{"id":11444,"date":"2018-12-17T19:44:10","date_gmt":"2018-12-17T18:44:10","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=11444\/"},"modified":"2020-01-03T09:01:00","modified_gmt":"2020-01-03T08:01:00","slug":"2019-rssi-coeur-revolution-si","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/12\/2019-rssi-coeur-revolution-si\/","title":{"rendered":"2019 : Le RSSI au c\u0153ur de la r\u00e9volution du SI"},"content":{"rendered":"<p><em>La fin de l\u2019ann\u00e9e ouvre toujours la saison des pr\u00e9dictions pour 2019\u00a0! Cet exercice, certes convenu, est tout de m\u00eame l\u2019occasion de prendre le temps de r\u00e9fl\u00e9chir \u00e0 l\u2019ann\u00e9e \u00e9coul\u00e9e et aux priorit\u00e9s \u00e0 venir.<\/em><\/p>\n<figure id=\"post-11464 media-11464\" class=\"align-none\">\n<figure id=\"post-11466 media-11466\" class=\"align-none\">\n<figure id=\"post-11466 media-11466\" class=\"align-none\">\n<figure id=\"post-11487 media-11487\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-11487 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/12\/RADAR2019.png\" alt=\"\" width=\"624\" height=\"461\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/12\/RADAR2019.png 1207w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/12\/RADAR2019-259x191.png 259w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/12\/RADAR2019-768x567.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/12\/RADAR2019-53x39.png 53w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n<\/figure>\n<\/figure>\n<\/figure>\n<p>2018 a \u00e9videmment vu s&#8217;\u00e9largir le cadre r\u00e9glementaire\u00a0: on oubliera difficilement le 25 mai, date o\u00f9 le RGPD est entr\u00e9 en vigueur\u00a0! Les projets li\u00e9s \u00e0 des r\u00e9glementations sur les op\u00e9rateurs critiques (<a href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2016\/12\/reussir-mise-conformite-loi-de-programmation-militaire\/\">LPM<\/a><a href=\"#_ftn1\" name=\"_ftnref1\"><\/a>, <a href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/11\/nis-mesures-securite-ose\/\">NIS<\/a><a href=\"#_ftn2\" name=\"_ftnref2\"><\/a>) ou sectorielles (NYS DFS, <a href=\"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/hong-kong-programme-cybersecurite-secteur-bancaire\/\">HKMA<\/a><a href=\"#_ftn3\" name=\"_ftnref3\"><\/a>, MAS\u2026) ont \u00e9galement rythm\u00e9 l\u2019ann\u00e9e.<\/p>\n<p>Du point de vue de la menace, 2018 pr\u00e9sente un bilan plus vari\u00e9 que 2017 et la pr\u00e9dominance de NotPetya. Nous avons en effet observ\u00e9 3 tendances\u00a0:<\/p>\n<ul>\n<li>Le maintien des <em>ransomware<\/em> en premi\u00e8re place des interventions de notre CERT, y compris avec certaines r\u00e9surgences de Wannacry\u00a0;<\/li>\n<li>La multiplication des incidents de plus faible intensit\u00e9 que les <em>ransomware<\/em> massifs de 2017 mais dommageables \u00e0 l\u2019\u00e9chelle des entreprises\u00a0; en particulier en mati\u00e8re de fuite de donn\u00e9es des clients\u00a0;<\/li>\n<li>Plus pr\u00e9occupant, la multiplication d\u2019attaques de plus en plus astucieuses, plus proches des processus m\u00e9tiers comme celles qui ont touch\u00e9 de nombreuses banques, ou plus int\u00e9gr\u00e9es dans les syst\u00e8mes techniques comme la s\u00e9rie des attaques <a href=\"https:\/\/techcrunch.com\/2018\/11\/13\/magecart-hackers-persistent-credit-card-skimmer-groups\/\">MageCart<\/a> touchant le c\u0153ur du fonctionnement des sites Internet.<\/li>\n<\/ul>\n<p>Il est \u00e9vident que ces attaques continueront en 2019, la cybercriminalit\u00e9 restant malheureusement une activit\u00e9 tr\u00e8s rentable.<\/p>\n<p>Si le num\u00e9rique est de plus pr\u00e9sent dans les m\u00e9tiers de tous les secteurs (Industry 4.0, Open Data, DSP2&#8230;), ce qui va v\u00e9ritablement marquer 2019, c\u2019est l\u2019acc\u00e9l\u00e9ration autour de trois axes :\u00a0 l\u2019agilit\u00e9, le <em>cloud <\/em>et l\u2019<em>API-fication<\/em> des services IT et des applications. Le temps de l\u2019exp\u00e9rimentation est derri\u00e8re nous\u00a0; place d\u00e9sormais \u00e0 l\u2019\u00e8re de la concr\u00e9tisation de ces transformations.