{"id":2523,"date":"2012-11-13T16:29:27","date_gmt":"2012-11-13T15:29:27","guid":{"rendered":"http:\/\/www.solucominsight.fr\/?p=2523"},"modified":"2019-12-31T12:02:56","modified_gmt":"2019-12-31T11:02:56","slug":"attaques-ciblees-comment-gerer-le-risque-en-amont","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/","title":{"rendered":"Attaques cibl\u00e9es : comment g\u00e9rer le risque en amont ?"},"content":{"rendered":"

(Article r\u00e9dig\u00e9 en collaboration avec Fr\u00e9d\u00e9ric Chollet)<\/p>\n

Si la gestion de crise lors d\u2019une attaque doit suivre les 4 principes cl\u00e9s \u00e9voqu\u00e9s dans notre pr\u00e9c\u00e9dent article, elle doit surtout en int\u00e9grer l\u2019anticipation dans ses m\u00e9canismes.<\/em><\/p>\n

Une strat\u00e9gie \u00e0 moyen terme bas\u00e9e sur l\u2019anticipation des attaques cibl\u00e9es<\/h2>\n

D\u00e8s aujourd\u2019hui, il est n\u00e9cessaire de refondre les processus de gestion de crise. Les sc\u00e9narios de cybercriminalit\u00e9 doivent \u00eatre inclus dans les proc\u00e9dures op\u00e9rationnelles (modalit\u00e9s de r\u00e9ponse, SI sp\u00e9cialis\u00e9\u2026). Les relations avec les autorit\u00e9s comp\u00e9tentes doivent \u00eatre cr\u00e9\u00e9es ou renforc\u00e9es dans le but d\u2019acc\u00e9l\u00e9rer la phase de mobilisation de ces acteurs et de ma\u00eetriser les circuits de communication.<\/p>\n

Une strat\u00e9gie de communication claire doit \u00eatre d\u00e9finie en fonction des acteurs \u00e9voluant dans et autour de l\u2019organisation. Les obligations de demain (notification aux clients des fuites de donn\u00e9es \u00e0 caract\u00e8re personnel\u2026) doivent \u00eatre anticip\u00e9es afin de garantir le moment venu un respect des r\u00e8glementations en vigueur. De ce fait, il ne sera plus possible de garder la confidentialit\u00e9 sur le fait qu\u2019une crise est en cours.<\/p>\n

Les attaques cibl\u00e9es \u00e9tant souvent constitu\u00e9es d\u2019une somme d\u2019incidents unitaires, il est n\u00e9cessaire de revoir en parall\u00e8le les processus de gestion des incidents pour s\u2019inscrire dans une d\u00e9marche it\u00e9rative, garantissant un \u00e9tat de veille constant, une rapidit\u00e9 d\u2019intervention et une prise de recul.<\/p>\n

\u00c0 moyen terme, \u00e9valuer son attractivit\u00e9 et conna\u00eetre ses actifs cl\u00e9s permettent de d\u00e9terminer les informations attirantes pour des attaquants. Le secteur d\u2019activit\u00e9 et le positionnement sur le march\u00e9 sont des \u00e9l\u00e9ments d\u00e9terminants. Au-del\u00e0 de donn\u00e9es internes, les relations entretenues avec certains partenaires et \/ ou clients peuvent augmenter l\u2019attractivit\u00e9 du SI aux yeux d\u2019attaquants. Cette \u00e9valuation doit s\u2019inscrire dans une revue r\u00e9guli\u00e8re des risques avec les m\u00e9tiers.<\/p>\n

Enfin, il faut mettre en place des mesures avanc\u00e9es pour permettre une s\u00e9curisation renforc\u00e9e des cibles identifi\u00e9es avec les m\u00e9tiers en sanctuarisant les p\u00e9rim\u00e8tres les plus sensibles (applications m\u00e9tiers cl\u00e9s, VIP \/ COMEX\u2026) mais aussi les syst\u00e8mes techniques cl\u00e9s (serveurs et postes d\u2019administration, infrastructure \u00e0 effet d\u2019amplification comme la t\u00e9l\u00e9distribution ou l\u2019Active Directory).<\/p>\n

Des approches plus actives (demande de fermeture des sites utilis\u00e9s pour l\u2019exfiltration, honeypot \u2026) peuvent \u00eatre envisag\u00e9es.<\/p>\n

Complexifier l\u2019attaque pour en diminuer sa rentabilit\u00e9<\/h2>\n

Les attaques cibl\u00e9es repr\u00e9sentent un challenge pour les grandes organisations qui ne sont pas habitu\u00e9es \u00e0 g\u00e9rer ce type de crise silencieuse, \u00e0 grande \u00e9chelle, m\u00ealant m\u00e9tier et SI et entra\u00eenant une perte de confiance dans ce dernier. Leur gestion n\u00e9cessite de revoir les processus en place mais \u00e9galement de pr\u00e9voir des actions pour rendre l\u2019attaque plus difficile, faciliter leur d\u00e9tection et renforcer les capacit\u00e9s de r\u00e9action.<\/p>\n

