{"id":13873,"date":"2020-07-17T13:00:35","date_gmt":"2020-07-17T12:00:35","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=13873"},"modified":"2021-07-12T09:54:23","modified_gmt":"2021-07-12T08:54:23","slug":"organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/","title":{"rendered":"Organiser ou r\u00e9organiser la fili\u00e8re s\u00e9curit\u00e9 d\u2019une grande entreprise \u2013 retours d\u2019exp\u00e9rience"},"content":{"rendered":"
\n
\n

Nostalgie, nostalgie\u2026 rappelez-vous des organisations s\u00e9curit\u00e9 il y a 20 ans. Impossible de faire plus simple\u00a0! L\u2019\u00e9quipe \u00ab\u00a0type\u00a0\u00bb \u00e9tait compos\u00e9e d\u2019une\u00a0quinzaine de personnes au sein des op\u00e9rations de la DSI, toutes passionn\u00e9es de technique<\/strong>\u00a0: \u00e7a causait nombre de VLAN, filtrage internet, comparatif anti-virus\u2026 Les attaques \u00e9taient encore rares, la pression des r\u00e9gulateurs restait limit\u00e9e, le top management ne ma\u00eetrisait rien\u2026\u00a0bref, les RSSI avaient une paix royale\u00a0!<\/strong>\u00a0Certes, les premi\u00e8res r\u00e9flexions sur le positionnement du RSSI dans l\u2019organisation commen\u00e7aient \u00e0 \u00e9merger (\u00e9quilibre des forces avec le DSI, rapprochement avec la Direction des Risques\u2026) mais ces d\u00e9bats d\u2019expert restaient encore tr\u00e8s confidentiels.<\/p>\n

20 ans apr\u00e8s\u2026 la situation est totalement diff\u00e9rente et la s\u00e9curit\u00e9 a pris une toute autre dimension dans les entreprises. Les chiffres parlent d\u2019eux-m\u00eames\u00a0: en France,\u00a0on constate en moyenne 1 ETP s\u00e9curit\u00e9 pour 500 \u00e0 3000 employ\u00e9s<\/strong>, avec une moyenne tournant aux alentours de 1 pour 1000. Certains acteurs de la Finance peuvent m\u00eame atteindre des ratios record de 1 pour 200 en int\u00e9grant les diff\u00e9rentes lignes de d\u00e9fense. Je vous laisse faire le calcul\u00a0:\u00a0cela repr\u00e9sente rapidement plusieurs centaines, voire milliers d\u2019employ\u00e9s\u00a0!<\/strong>\u00a0Les RSSI sont donc maintenant aux commandes d\u2019un effectif pl\u00e9thorique et sacr\u00e9ment diversifi\u00e9. Les experts historiques ont \u00e9t\u00e9 rejoint ces derni\u00e8res ann\u00e9es par des cargaisons de chefs de projet, PMO, COO, Directeurs de Programme, voire parfois par des acheteurs et RH sp\u00e9cialis\u00e9s, qui apprennent progressivement \u00e0 travailler ensemble. Tel un coach sportif, le RSSI doit d\u00e9sormais composer avec un tel effectif et trouver la bonne organisation, le bon syst\u00e8me de jeu pour obtenir des r\u00e9sultats.<\/p>\n

 <\/p>\n

PAS DE REVOLUTION, LA FILI\u00c8RE FONCTIONNELLE RESTE LA NORME<\/h2>\n<\/div>\n<\/div>\n