<\/p>\n<h2>Les 3 axes de la r\u00e9volution du SI en 2019<\/h2>\n<h3>Agilit\u00e9 : plus r\u00e9actif, plus rapide, plus simple<\/h3>\n<p>Les grandes entreprises ont d\u00e9marr\u00e9, parfois \u00e0 marche forc\u00e9e, des migrations vers un fonctionnement agile \u00e0 grande \u00e9chelle. Face \u00e0 cette transformation, le RSSI doit s\u2019approprier ces m\u00e9thodologies et travailler de fa\u00e7on rapproch\u00e9e avec les \u00e9quipes de d\u00e9veloppement pour qu\u2019elles se saisissent des enjeux de la cybers\u00e9curit\u00e9.\u00a0 Dans un premier temps, ce rapprochement permettra l\u2019int\u00e9gration de la s\u00e9curit\u00e9 dans les projets agiles par le biais d\u2019<a href=\"https:\/\/www.owasp.org\/index.php\/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories\"><em>Evil User Stories<\/em><\/a>, de formation des \u00e9quipes \u00e0 la s\u00e9curit\u00e9, de mise en \u0153uvre d\u2019outils d\u2019int\u00e9gration continue et d\u2019int\u00e9gration de tests d\u2019intrusion dans le cycle de d\u00e9veloppement. Ce mouvement est d\u00e9j\u00e0 bien entam\u00e9 avec des premiers accompagnements r\u00e9ussis.<\/p>\n<p>Au-del\u00e0 de l\u2019int\u00e9gration de la cybers\u00e9curit\u00e9 dans les projets agiles, c\u2019est la cybers\u00e9curit\u00e9 qui devra prendre le tournant de l\u2019agilit\u00e9 en s\u2019int\u00e9grant dans un nouveau mod\u00e8le op\u00e9rationnel. Non seulement les \u00e9quipes cybers\u00e9curit\u00e9 s\u2019inscriront dans cette organisation agile en rejoignant les <em>Feature Teams<\/em> pour donner de la visibilit\u00e9 au RSSI sur les risques identifi\u00e9s dans ces projets, mais elles seront \u00e9galement capables de fournir des services de s\u00e9curit\u00e9 en mode agile. Des <em>Product Owners<\/em> portant des services de s\u00e9curit\u00e9 appara\u00eetront pour d\u00e9livrer de la cybers\u00e9curit\u00e9 <em>as a service<\/em> au sein de l\u2019organisation.<\/p>\n<h3>Cloud : s\u00e9curis\u00e9 par d\u00e9faut, multiple, automatis\u00e9<\/h3>\n<p>Le second axe est l\u2019utilisation \u00e0 grande \u00e9chelle du Cloud. En 2019, l\u2019addition des premi\u00e8res exp\u00e9rimentations d\u00e9clenchera une r\u00e9action en cha\u00eene vers le <em>Cloud-first<\/em>, voire pour nos clients les plus avanc\u00e9s le <em>Cloud-Only<\/em>. Au-del\u00e0 des applications, le mouvement de migration des infrastructures est entam\u00e9, y compris pour des composants cl\u00e9 comme l\u2019<a href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/02\/identite-dans-le-cloud-le-marche-se-structure-quid-de-lapproche-de-microsoft\/\"><em>Active Directory.<\/em><\/a><\/p>\n<p>Toutes ces avanc\u00e9es prometteuses impliqueront un changement de m\u00e9tier des DSI. Dans ce contexte, le RSSI devra s\u2019adapter \u00e0 ce nouveau mod\u00e8le op\u00e9rationnel afin de s\u2019assurer du maintien de la s\u00e9curit\u00e9 des configurations dans le temps et d\u2019ouvrir le dialogue avec ses nouveaux interlocuteurs. Il pourra encourager l\u2019utilisation des nouvelles capacit\u00e9s d\u2019auto-rem\u00e9diation et de reconstruction des syst\u00e8mes en cas d\u2019incident de s\u00e9curit\u00e9.<\/p>\n<p>Cette situation n\u00e9cessitera des adaptations pour fournir une vue globale en mati\u00e8re de surveillance du SI, d\u2019administration et de gestion des droits. La s\u00e9curit\u00e9 devra \u00eatre int\u00e9gr\u00e9e d\u00e8s la conception des architectures dans les mod\u00e8les de configuration et s\u2019appuyer sur les briques des fournisseurs. Les droits pourront \u00eatre attribu\u00e9s de fa\u00e7on extr\u00eamement granulaire pour limiter les risques d\u2019acc\u00e8s ill\u00e9gitime aux ressources. Ils devront \u00eatre revus de mani\u00e8re automatis\u00e9e pour s\u2019adapter aux changements fr\u00e9quents.