{"id":15889,"date":"2021-05-28T08:29:33","date_gmt":"2021-05-28T07:29:33","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=15889"},"modified":"2021-09-14T11:51:50","modified_gmt":"2021-09-14T10:51:50","slug":"episode-2-create-a-relationship-of-trust-with-the-executive-committee","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/","title":{"rendered":"Episode 2 Create a relationship of trust with the executive committee"},"content":{"rendered":"

Create a relationship of trust <\/span><\/b>with<\/span><\/b> the <\/span><\/b>executive committee: step 2, <\/span><\/b>solidify<\/span><\/b> the <\/span><\/b>organisation’s<\/span><\/b> posture and explain the lines of action<\/span><\/b><\/h1>\n

Creating a relationship of trust with <\/span>the<\/span> executive committee is a long-term action. After a<\/span> first<\/span> step that often involves raising awareness and putting the cyber risk into perspective for the organization (see<\/span> <\/span>BILLET 1<\/a>),<\/span> <\/span>it is now a <\/span>case<\/span> of getting to the heart of the matter and starting the path of transformation!<\/span> <\/span><\/p>\n

TO TRANSFORM, YOU HAVE TO KNOW <\/span><\/b>FROM WHERE YOU ARE STARTING<\/span><\/b>….<\/span><\/b> <\/span><\/h2>\n

Before any transformation<\/span>,<\/span> it is important to define the starting point and share the findings with the executive committee. The use of <\/span>international standards <\/span>obviously forms the basis for evaluation<\/span>, ISO 27001\/2 and NIST CSF are the two international references: one rather European, the other more <\/span>anglo-american<\/span>. <\/span> <\/span><\/p>\n

But what will matter most to executives is a benchmark based on the posture of their competitors and the market in which they are located. As such, we have developed a specific tool<\/span>ing<\/span> at Wavestone and built a comparison base that currently includes more than 50 large organizations, mostly international and based in Europe. The quality of this base is essential to convince the leaders, who during the debriefings will ask, precisely and <\/span>often <\/span>with <\/span>a<\/span> lot of hindsight, what is done elsewhere.<\/span> <\/span><\/p>\n

The first key element of an evaluation <\/span>is to ask the right <\/span><\/b>questions and get useful answers!<\/span><\/b> <\/span> In a large organization, it is complex to<\/span> carry out<\/span> a detailed assessment of the level of compliance with <\/span>security <\/span>rules<\/span>. The use of a simple notation, on a classic scale of maturity <\/span>–<\/span> <\/span>from 1 to 4 for example<\/span> <\/span>– <\/span>quickly reaches its limit. What we have chosen to do, and which has proven its worth on the ground<\/span>,<\/span> is to answer questions by expressing a percentage of the perimeter covered. For example, it is possible to have 80% of workstations with a simple anti-virus and 20% with a modern tooling type EDR. The same approach is replicable on more organizational issues, 50% of users<\/span> aware<\/span> by sending emails, 30% by tracking a webinar and 20% by face-to-face sessions. <\/span> <\/span><\/p>\n

In the collective unconscious, this phase of questioning often seems long and very energy intensive.<\/span> I<\/span>f you want a high level of detail, evidence gathering or technical checks: this can be useful when the organization already has a high level of maturity. But at the beginning, a simpler and more effective approach, typically over a short period of one month with a load of twenty days, may be enough to <\/span>provide a <\/span> concrete picture of the situation and enough concrete arguments to get decisions and initiate change.<\/span> <\/span><\/p>\n

During the preparation phase<\/span>,<\/span> it will also be important to identify the expectations of the executive committee beforehand. Discussing with the most concerned members about their expectations, getting their opinions on the right way to approach the subject and the priorities of the organization will be essential to ensure the relevance of the questioning and restitution phases. <\/span>There is n<\/span>othing<\/span> worse than making an off topic on the day of restitution!<\/span> <\/span><\/p>\n