La mise en place de ces \u00e9l\u00e9ments permettra de complexifier les actions de l\u2019attaquant et, \u00e0 terme, de rendre l\u2019attaque moins rentable ! C\u2019est certainement une des cl\u00e9s de r\u00e9ponse face \u00e0 ces nouvelles menaces.<\/p>\n

Lire la premi\u00e8re partie<\/a><\/p>\n

Pour en savoir plus, lire le focus attaques cibl\u00e9es, une refonte n\u00e9cessaire de la gestion de crise<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

(Article r\u00e9dig\u00e9 en collaboration avec Fr\u00e9d\u00e9ric Chollet) Si la gestion de crise lors d\u2019une attaque doit suivre les 4 principes cl\u00e9s \u00e9voqu\u00e9s dans notre pr\u00e9c\u00e9dent article, elle doit surtout en int\u00e9grer l\u2019anticipation dans ses m\u00e9canismes. Une strat\u00e9gie \u00e0 moyen terme…<\/p>\n","protected":false},"author":15,"featured_media":2509,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[36,3225],"tags":[711,175,3319,244,183,1178],"coauthors":[837,821],"class_list":["post-2523","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-ethical-hacking-indicent-response","tag-active-directory","tag-apt","tag-audit-pentesting","tag-crise","tag-cybercriminalite","tag-ddos"],"acf":[],"yoast_head":"\nAttaques cibl\u00e9es : comment g\u00e9rer le risque en amont ? - SolucomINSIGHT<\/title>\n<meta name=\"description\" content=\"Si la gestion de crise lors d\u2019une attaque doit suivre les 4 principes cl\u00e9s \u00e9voqu\u00e9s dans notre pr\u00e9c\u00e9dent article concernant les attaques cibl\u00e9es, elle doit surtout int\u00e9grer l\u2019anticipation dans ses m\u00e9canismes.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Attaques cibl\u00e9es : comment g\u00e9rer le risque en amont ? - SolucomINSIGHT\" \/>\n<meta property=\"og:description\" content=\"Si la gestion de crise lors d\u2019une attaque doit suivre les 4 principes cl\u00e9s \u00e9voqu\u00e9s dans notre pr\u00e9c\u00e9dent article concernant les attaques cibl\u00e9es, elle doit surtout int\u00e9grer l\u2019anticipation dans ses m\u00e9canismes.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2012-11-13T15:29:27+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-12-31T11:02:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/11\/Fotolia_46003418_S.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"848\" \/>\n\t<meta property=\"og:image:height\" content=\"566\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"G\u00e9r\u00f4me Billois, Frederic Chollet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"G\u00e9r\u00f4me Billois, Frederic Chollet\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/\"},\"author\":{\"name\":\"G\u00e9r\u00f4me Billois\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17\"},\"headline\":\"Attaques cibl\u00e9es : comment g\u00e9rer le risque en amont ?\",\"datePublished\":\"2012-11-13T15:29:27+00:00\",\"dateModified\":\"2019-12-31T11:02:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/\"},\"wordCount\":584,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/11\/Fotolia_46003418_S.jpg\",\"keywords\":[\"Active directory\",\"APT\",\"audit & pentesting\",\"crise\",\"Cybercriminalit\u00e9\",\"Ddos\"],\"articleSection\":[\"Cybersecurity & Digital Trust\",\"Ethical Hacking & Incident Response\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/\",\"name\":\"Attaques cibl\u00e9es : comment g\u00e9rer le risque en amont ? - SolucomINSIGHT\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/11\/Fotolia_46003418_S.jpg\",\"datePublished\":\"2012-11-13T15:29:27+00:00\",\"dateModified\":\"2019-12-31T11:02:56+00:00\",\"description\":\"Si la gestion de crise lors d\u2019une attaque doit suivre les 4 principes cl\u00e9s \u00e9voqu\u00e9s dans notre pr\u00e9c\u00e9dent article concernant les attaques cibl\u00e9es, elle doit surtout int\u00e9grer l\u2019anticipation dans ses m\u00e9canismes.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/11\/Fotolia_46003418_S.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/11\/Fotolia_46003418_S.jpg\",\"width\":848,\"height\":566},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Attaques cibl\u00e9es : comment g\u00e9rer le risque en amont ?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity & digital trust blog by Wavestone's consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17\",\"name\":\"G\u00e9r\u00f4me Billois\",\"description\":\"G\u00e9r\u00f4me Billois is a Partner at Wavestone in the Cybersecurity and Digital Trust practice. He graduated from the National Institute of Applied Sciences in Lyon. He has deep expertise in risk management and cybersecurity, developed over more than 15 years of experience. G\u00e9r\u00f4me is a board member of CLUSIF, a member of the ISO JTC1\/SC27 committee, responsible for information security standardisation, and a founding member of Club27001, a non-profit dedicated to promoting the ISO 27001 standard. He holds CISA, CISSP and ISO 27001 PA certifications. G\u00e9r\u00f4me co-authored several books on cybersecurity (Eyrolles, Cepadues, Wiley & Sons, Larcier), is a regular media and conference speaker (Assises de la S\u00e9curit\u00e9, ISACA, CLUSIF, CNIS, etc.), and gives university lectures.