<\/p>\n<p>Le <em>cloud<\/em>, c\u2019est aussi un virage \u00e0 prendre pour les fili\u00e8res s\u00e9curit\u00e9\u00a0: le RSSI sera en premi\u00e8re ligne pour adopter et tirer le meilleur parti des offres du march\u00e9\u00a0: analyse de vuln\u00e9rabilit\u00e9s, contr\u00f4le d\u2019acc\u00e8s, <em>MFA<\/em>, <em>Identity Governance<\/em>, filtrage de contenu\u2026 nombre de ces services disposent d\u00e9j\u00e0 d\u2019une offre cr\u00e9dible dans le <em>cloud<\/em>. Le <em>multicloud<\/em> bas\u00e9 sur 2 fournisseurs deviendra une priorit\u00e9 pour permettre la <a href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/les-cles-assurer-gestion-unifiee-cloud\/\">continuit\u00e9 des services<\/a>.<a href=\"#_ftnref1\" name=\"_ftn1\"><\/a><\/p>\n<h3>API-fication : de multiples nouvelles portes d&#8217;entr\u00e9e pour le SI<a href=\"#_ftnref3\" name=\"_ftn3\"><\/a><\/h3>\n<p>Le troisi\u00e8me axe est la multiplication des API. Pouss\u00e9e dans le secteur financier par la r\u00e9glementation <a href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2016\/01\/la-dsp2-une-directive-sur-les-services-de-paiements-qui-prone-la-concurrence\/\">DSP2<\/a>, l\u2019<em>API-fication<\/em> touche tous les secteurs et permet de faire interagir des services en standardisant les moyens d\u2019\u00e9changes de donn\u00e9es.<\/p>\n<p>Nous constatons chez nos clients les difficult\u00e9s de la fili\u00e8re s\u00e9curit\u00e9 \u00e0 ma\u00eetriser ce nouvel enjeu. Si <a href=\"https:\/\/www.wavestone.com\/fr\/insight\/recette-securiser-api\/\">l\u2019<em>API-fication<\/em><\/a> pourra \u00eatre un levier pour faciliter la s\u00e9curisation des \u00e9changes machine \u00e0 machine par l\u2019uniformisation, le chiffrement ou l\u2019authentification, elle pr\u00e9sente certains risques li\u00e9s \u00e0 leur multiplication et leur large surface d\u2019exposition. En effet, m\u00eame de grands acteurs comme <a href=\"https:\/\/www.wired.com\/story\/google-plus-bug-52-million-users-data-exposed\">Google<\/a> ou <a href=\"https:\/\/www.wired.com\/story\/facebook-photo-api-bug-millions-users-exposed\">Facebook<\/a> parviennent difficilement \u00e0 ma\u00eetriser ce sujet comme l\u2019ont montr\u00e9 les incidents de 2018.<\/p>\n<p>Si le RSSI veut reprendre en main le terrain de jeu de l\u2019<em>API-fication<\/em>, il doit, d\u00e8s maintenant, investir ce th\u00e9\u00e2tre d\u2019op\u00e9ration avec tous les moyens existants, y compris les plus innovants. Il ne pourra pas se contenter de simplement d\u00e9finir une gouvernance ou tenter, dans un premier temps, d\u2019inventorier les API expos\u00e9es\u00a0; il devra anticiper et \u00eatre en mesure de surveiller et contr\u00f4ler un grand nombre d\u2019API.<a href=\"#_ftnref1\" name=\"_ftn1\"><\/a><\/p>\n<h2>Une r\u00e9volution qui exige une r\u00e9vision des fondamentaux dans un contexte de p\u00e9nurie des comp\u00e9tences<\/h2>\n<p>R\u00e9volution profonde du SI, r\u00e9glementations toujours plus pr\u00e9sentes et aux sanctions exponentielles\u00a0; comment les fili\u00e8res s\u00e9curit\u00e9 peuvent-elles sortir de l\u2019\u00e9tau qui les enserre\u00a0? Pour y parvenir, nous identifions 3 grands chantiers :<\/p>\n<ul>\n<li><strong>Refondre la PSSI et la gouvernance.<\/strong> Elles devront \u00eatre revues sur la base de la strat\u00e9gie s\u00e9curit\u00e9 existante. Pour acc\u00e9l\u00e9rer et cadrer la d\u00e9marche, le RSSI pourra s\u2019appuyer sur le <em>cybersecurity framework<\/em> du NIST, un r\u00e9f\u00e9rentiel cybers\u00e9curit\u00e9 am\u00e9ricain en passe de devenir incontournable pour les grands groupes de tous secteurs ;<\/li>\n<li><strong>Revoir en profondeur les processus d\u2019int\u00e9gration de la s\u00e9curit\u00e9 dans les projets.