… AND SHARE THE REALITY OF THE SITUATION <\/span><\/b> <\/span><\/h2>\n

After the collection phase, the time will come for the analysis of the results.\u202fOur feedback show<\/span>s<\/span> <\/span>that combining multiple views makes the most sense and is effective in gaining commitment<\/span>. The classic rosettes of ISO or NIST compliance are obviously essential but often prove ineffective: too many axes, too many mixed elements that ultimately always give average notes. <\/span> <\/span><\/p>\n

As mentioned in the previous post, two indicators will be successful at the beginning of the exchange: the budget dedicated to cybersecurity and the <\/span>number<\/span> of people<\/span> mobilized on cybersecurity. The budget indicator is always tricky to handle (high annual variation and non-homogeneous accounting method), we often prefer to use that of more stable and reliable staff). Secondly, in our opinion, it is effective to run the analysis on three axes: <\/span> <\/span><\/p>\n

    \n
  • Th<\/span>e 1<\/span>st<\/span> is the <\/span>resistance of the organization to the last known <\/span>attacks.<\/span><\/b> Clearly the most effective element in debriefing with the executive committee, it also helps to attract attention at the beginning of the restitution. To achieve this view, we use CERT-W operational feedback to find out <\/span>about<\/span> the latest methods of cybercriminal attacks and we conduct an analysis of the <\/span>associated measures. <\/span> <\/span><\/li>\n
  • Th<\/span>e 2<\/span>nd<\/span> is <\/span>a<\/span> <\/span>market posture,<\/span><\/b> <\/span><\/b>crossing the level of compliance with international<\/span> <\/span>benchmarks (type: “I aim for 75% ISO compliance”) with the gap to the market average for the organization concerned (“on the safety of the workstation, I am 3 points below the market. On physical security, I’m 2 points above”). Crossing these two axes helps to identify priority areas (those where you are below international standards but also above the market) <\/span>and<\/span> those where you should not be aggressive (the whole market is below international benchmarks, but you are above the market average).<\/span> <\/span><\/li>\n
  • Th<\/span>e 3<\/span>rd<\/span> is a<\/span>n \u201cactors\u201d oriented view<\/span> of the transformation, <\/span><\/b>organized by the large entities that will be in charge of the transformation (for example: within the CIO the network, the workstations, the servers, within the risk directorate …). This view is very useful to conclude the exchange because it <\/span>creates action <\/span>and shows who will have to invest the most.<\/span> <\/span><\/li>\n<\/ul>\n

    Of course, these different views can be segmented by country or large organizational units to reflect possible disparities or expectations of management. <\/span> <\/span><\/p>\n

    In this phase of restitution, our feedback show<\/span>s<\/span> that executive committees are increasingly sensitive to cybersecurity issues and will ask very specific and concrete questions. Therefore, evidence and factual evidence about the organization must be <\/span>well-informed.<\/span> Having the results of recent audits, concrete figures on the length of time it takes to successfully break in, and even videos of an attack demonstration can <\/span>facilitate <\/span>an executive committee <\/span>to become <\/span>aware of the risk. <\/span> <\/span><\/p>\n

    STARTING NOW STEP 3: TRANSFORMING THE ORGANIZATION <\/span><\/b> <\/span><\/h2>\n

    Describ<\/span>ing<\/span> the situation, the difficulties and the axes of progress should not be an <\/span>end<\/span>. The first arguments must be prepared on the conduct of change. Who should carry the transformation? What financial volumes should be expected? What schedule to consider? What reporting should be done? And above all what sponsor in the executive committee <\/span>should <\/span>follow this topic! Without being a formal part of the <\/span>meeting<\/span>, <\/span>incorporating these elements into<\/span> <\/span>the end of the exchange allows us to prepare the next step and<\/span> <\/span>collect the first opinions<\/span>. <\/span> <\/span><\/p>\n