 <\/p>\n

\"No<\/p>\n

 <\/p>\n

\n
\n

Les raisons qui poussent \u00e0 se r\u00e9organiser sont toujours globalement les m\u00eames\u00a0: manque de ma\u00eetrise, sentiment d\u2019inefficacit\u00e9, responsabilit\u00e9s diffuses… et le travail de remise \u00e0 plat peut sembler colossal. Cela am\u00e8ne certains RSSI \u00e0 envisager tr\u00e8s rapidement des solutions en rupture, et en particulier\u00a0celle du regroupement de toutes les ressources s\u00e9curit\u00e9 dans une seule et m\u00eame \u00e9quipe hi\u00e9rarchis\u00e9e<\/strong>. Ne perdons pas de temps et soyons tr\u00e8s clairs\u00a0: dans 95% des cas, cette solution n\u2019est pas retenue. Un tel mouvement pr\u00e9sente tout simplement trop de risques d\u2019exclusion de la fonction s\u00e9curit\u00e9, difficilement conciliable avec le besoin de proximit\u00e9 m\u00e9tier\u00a0de certaines activit\u00e9s\u00a0: accompagnement de projets m\u00e9tier, sensibilisation des populations sp\u00e9cifiques, n\u00e9gociations budg\u00e9taires\u2026\u00a0La fili\u00e8re fonctionnelle reste la norme\u00a0: une \u00e9quipe centrale et des relai<\/strong>s (RSSI locaux, correspondants s\u00e9curit\u00e9\u2026)\u00a0r\u00e9partis partout dans l\u2019organisation.<\/strong>\u00a0Certains acteurs industriels ont toutefois r\u00e9cemment franchi le cap de la centralisation, mais le mouvement est davantage motiv\u00e9 par une volont\u00e9 de rapprochement des ressources cybers\u00e9curit\u00e9 avec l\u2019\u00e9quipe suret\u00e9, particuli\u00e8rement mature dans ce secteur.<\/p>\n

Le rattachement du RSSI reste \u00e9galement un \u00e9l\u00e9ment de d\u00e9bat, tr\u00e8s largement relay\u00e9 et comment\u00e9 depuis des ann\u00e9es. DSI, Direction des Risques, Direction Financi\u00e8re, CEO\u2026 on a parfois l\u2019impression que c\u2019est une course \u00e0 qui sera le plus haut dans la hi\u00e9rarchie\u00a0! Mais contrairement aux id\u00e9es re\u00e7ues, on ne constate pas forc\u00e9ment sur le terrain de tendance \u00e0 la sortie de la DSI. Bien au contraire\u00a0:\u00a03 RSSI sur 4 rapportent au DSI dans les grandes entreprises<\/strong>\u00a0et la plupart des r\u00e9organisations d\u00e9bouchent sur un tel rattachement. La raison est simple\u00a0: c\u2019est souvent un excellent point de chute pour \u00eatre dans l\u2019action, faire avancer ses sujets, obtenir du budget\u00a0! Attention\u00a0: pour ceux qui d\u00e9cident d\u2019un rattachement diff\u00e9rent, rappelons-nous que 80% d\u2019un budget cybers\u00e9curit\u00e9 tombe dans le p\u00e9rim\u00e8tre de la DSI.\u00a0Il est donc indispensable de nourrir une relation de qualit\u00e9 entre le RSSI et le DSI.<\/strong>\u00a0J\u2019ai pu assister \u00e0 quelques rapports de force ces derni\u00e8res ann\u00e9es, et c\u2019est rarement le RSSI qui gagne\u00a0\ud83d\ude09<\/p>\n

\u00c7a y est\u2026 on tient les principes de base : une fili\u00e8re fonctionnelle, souvent rattach\u00e9e au DSI, avec des relais RSSI dans les grands p\u00f4les d\u2019activit\u00e9 de l\u2019entreprise. Il s\u2019agit maintenant de r\u00e9partir dans cette organisation toutes les activit\u00e9s de cybers\u00e9curit\u00e9, et elles sont nombreuses\u00a0: politiques, \u00e9tudes, sensibilisation, Programme cybers\u00e9curit\u00e9, accompagnement projets, audits, SOC, CERT\u2026<\/p>\n