<\/strong> Apr\u00e8s avoir \u00e9t\u00e9 amend\u00e9s en 2018 pour les besoins du RGPD, ils devront \u00eatre repens\u00e9s dans le but de gagner davantage en agilit\u00e9 et en flexibilit\u00e9. Les autorit\u00e9s ont rejoint ce mouvement, l\u2019ANSSI ayant modernis\u00e9 la m\u00e9thodologie d\u2019analyse de risques EBIOS, nouvellement nomm\u00e9e EBIOS <em>Risk Manager<\/em>\u00bb par une approche combinant conformit\u00e9 et sc\u00e9narios d\u2019attaque ;<\/li>\n<li><strong>Anticiper et s\u2019adapter \u00e0 une p\u00e9nurie de talent r\u00e9currente.<\/strong> Pas de solution magique bien s\u00fbr, mais une multitude de pistes est \u00e0 tester. D\u2019un point de vue technique, l\u2019automatisation, la migration vers le <em>cloud<\/em>, l\u2019instauration d\u2019un cadre fort instaurant les principes de <em>security by design<\/em> permettront des limiter les efforts. De m\u00eame, la cr\u00e9ation d\u2019offres de services s\u00e9curit\u00e9, le <em>near<\/em> voire <em>offshoring<\/em> pour des services standardis\u00e9s peuvent \u00eatre des solutions.<\/li>\n<\/ul>\n<p>Pour relever les d\u00e9fis de demain, le RSSI devra donner un nouveau souffle \u00e0 la fili\u00e8re s\u00e9curit\u00e9 en cr\u00e9ant un environnement stimulant, ambitieux et formateur permettant l\u2019<em>empowerment<\/em> (ou \u00ab autonomisation \u00bb) des \u00e9quipes. Cela suscitera des vocations et des envies de mobilit\u00e9s internes.<a href=\"#_ftnref1\" name=\"_ftn1\"><\/a><\/p>\n<h2>Au-del\u00e0 de la refonte des fondamentaux, nos 5 priorit\u00e9s pour les fili\u00e8res SSI<\/h2>\n<ul>\n<li>La <strong>cyber-r\u00e9silience b\u00e2tie sur le cloud<\/strong> : l\u2019\u00e9volution des solutions permet d\u2019envisager d\u2019utiliser le cloud comme solution de continuit\u00e9 face aux cyberattaques comme c\u2019est d\u00e9j\u00e0 le cas pour la messagerie. Afin de tester l\u2019efficacit\u00e9 de la r\u00e9ponse \u00e0 ces attaques, les exercices de crise sur table seront compl\u00e9t\u00e9s par des vrais entra\u00eenements sur des syst\u00e8mes simul\u00e9s ;<\/li>\n<li>Le <strong><a href=\"https:\/\/www.riskinsight-wavestone.com\/2018\/07\/nouveaux-outils-du-soc-13\/\">SOC<\/a> est mort, vivent les <em>Fusion Centers<\/em> <\/strong>regroupant des savoir-faire techniques et m\u00e9tiers, permettant d&#8217;appr\u00e9hender de bout en bout d\u2019\u00e9ventuelles fraudes ou intrusions dans le syst\u00e8me d\u2019information et de r\u00e9agir au mieux. Par des nouvelles g\u00e9n\u00e9rations d\u2019outils d\u2019automatisation et de <em>machine learning<\/em>, le SOC pourra d\u00e9tecter les attaques plus finement et plus rapidement ;<\/li>\n<li><strong>Le d\u00e9but de la fin pour les mots de passe :<\/strong> des initiatives comme le <em>0-password<\/em>, le d\u00e9ploiement de FIDO2, la biom\u00e9trie dans le cadre du <em>2FA <\/em>ou encore la <a href=\"https:\/\/www.riskinsight-wavestone.com\/2018\/02\/remedes-contre-maux-de-passe\/\">g\u00e9n\u00e9ralisation des coffres-forts<\/a> permettent de l\u2019envisager ;<\/li>\n<li><strong>L\u2019IA et le <em>machine learning<\/em> <\/strong>repr\u00e9sentent des opportunit\u00e9s \u00e0 moyen terme qui m\u00e9ritent d\u2019\u00eatre test\u00e9es, voire impl\u00e9ment\u00e9es pour les fili\u00e8res cybers\u00e9curit\u00e9 les plus avanc\u00e9es. Cependant, la priorit\u00e9 de 2019 sera de s\u2019assurer de la prise en compte des risques et vuln\u00e9rabilit\u00e9s sp\u00e9cifiques (inf\u00e9rence, empoisonnement&#8230;) dans les projets m\u00e9tier incluant de l\u2019IA ;<\/li>\n<li><strong>Les tiers et les fournisseurs sous microscope :<\/strong> de nombreuses attaques sont aujourd\u2019hui observ\u00e9es sur les fournisseurs, ce qui n\u2019entache pas moins l\u2019image de la soci\u00e9t\u00e9 cliente qui reste responsable.Il y a un besoin, en 2019, de mieux cartographier les interactions avec les prestataires afin d\u2019\u00e9valuer la s\u00e9curit\u00e9 de ceux-ci. C\u2019est un travail complexe vu leur nombre, leur diversit\u00e9 et leurs imbrications. Des start-ups comme <a href=\"https:\/\/cybervadis.com\/?lang=fr\">CyberVadis<\/a> ou <a href=\"https:\/\/www.riskledger.com\/\">Risk Ledger<\/a> abordent ce probl\u00e8me sous un angle neuf.