many cybersecurity teams are turning to automation and a continuous compliance approach.

In this 2 minute highlight reel, seasoned CISO Andreas Wuchner reveals the strategic mindset shift that transforms compliance from a burden into a natural outcome. He quickly uncovers why traditional compliance approaches fail and demonstrates how building robust, monitored control frameworks creates a foundation where regulatory requirements across multiple jurisdictions become manageable side effects rather than primary objectives.

An ideal watch for CISOs, compliance officers, and security leaders looking to move beyond checkbox compliance toward sustainable, strategic risk management that scales across regulatory environments

Beyond compliance theatre: how smart control frameworks make regulatory requirements a byproduct

Panaseer have been at the forefront of Continuous Controls Monitoring (CCM) technology since Gartner initially recognised the category over 5 years ago.

In this short session, hear from Panaseer's Chief Product Officer Marc Moesse and Head of Product Management Nick Emanuel as they discuss key innovation coming to Panaseer's Continuous Controls Monitoring platform in 2025, including:

- AI analysis
- Cyber frameworks catalog and mapping
- Compound risk metrics
- Multiple scorecards

Continuous Controls Monitoring (CCM) product innovation at Panaseer

In under 2-minutes, Head of Strategic Sales and Partnerships at Panaseer, Neil Hooper introduces the Cyber Risk Institute (CRI) Profile - a risk-based, financial sector-specific framework developed to help institutions meet regulatory expectations efficiently and consistently.

Neil explains how the CRI Profile aligns with global regulations and is designed to simplify compliance across jurisdictions by mapping to multiple standards in a single, structured format. He also covers how Panaseer supports organizations in operationalizing the profile by enabling automated evidence collection and continuous control monitoring - making it easier to demonstrate maturity, reduce audit fatigue, and drive risk-informed decisions.

Perfect for CISOs, risk officers, and compliance teams in banking and financial services looking to streamline their regulatory reporting and strengthen cyber resilience.

What is the Cyber Risk Institute (CRI) Profile?

In just two-minutes, understand what impact PCI DSS 4.0 - the latest version of the Payment Card Industry Data Security Standard - has after key requirements became mandatory in 2025.

Neil Hooper, Head of Strategic Sales and Partnerships at Panaseer, highlights the most impactful updates, including the shift to a customized approach for control implementation, new requirements around continuous control monitoring, and increased expectations for evidence and reporting.

You’ll also hear how Panaseer supports compliance with PCI DSS 4.0 by providing automated, real-time visibility into control coverage, effectiveness, and evidence readiness, helping security teams stay ahead of audits and reduce manual effort.

What are the key requirements of PCI DSS 4.0?

In this focused 2-minute webinar, Head of Strategic Sales and Partnerships at Panaseer, Neil Hooper breaks down the NYDFS Cybersecurity Regulation (23 NYCRR Part 500) and specifically the key changes introduced in the April 2024 amendment.

In the session, Neil covers the regulation’s core requirements for financial institutions and spotlights the  emphasis on a risk-based approach to control monitoring - requiring organizations to continuously assess the effectiveness of their cybersecurity controls, not just implement them.

You’ll also learn how a Continuous Controls Monitoring (CCM) approach helps meet these expectations by delivering automated visibility into control performance across your environment, supporting both compliance and stronger operational resilience.

A must-watch for CISOs, CROs, and compliance leads navigating the evolving NYDFS requirements.

Taking a risk-based approach to controls monitoring with NYDFS NYCRR compliance

In this short webinar, Dr Leila Powell, Head of Data at Panaseer, introduces CIS Controls v8.0 framework - the latest version of the Center for Internet Security’s prioritized best practices for cyber defense.

Leila handily highlights key updates in version 8.0, including the shift from function-specific controls to activity-based safeguards, better alignment with modern IT environments (like cloud and remote work), and the continued use of Implementation Groups (IG1–IG3) to scale guidance based on organizational maturity.

You’ll also see how Panaseer supports continuous monitoring of CIS v8.0 controls - making it easier to measure coverage, spot gaps, and ensure controls are operating as intended.

How to comply with v8.0 of the Critical Security Controls (CIS) framework

In this bite-sized webinar, VP of Strategic Sales and Partnerships at Panaseer, Neil Hooper gives a clear, practical introduction to Cyber Essentials - the UK government-backed scheme designed to help organizations protect against common cyber threats.

Neil explains what the scheme covers, who it’s for, and how it helps demonstrate baseline security hygiene to customers, partners, and regulators. You’ll also hear how Panaseer supports continuous visibility and evidence collection across the five key control areas.

Ideal for teams exploring Cyber Essentials or preparing for certification - especially those looking to streamline and scale compliance efforts.

A practical introduction to Cyber Essentials, the UK government-backed scheme

In this quick overview, Head of Data at Panaseer, Leila Powell introduces the NIST Cybersecurity Framework (CSF) version 2.0 - a major update to one of the most widely adopted cybersecurity frameworks and why it provides improved guidance for organizations of all sizes and sectors.

You’ll get a clear picture of how NIST CSF v2.0 helps security teams align strategy, measure maturity, and strengthen cyber resilience - whether you're just starting with the framework or looking to update your current program - and how a CCM platform can support in measuring against the v2.0 of the framework.

What is NIST Cyber Security Framework v2.0?

In this short explainer, Head of Data at Panaseer, Dr Leila Powell breaks down a common point of confusion in cyber security and compliance: what’s the difference between a framework and a regulation?

Using real-world analogies, Dr Leila clarifies how regulations (like GDPR or DORA) are mandatory legal requirements, while frameworks (like NIST or ISO 27001) are voluntary best practices that help you meet those requirements - and build a strong security posture along the way.

Perfect for security, risk, and compliance teams looking to demystify terminology with the wider organization and align on smarter strategies for meeting both regulatory and business needs.

Frameworks 101; the difference between a cybersecurity framework and a regulation.

Cyber Compliance Explained: bite-sized webinars on cyber frameworks, regulations & control monitoring

In this short video, Head of Data at Panaseer, Dr Leila Powell breaks down the key differences between two major EU cybersecurity regulations NIS2 and DORA.and DORA (Digital Operational Resilience Act).

They explain how NIS2 focuses broadly on strengthening cybersecurity across essential and important sectors (like energy, transport, and healthcare), while DORA is laser-focused on the financial sector, with an emphasis on ICT risk management, resilience testing, and third-party oversight.

You’ll come away with a clear understanding of:
- Who each regulation applies to
- What kinds of controls and reporting are required 
- How the two regulations complement, but don’t duplicate, each other

An ideal watch for risk, compliance, and security leaders preparing for EU regulatory deadlines.

What are the key differences between NIS2 and DORA?

Cyber Security

IT Security

DORA

NIS2

Cyber Resilience

Cyber regulations

Regulations

Compliance

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

What are the key differences between NIS2 and DORA?

Presented by

About this talk

Panaseer - Continuous Controls Monitoring