 <\/p>\n

CASSER LES SILOS ET RECHERCHER L\u2019EFFICACIT\u00c9\u00a0OP\u00c9RATIONNELLE<\/h2>\n

En tant que prestataire, je peux en t\u00e9moigner : il est assez commun d\u2019\u00eatre sollicit\u00e9 plusieurs fois pour la m\u00eame \u00e9tude au sein d\u2019un Grand Compte, dans plusieurs entit\u00e9s diff\u00e9rentes. C\u2019est tout \u00e0 fait compr\u00e9hensible\u00a0: dans un mod\u00e8le en fili\u00e8re, chaque entit\u00e9 \/ pays dispose d\u2019une \u00e9quipe s\u00e9curit\u00e9, et sans r\u00e8gles du jeu clairement \u00e9tablies,\u00a0la Direction locale a souvent le r\u00e9flexe de renforcer son \u00e9quipe au moindre besoin<\/strong>\u00a0(\u00e9tude sp\u00e9cifique, r\u00e9sultat d\u2019audit\u2026). C\u2019est tout le pi\u00e8ge d\u2019une fili\u00e8re\u00a0: elle pr\u00e9sente de nombreux avantages mais cr\u00e9e de la complexit\u00e9 et des redondances. Et croyez-moi, lorsque le RSSI Groupe se retrouve \u00e0 expliquer au top management pourquoi l\u2019entreprise dispose de 3 SOC et de 4 cellules de r\u00e9ponse \u00e0 incidents\u2026 c\u2019est rarement la meilleure r\u00e9union de sa journ\u00e9e\u00a0;-).<\/p>\n<\/div>\n<\/div>\n

 <\/p>\n

\"No<\/p>\n

\n
\n

 <\/p>\n

Pour \u00e9viter ce genre de situation,\u00a0la tendance est au regroupement de comp\u00e9tences et \u00e0 la cr\u00e9ation d\u2019offres de service cybers\u00e9curit\u00e9 centrales<\/strong>. Tr\u00e8s concr\u00e8tement, cela se traduit pour de nombreuses organisations par une mutualisation de 1. L\u2019expertise cybers\u00e9curit\u00e9 (\u00e9tudes, innovation, sensibilisation\u2026)\u00a02. La d\u00e9tection et la r\u00e9ponse (SOC, CERT, exercices de crise, Threat Intel\u2026) 3. Les audits et contr\u00f4les (pentests, redteam, analyse de code\u2026) 4. La gestion de projet et PMO (reporting, PMO, communication\u2026). Ajoutez une entit\u00e9 gouvernance et strat\u00e9gie, et\u00a0vous n\u2019\u00eates pas loin d\u2019obtenir l\u2019organigramme de beaucoup de RSSI Groupe<\/strong>\u00a0! Notons qu\u2019il existe des alternatives\u00a0: certaines organisations optent pour un mod\u00e8le distribu\u00e9, consistant \u00e0 r\u00e9partir les services dans les entit\u00e9s (par exemple\u00a0: les USA sont dor\u00e9navant en charge du service de tests d\u2019intrusion pour toute l\u2019entreprise), et les tr\u00e8s grandes entreprises optent souvent pour la cr\u00e9ation de Hubs interm\u00e9diaires (par r\u00e9gion, par m\u00e9tier\u2026) d\u00e9livrant ces services. Quelle que soit l\u2019organisation retenue, ce mouvement de consolidation est en cours\u00a0:\u00a0on estime \u00e0 environ 40% le nombre d\u2019employ\u00e9s de la fili\u00e8re travaillant sur des activit\u00e9s \u00e0 port\u00e9e transverse\u2026<\/strong>\u00a0et la progression est exponentielle ces derni\u00e8res ann\u00e9es.<\/p>\n