<\/li>\n<\/ul>\n<h2>Faire de la s\u00e9curit\u00e9 un diff\u00e9renciateur vis-\u00e0-vis des clients de l&#8217;entreprise<\/h2>\n<p>Souvent ignor\u00e9e, parfois rejet\u00e9e, la s\u00e9curit\u00e9 \u00e9tait jusqu\u2019\u00e0 tr\u00e8s r\u00e9cemment somm\u00e9e d\u2019\u00eatre transparente pour \u00eatre tol\u00e9r\u00e9e. La m\u00e9diatisation quasi quotidienne des fuites de donn\u00e9es et des fraudes a remis la cybers\u00e9curit\u00e9 au centre du jeu.<\/p>\n<p>En 2019, la s\u00e9curit\u00e9 ne pourra pas se contenter d\u2019\u00eatre une ligne de d\u00e9fense essentielle dans toute entreprise et devra \u00eatre vue comme g\u00e9n\u00e9ratrice de valeur pour le <em>core-business<\/em>.<\/p>\n<p>Ce changement concerne quasiment tous les secteurs d\u2019activit\u00e9. Bien s\u00fbr, vient imm\u00e9diatement \u00e0 l\u2019esprit le secteur bancaire\u00a0: double authentification, cryptogramme dynamique, notification en cas de mouvements suspects\u2026 mais il n\u2019est pourtant pas le seul\u00a0:<\/p>\n<ul>\n<li>L\u2019automobile, avec la s\u00e9curisation \u00ab\u00a0visible\u00a0\u00bb du v\u00e9hicule connect\u00e9, avant de passer au v\u00e9hicule autonome demain\u00a0;<\/li>\n<li>Les op\u00e9rateurs t\u00e9l\u00e9com, dont certains promeuvent leur nouvelle <em>box <\/em>avec des services de cybers\u00e9curit\u00e9 comme la d\u00e9tection de vuln\u00e9rabilit\u00e9s\u00a0;<\/li>\n<li>Les fournisseurs de services au grand public (transport, \u00e9nergie, eau\u2026) o\u00f9 la cybers\u00e9curit\u00e9 est requise dans les processus de vente et peut-\u00eatre un diff\u00e9renciateur.<\/li>\n<\/ul>\n<p>Sous l\u2019impulsion du RSSI, la fili\u00e8re s\u00e9curit\u00e9 doit saisir ces opportunit\u00e9s pour se rapprocher des m\u00e9tiers et montrer son apport dans le c\u0153ur de l\u2019activit\u00e9 de son organisation. Des acteurs de renom comme Apple ont adopt\u00e9 cette approche en mettant la s\u00e9curit\u00e9 et le respect de la vie priv\u00e9e au c\u0153ur de leur proposition de valeur.<\/p>\n<p><strong>Alors pourquoi pas vous\u00a0?<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>La fin de l\u2019ann\u00e9e ouvre toujours la saison des pr\u00e9dictions pour 2019\u00a0! Cet exercice, certes convenu, est tout de m\u00eame l\u2019occasion de prendre le temps de r\u00e9fl\u00e9chir \u00e0 l\u2019ann\u00e9e \u00e9coul\u00e9e et aux priorit\u00e9s \u00e0 venir. 2018 a \u00e9videmment vu s&#8217;\u00e9largir&#8230;<\/p>\n","protected":false},"author":15,"featured_media":11450,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[36],"tags":[181,447,1710],"coauthors":[837,2741],"class_list":["post-11444","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","tag-rssi","tag-strategie","tag-transformation-numerique"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>2019 : Le RSSI au c\u0153ur de la r\u00e9volution du SI - RiskInsight<\/title>\n<meta name=\"description\" content=\"La fin de l\u2019ann\u00e9e ouvre toujours la saison des pr\u00e9dictions pour 2019 ! Cet exercice est l\u2019occasion de r\u00e9fl\u00e9chir \u00e0 l\u2019ann\u00e9e \u00e9coul\u00e9e et aux priorit\u00e9s \u00e0 venir.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"2019 : Le RSSI au c\u0153ur de la r\u00e9volution du SI - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"La fin de l\u2019ann\u00e9e ouvre toujours la saison des pr\u00e9dictions pour 2019 ! Cet exercice est l\u2019occasion de r\u00e9fl\u00e9chir \u00e0 l\u2019ann\u00e9e \u00e9coul\u00e9e et aux priorit\u00e9s \u00e0 venir.