    These issues are obviously very dependent on the organization, but we are seeing trends emerging. Today, it is mainly the <\/span>CISO w<\/span>ithin the CIO that carries the transformation often supported by an experienced <\/span>program<\/span>me<\/span> director familiar with the structure. Regarding budgets, for major remediation <\/span>programmes<\/span>, the sums in the financial sector range between 200 and 800 million euros, in the <\/span>industr<\/span>ial sector <\/span>b<\/span>etween 50 and 100 million. These sums are usually committed on 2- or 3-year programs and are followed by the quarterly executive committee at the launch and then a semi-annual pace can be <\/span>sustained<\/span> from then onwards<\/span>.<\/span> <\/span><\/p>\n

    To conclude the session, the most important thing is to <\/span>define the next step<\/span><\/b>s<\/span><\/b>!<\/span><\/b> <\/span> Even if all these <\/span>savings <\/span>do not <\/span>immediately <\/span>lead to the launch of an investment <\/span>programme<\/span>,<\/span> <\/span>the risk review should take <\/span>these results into account or propose the realization of a benchmark again the following year.<\/span> <\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

    Create a relationship of trust with the executive committee: step 2, solidify the organisation’s posture and explain the lines of action Creating a relationship of trust with the executive committee is a long-term action. After a first step that often involves raising awareness and putting the cyber risk into perspective…<\/p>\n","protected":false},"author":15,"featured_media":16696,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3270,3977],"tags":[3450,2877,3370],"coauthors":[837],"class_list":["post-15889","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyberrisk-management-strategy-en","category-focus","tag-audit-en","tag-strategy","tag-transformation-en"],"acf":[],"yoast_head":"\nEpisode 2 Create a relationship of trust with the executive committee - RiskInsight<\/title>\n<meta name=\"description\" content=\"Create a relationship of trust with\u00a0the\u00a0executive committee:\u00a0solidify\u00a0the\u00a0organisation's\u00a0posture and explain the lines of action. Feedback from G\u00e9r\u00f4me Billois.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Episode 2 Create a relationship of trust with the executive committee - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"Create a relationship of trust with\u00a0the\u00a0executive committee:\u00a0solidify\u00a0the\u00a0organisation's\u00a0posture and explain the lines of action. Feedback from G\u00e9r\u00f4me Billois.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-28T07:29:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-09-14T10:51:50+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/05\/Image3.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"667\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"G\u00e9r\u00f4me Billois\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"G\u00e9r\u00f4me Billois\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/\"},\"author\":{\"name\":\"G\u00e9r\u00f4me Billois\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17\"},\"headline\":\"Episode 2 Create a relationship of trust with the executive committee\",\"datePublished\":\"2021-05-28T07:29:33+00:00\",\"dateModified\":\"2021-09-14T10:51:50+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/\"},\"wordCount\":1345,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/05\/Image3.jpg\",\"keywords\":[\"audit\",\"Strategy\",\"Transformation\"],\"articleSection\":[\"Cyberrisk Management & Strategy\",\"Focus\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/\",\"name\":\"Episode 2 Create a relationship of trust with the executive committee - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/05\/Image3.jpg\",\"datePublished\":\"2021-05-28T07:29:33+00:00\",\"dateModified\":\"2021-09-14T10:51:50+00:00\",\"description\":\"Create a relationship of trust with\u00a0the\u00a0executive committee:\u00a0solidify\u00a0the\u00a0organisation's\u00a0posture and explain the lines of action. Feedback from G\u00e9r\u00f4me Billois.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/05\/Image3.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/05\/Image3.jpg\",\"width\":1000,\"height\":667},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Episode 2 Create a relationship of trust with the executive committee\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity & digital trust blog by Wavestone's consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17\",\"name\":\"G\u00e9r\u00f4me Billois\",\"description\":\"G\u00e9r\u00f4me Billois is a Partner at Wavestone in the Cybersecurity and Digital Trust practice. He graduated from the National Institute of Applied Sciences in Lyon. He has deep expertise in risk management and cybersecurity, developed over more than 15 years of experience. G\u00e9r\u00f4me is a board member of CLUSIF, a member of the ISO JTC1\/SC27 committee, responsible for information security standardisation, and a founding member of Club27001, a non-profit dedicated to promoting the ISO 27001 standard. He holds CISA, CISSP and ISO 27001 PA certifications. G\u00e9r\u00f4me co-authored several books on cybersecurity (Eyrolles, Cepadues, Wiley & Sons, Larcier), is a regular media and conference speaker (Assises de la S\u00e9curit\u00e9, ISACA, CLUSIF, CNIS, etc.), and gives university lectures.