Ce mouvement de centralisation permet de lib\u00e9rer les \u00e9quipes locales (RSSI ou correspondants m\u00e9tier\/pays\/entit\u00e9) qui peuvent ainsi consommer les services et\u00a0se recentrer sur les activit\u00e9s n\u00e9cessitant une forte proximit\u00e9 avec leurs m\u00e9tiers<\/strong>\u00a0: \u00e9valuation des risques, int\u00e9gration de la s\u00e9curit\u00e9 dans les projets, recettes de s\u00e9curit\u00e9\u2026 Dans les fili\u00e8res s\u00e9curit\u00e9, c\u2019est ici que nous retrouvons encore aujourd\u2019hui l\u2019essentiel des effectifs (facilement 30 \u00e0 40%)\u2026 mais cette situation est tr\u00e8s probablement transitoire\u00a0!\u00a0La g\u00e9n\u00e9ralisation de l\u2019agile impacte de plein fouet ces \u00e9quipes\u00a0<\/strong>qui se retrouvent \u00e0 changer de m\u00e9tier du jour au lendemain car projet\u00e9es dans les Feature Teams \u00e0 former, coacher et outiller des \u00ab\u00a0Security Champions\u00a0\u00bb qui gagnent progressivement en autonomie. R\u00e9sultat : les RSSI locaux s\u2019industrialisent \u00e9galement et organisent leur \u00e9quipe en centre de services \u00e0 destination de ces Feature Teams (standards de d\u00e9veloppement, revue de code, m\u00e9thodes d\u2019analyse\u2026) Suivez mon regard\u00a0:\u00a0le spectre de l\u2019\u00e9quipe s\u00e9curit\u00e9 unique, centralis\u00e9e, risque de ressurgir assez rapidement\u00a0dans les d\u00e9bats<\/strong>\u2026 et c\u2019est la transformation agile qui acc\u00e9l\u00e8re le processus\u00a0!<\/p>\n

 <\/p>\n

ON PEUT D\u00c9SORMAIS FAIRE UNE CARRI\u00c8RE DANS UNE FILI\u00c8RE\u00a0S\u00c9CURIT\u00c9<\/h2>\n<\/div>\n<\/div>\n

 <\/p>\n

\"No<\/p>\n

\n
\n
<\/div>\n

Nous l\u2019avons largement comment\u00e9\u00a0: certaines fili\u00e8res s\u00e9curit\u00e9 sont pass\u00e9es de quelques dizaines de personnes, \u00e0 plusieurs centaines voire milliers en l\u2019espace de quelques ann\u00e9es. Certes cela n\u00e9cessite un brin d\u2019organisation\u2026 mais\u00a0c\u2019est \u00e9galement une formidable opportunit\u00e9 pour tous les employ\u00e9s de la fili\u00e8re !\u00a0<\/strong>Gestion de projet, management d\u2019\u00e9quipe, expertise, communication\u2026 tr\u00e8s peu de secteurs offrent une telle diversit\u00e9, et la situation est id\u00e9ale pour attirer et fid\u00e9liser les talents. Je ne peux que vous recommander de profiter d\u2019une r\u00e9organisation cybers\u00e9curit\u00e9 pour mettre en lumi\u00e8re cette richesse et\u00a0travailler sur la gestion des comp\u00e9tences<\/strong>\u00a0: alignement des salaires, re\/up-skilling, plans de formation\/certification, responsabilit\u00e9s individuelles, processus de mobilit\u00e9\u2026 les sujets \u00e0 traiter sont nombreux pour booster le well-being et permettre aux employ\u00e9s de se construire\u00a0une carri\u00e8re pleine et enrichissante au sein de la fili\u00e8re\u00a0!<\/strong><\/p>\n<\/div>\n<\/div>\n

<\/div>\n","protected":false},"excerpt":{"rendered":"