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2018-12-17T18:44:10+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-01-03T08:01:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/12\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"3873\" \/>\n\t<meta property=\"og:image:height\" content=\"3873\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"G\u00e9r\u00f4me Billois, David Renty\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"G\u00e9r\u00f4me Billois, David Renty\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/\"},\"author\":{\"name\":\"G\u00e9r\u00f4me Billois\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17\"},\"headline\":\"2019 : Le RSSI au c\u0153ur de la r\u00e9volution du SI\",\"datePublished\":\"2018-12-17T18:44:10+00:00\",\"dateModified\":\"2020-01-03T08:01:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/\"},\"wordCount\":2032,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/12\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg\",\"keywords\":[\"RSSI\",\"strat\u00e9gie\",\"transformation num\u00e9rique\"],\"articleSection\":[\"Cybersecurity &amp; Digital Trust\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/\",\"name\":\"2019 : Le RSSI au c\u0153ur de la r\u00e9volution du SI - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/12\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg\",\"datePublished\":\"2018-12-17T18:44:10+00:00\",\"dateModified\":\"2020-01-03T08:01:00+00:00\",\"description\":\"La fin de l\u2019ann\u00e9e ouvre toujours la saison des pr\u00e9dictions pour 2019 ! Cet exercice est l\u2019occasion de r\u00e9fl\u00e9chir \u00e0 l\u2019ann\u00e9e \u00e9coul\u00e9e et aux priorit\u00e9s \u00e0 venir.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/12\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/12\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg\",\"width\":3873,\"height\":3873,\"caption\":\"flat design for team work concept over yellow\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"2019 : Le RSSI au c\u0153ur de la r\u00e9volution du SI\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17\",\"name\":\"G\u00e9r\u00f4me Billois\",\"description\":\"G\u00e9r\u00f4me Billois is a Partner at Wavestone in the Cybersecurity and Digital Trust practice. He graduated from the National Institute of Applied Sciences in Lyon. He has deep expertise in risk management and cybersecurity, developed over more than 15 years of experience. G\u00e9r\u00f4me is a board member of CLUSIF, a member of the ISO JTC1\/SC27 committee, responsible for information security standardisation, and a founding member of Club27001, a non-profit dedicated to promoting the ISO 27001 standard. He holds CISA, CISSP and ISO 27001 PA certifications. G\u00e9r\u00f4me co-authored several books on cybersecurity (Eyrolles, Cepadues, Wiley &amp; Sons, Larcier), is a regular media and conference speaker (Assises de la S\u00e9curit\u00e9, ISACA, CLUSIF, CNIS, etc.), and gives university lectures.\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/gerome-billois\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"2019 : Le RSSI au c\u0153ur de la r\u00e9volution du SI - RiskInsight","description":"La fin de l\u2019ann\u00e9e ouvre toujours la saison des pr\u00e9dictions pour 2019 ! Cet exercice est l\u2019occasion de r\u00e9fl\u00e9chir \u00e0 l\u2019ann\u00e9e \u00e9coul\u00e9e et aux priorit\u00e9s \u00e0 venir.