\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/gerome-billois\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Episode 2 Create a relationship of trust with the executive committee - RiskInsight","description":"Create a relationship of trust with\u00a0the\u00a0executive committee:\u00a0solidify\u00a0the\u00a0organisation's\u00a0posture and explain the lines of action. Feedback from G\u00e9r\u00f4me Billois.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/","og_locale":"en_US","og_type":"article","og_title":"Episode 2 Create a relationship of trust with the executive committee - RiskInsight","og_description":"Create a relationship of trust with\u00a0the\u00a0executive committee:\u00a0solidify\u00a0the\u00a0organisation's\u00a0posture and explain the lines of action. Feedback from G\u00e9r\u00f4me Billois.","og_url":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/","og_site_name":"RiskInsight","article_published_time":"2021-05-28T07:29:33+00:00","article_modified_time":"2021-09-14T10:51:50+00:00","og_image":[{"width":1000,"height":667,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/05\/Image3.jpg","type":"image\/jpeg"}],"author":"G\u00e9r\u00f4me Billois","twitter_misc":{"Written by":"G\u00e9r\u00f4me Billois","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/"},"author":{"name":"G\u00e9r\u00f4me Billois","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17"},"headline":"Episode 2 Create a relationship of trust with the executive committee","datePublished":"2021-05-28T07:29:33+00:00","dateModified":"2021-09-14T10:51:50+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/"},"wordCount":1345,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/05\/Image3.jpg","keywords":["audit","Strategy","Transformation"],"articleSection":["Cyberrisk Management & Strategy","Focus"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/","url":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/","name":"Episode 2 Create a relationship of trust with the executive committee - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/05\/Image3.jpg","datePublished":"2021-05-28T07:29:33+00:00","dateModified":"2021-09-14T10:51:50+00:00","description":"Create a relationship of trust with\u00a0the\u00a0executive committee:\u00a0solidify\u00a0the\u00a0organisation's\u00a0posture and explain the lines of action. Feedback from G\u00e9r\u00f4me Billois.","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/05\/Image3.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/05\/Image3.jpg","width":1000,"height":667},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/05\/episode-2-create-a-relationship-of-trust-with-the-executive-committee\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Episode 2 Create a relationship of trust with the executive committee"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity & digital trust blog by Wavestone's consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17","name":"G\u00e9r\u00f4me Billois","description":"G\u00e9r\u00f4me Billois is a Partner at Wavestone in the Cybersecurity and Digital Trust practice. He graduated from the National Institute of Applied Sciences in Lyon. He has deep expertise in risk management and cybersecurity, developed over more than 15 years of experience. G\u00e9r\u00f4me is a board member of CLUSIF, a member of the ISO JTC1\/SC27 committee, responsible for information security standardisation, and a founding member of Club27001, a non-profit dedicated to promoting the ISO 27001 standard. He holds CISA, CISSP and ISO 27001 PA certifications. G\u00e9r\u00f4me co-authored several books on cybersecurity (Eyrolles, Cepadues, Wiley & Sons, Larcier), is a regular media and conference speaker (Assises de la S\u00e9curit\u00e9, ISACA, CLUSIF, CNIS, etc.), and gives university lectures.","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/gerome-billois\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/15889","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=15889"}],"version-history":[{"count":3,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/15889\/revisions"}],"predecessor-version":[{"id":16788,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/15889\/revisions\/16788"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/16696"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=15889"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=15889"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=15889"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=15889"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}