Nostalgie, nostalgie\u2026 rappelez-vous des organisations s\u00e9curit\u00e9 il y a 20 ans. Impossible de faire plus simple\u00a0! L\u2019\u00e9quipe \u00ab\u00a0type\u00a0\u00bb \u00e9tait compos\u00e9e d\u2019une\u00a0quinzaine de personnes au sein des op\u00e9rations de la DSI, toutes passionn\u00e9es de technique\u00a0: \u00e7a causait nombre de VLAN, filtrage…<\/p>\n","protected":false},"author":1246,"featured_media":11091,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3222,36],"tags":[51,3557,3558,243,1546,3512,181],"coauthors":[783],"class_list":["post-13873","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyberrisk-management-strategy","category-cybersecurity-digital-trust","tag-dsi","tag-filiere-securite","tag-grande-entreprise","tag-organisation","tag-reorganisation","tag-retour-dexperience","tag-rssi"],"acf":[],"yoast_head":"\nOrganiser ou r\u00e9organiser la fili\u00e8re s\u00e9curit\u00e9 d\u2019une grande entreprise \u2013 retours d\u2019exp\u00e9rience - RiskInsight<\/title>\n<meta name=\"description\" content=\"Nostalgie, nostalgie\u2026 rappelez-vous des organisations s\u00e9curit\u00e9 il y a 20 ans. Impossible de faire plus simple\u00a0! L\u2019\u00e9quipe \u00ab\u00a0type\u00a0\u00bb \u00e9tait compos\u00e9e d\u2019une\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Organiser ou r\u00e9organiser la fili\u00e8re s\u00e9curit\u00e9 d\u2019une grande entreprise \u2013 retours d\u2019exp\u00e9rience - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"Nostalgie, nostalgie\u2026 rappelez-vous des organisations s\u00e9curit\u00e9 il y a 20 ans. Impossible de faire plus simple\u00a0! L\u2019\u00e9quipe \u00ab\u00a0type\u00a0\u00bb \u00e9tait compos\u00e9e d\u2019une\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2020-07-17T12:00:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-12T08:54:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/07\/Fotolia_62798858_Subscription_Monthly_M.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1453\" \/>\n\t<meta property=\"og:image:height\" content=\"1308\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Matthieu Garin\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Matthieu Garin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/\"},\"author\":{\"name\":\"Matthieu Garin\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/6c4f0c30b01417df346ed7f46d56b935\"},\"headline\":\"Organiser ou r\u00e9organiser la fili\u00e8re s\u00e9curit\u00e9 d\u2019une grande entreprise \u2013 retours d\u2019exp\u00e9rience\",\"datePublished\":\"2020-07-17T12:00:35+00:00\",\"dateModified\":\"2021-07-12T08:54:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/\"},\"wordCount\":1499,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/07\/Fotolia_62798858_Subscription_Monthly_M.jpg\",\"keywords\":[\"DSI\",\"fili\u00e8re s\u00e9curit\u00e9\",\"grande entreprise\",\"organisation\",\"r\u00e9organisation\",\"retour d'exp\u00e9rience\",\"RSSI\"],\"articleSection\":[\"Cyberrisk Management & Strategy\",\"Cybersecurity & Digital Trust\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/\",\"name\":\"Organiser ou r\u00e9organiser la fili\u00e8re s\u00e9curit\u00e9 d\u2019une grande entreprise \u2013 retours d\u2019exp\u00e9rience - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/07\/Fotolia_62798858_Subscription_Monthly_M.jpg\",\"datePublished\":\"2020-07-17T12:00:35+00:00\",\"dateModified\":\"2021-07-12T08:54:23+00:00\",\"description\":\"Nostalgie, nostalgie\u2026 rappelez-vous des organisations s\u00e9curit\u00e9 il y a 20 ans. Impossible de faire plus simple\u00a0! L\u2019\u00e9quipe \u00ab\u00a0type\u00a0\u00bb \u00e9tait compos\u00e9e d\u2019une\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/07\/Fotolia_62798858_Subscription_Monthly_M.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/07\/Fotolia_62798858_Subscription_Monthly_M.jpg\",\"width\":1453,\"height\":1308,\"caption\":\"Vector businessman looking for future trends through binoculars - business and strategy metaphor - illustration in flat style\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Organiser ou r\u00e9organiser la fili\u00e8re s\u00e9curit\u00e9 d\u2019une grande entreprise \u2013 retours d\u2019exp\u00e9rience\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity & digital trust blog by Wavestone's consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/6c4f0c30b01417df346ed7f46d56b935\",\"name\":\"Matthieu Garin\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/matthieu-garin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Organiser