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/","og_locale":"en_US","og_type":"article","og_title":"2019 : Le RSSI au c\u0153ur de la r\u00e9volution du SI - RiskInsight","og_description":"La fin de l\u2019ann\u00e9e ouvre toujours la saison des pr\u00e9dictions pour 2019 ! Cet exercice est l\u2019occasion de r\u00e9fl\u00e9chir \u00e0 l\u2019ann\u00e9e \u00e9coul\u00e9e et aux priorit\u00e9s \u00e0 venir.","og_url":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/","og_site_name":"RiskInsight","article_published_time":"2018-12-17T18:44:10+00:00","article_modified_time":"2020-01-03T08:01:00+00:00","og_image":[{"width":3873,"height":3873,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/12\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg","type":"image\/jpeg"}],"author":"G\u00e9r\u00f4me Billois, David Renty","twitter_misc":{"Written by":"G\u00e9r\u00f4me Billois, David Renty","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/"},"author":{"name":"G\u00e9r\u00f4me Billois","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17"},"headline":"2019 : Le RSSI au c\u0153ur de la r\u00e9volution du SI","datePublished":"2018-12-17T18:44:10+00:00","dateModified":"2020-01-03T08:01:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/"},"wordCount":2032,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/12\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg","keywords":["RSSI","strat\u00e9gie","transformation num\u00e9rique"],"articleSection":["Cybersecurity &amp; Digital Trust"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/","url":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/","name":"2019 : Le RSSI au c\u0153ur de la r\u00e9volution du SI - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/12\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg","datePublished":"2018-12-17T18:44:10+00:00","dateModified":"2020-01-03T08:01:00+00:00","description":"La fin de l\u2019ann\u00e9e ouvre toujours la saison des pr\u00e9dictions pour 2019 ! Cet exercice est l\u2019occasion de r\u00e9fl\u00e9chir \u00e0 l\u2019ann\u00e9e \u00e9coul\u00e9e et aux priorit\u00e9s \u00e0 venir.","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/12\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/12\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg","width":3873,"height":3873,"caption":"flat design for team work concept over yellow"},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/12\/2019-rssi-coeur-revolution-si\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"2019 : Le RSSI au c\u0153ur de la r\u00e9volution du SI"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17","name":"G\u00e9r\u00f4me Billois","description":"G\u00e9r\u00f4me Billois is a Partner at Wavestone in the Cybersecurity and Digital Trust practice. He graduated from the National Institute of Applied Sciences in Lyon. He has deep expertise in risk management and cybersecurity, developed over more than 15 years of experience. G\u00e9r\u00f4me is a board member of CLUSIF, a member of the ISO JTC1\/SC27 committee, responsible for information security standardisation, and a founding member of Club27001, a non-profit dedicated to promoting the ISO 27001 standard. He holds CISA, CISSP and ISO 27001 PA certifications. G\u00e9r\u00f4me co-authored several books on cybersecurity (Eyrolles, Cepadues, Wiley &amp; Sons, Larcier), is a regular media and conference speaker (Assises de la S\u00e9curit\u00e9, ISACA, CLUSIF, CNIS, etc.), and gives university lectures.","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/gerome-billois\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/11444","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=11444"}],"version-history":[{"count":14,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/11444\/revisions"}],"predecessor-version":[{"id":11489,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/11444\/revisions\/11489"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/11450"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=11444"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=11444"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=11444"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=11444"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}