ou r\u00e9organiser la fili\u00e8re s\u00e9curit\u00e9 d\u2019une grande entreprise \u2013 retours d\u2019exp\u00e9rience - RiskInsight","description":"Nostalgie, nostalgie\u2026 rappelez-vous des organisations s\u00e9curit\u00e9 il y a 20 ans. Impossible de faire plus simple\u00a0! L\u2019\u00e9quipe \u00ab\u00a0type\u00a0\u00bb \u00e9tait compos\u00e9e d\u2019une","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/","og_locale":"en_US","og_type":"article","og_title":"Organiser ou r\u00e9organiser la fili\u00e8re s\u00e9curit\u00e9 d\u2019une grande entreprise \u2013 retours d\u2019exp\u00e9rience - RiskInsight","og_description":"Nostalgie, nostalgie\u2026 rappelez-vous des organisations s\u00e9curit\u00e9 il y a 20 ans. Impossible de faire plus simple\u00a0! L\u2019\u00e9quipe \u00ab\u00a0type\u00a0\u00bb \u00e9tait compos\u00e9e d\u2019une","og_url":"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/","og_site_name":"RiskInsight","article_published_time":"2020-07-17T12:00:35+00:00","article_modified_time":"2021-07-12T08:54:23+00:00","og_image":[{"width":1453,"height":1308,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/07\/Fotolia_62798858_Subscription_Monthly_M.jpg","type":"image\/jpeg"}],"author":"Matthieu Garin","twitter_misc":{"Written by":"Matthieu Garin","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/"},"author":{"name":"Matthieu Garin","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/6c4f0c30b01417df346ed7f46d56b935"},"headline":"Organiser ou r\u00e9organiser la fili\u00e8re s\u00e9curit\u00e9 d\u2019une grande entreprise \u2013 retours d\u2019exp\u00e9rience","datePublished":"2020-07-17T12:00:35+00:00","dateModified":"2021-07-12T08:54:23+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/"},"wordCount":1499,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/07\/Fotolia_62798858_Subscription_Monthly_M.jpg","keywords":["DSI","fili\u00e8re s\u00e9curit\u00e9","grande entreprise","organisation","r\u00e9organisation","retour d'exp\u00e9rience","RSSI"],"articleSection":["Cyberrisk Management & Strategy","Cybersecurity & Digital Trust"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/","url":"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/","name":"Organiser ou r\u00e9organiser la fili\u00e8re s\u00e9curit\u00e9 d\u2019une grande entreprise \u2013 retours d\u2019exp\u00e9rience - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/07\/Fotolia_62798858_Subscription_Monthly_M.jpg","datePublished":"2020-07-17T12:00:35+00:00","dateModified":"2021-07-12T08:54:23+00:00","description":"Nostalgie, nostalgie\u2026 rappelez-vous des organisations s\u00e9curit\u00e9 il y a 20 ans. Impossible de faire plus simple\u00a0! L\u2019\u00e9quipe \u00ab\u00a0type\u00a0\u00bb \u00e9tait compos\u00e9e d\u2019une","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/07\/Fotolia_62798858_Subscription_Monthly_M.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/07\/Fotolia_62798858_Subscription_Monthly_M.jpg","width":1453,"height":1308,"caption":"Vector businessman looking for future trends through binoculars - business and strategy metaphor - illustration in flat style"},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2020\/07\/organiser-ou-reorganiser-la-filiere-securite-dune-grande-entreprise-retours-dexperience\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Organiser ou r\u00e9organiser la fili\u00e8re s\u00e9curit\u00e9 d\u2019une grande entreprise \u2013 retours d\u2019exp\u00e9rience"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity & digital trust blog by Wavestone's consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/6c4f0c30b01417df346ed7f46d56b935","name":"Matthieu Garin","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/matthieu-garin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/13873","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/1246"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=13873"}],"version-history":[{"count":10,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/13873\/revisions"}],"predecessor-version":[{"id":14371,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/13873\/revisions\/14371"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/11091"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=13873"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=13873"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=13873"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=13873"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}