\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/gerome-billois\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Attaques cibl\u00e9es : comment g\u00e9rer le risque en amont ? - SolucomINSIGHT","description":"Si la gestion de crise lors d\u2019une attaque doit suivre les 4 principes cl\u00e9s \u00e9voqu\u00e9s dans notre pr\u00e9c\u00e9dent article concernant les attaques cibl\u00e9es, elle doit surtout int\u00e9grer l\u2019anticipation dans ses m\u00e9canismes.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/","og_locale":"en_US","og_type":"article","og_title":"Attaques cibl\u00e9es : comment g\u00e9rer le risque en amont ? - SolucomINSIGHT","og_description":"Si la gestion de crise lors d\u2019une attaque doit suivre les 4 principes cl\u00e9s \u00e9voqu\u00e9s dans notre pr\u00e9c\u00e9dent article concernant les attaques cibl\u00e9es, elle doit surtout int\u00e9grer l\u2019anticipation dans ses m\u00e9canismes.","og_url":"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/","og_site_name":"RiskInsight","article_published_time":"2012-11-13T15:29:27+00:00","article_modified_time":"2019-12-31T11:02:56+00:00","og_image":[{"width":848,"height":566,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/11\/Fotolia_46003418_S.jpg","type":"image\/jpeg"}],"author":"G\u00e9r\u00f4me Billois, Frederic Chollet","twitter_misc":{"Written by":"G\u00e9r\u00f4me Billois, Frederic Chollet","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/"},"author":{"name":"G\u00e9r\u00f4me Billois","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17"},"headline":"Attaques cibl\u00e9es : comment g\u00e9rer le risque en amont ?","datePublished":"2012-11-13T15:29:27+00:00","dateModified":"2019-12-31T11:02:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/"},"wordCount":584,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/11\/Fotolia_46003418_S.jpg","keywords":["Active directory","APT","audit & pentesting","crise","Cybercriminalit\u00e9","Ddos"],"articleSection":["Cybersecurity & Digital Trust","Ethical Hacking & Incident Response"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/","url":"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/","name":"Attaques cibl\u00e9es : comment g\u00e9rer le risque en amont ? - SolucomINSIGHT","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/11\/Fotolia_46003418_S.jpg","datePublished":"2012-11-13T15:29:27+00:00","dateModified":"2019-12-31T11:02:56+00:00","description":"Si la gestion de crise lors d\u2019une attaque doit suivre les 4 principes cl\u00e9s \u00e9voqu\u00e9s dans notre pr\u00e9c\u00e9dent article concernant les attaques cibl\u00e9es, elle doit surtout int\u00e9grer l\u2019anticipation dans ses m\u00e9canismes.","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/11\/Fotolia_46003418_S.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/11\/Fotolia_46003418_S.jpg","width":848,"height":566},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2012\/11\/attaques-ciblees-comment-gerer-le-risque-en-amont\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Attaques cibl\u00e9es : comment g\u00e9rer le risque en amont ?"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity & digital trust blog by Wavestone's consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17","name":"G\u00e9r\u00f4me Billois","description":"G\u00e9r\u00f4me Billois is a Partner at Wavestone in the Cybersecurity and Digital Trust practice. He graduated from the National Institute of Applied Sciences in Lyon. He has deep expertise in risk management and cybersecurity, developed over more than 15 years of experience. G\u00e9r\u00f4me is a board member of CLUSIF, a member of the ISO JTC1\/SC27 committee, responsible for information security standardisation, and a founding member of Club27001, a non-profit dedicated to promoting the ISO 27001 standard. He holds CISA, CISSP and ISO 27001 PA certifications. G\u00e9r\u00f4me co-authored several books on cybersecurity (Eyrolles, Cepadues, Wiley & Sons, Larcier), is a regular media and conference speaker (Assises de la S\u00e9curit\u00e9, ISACA, CLUSIF, CNIS, etc.), and gives university lectures.","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/gerome-billois\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/2523","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=2523"}],"version-history":[{"count":13,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/2523\/revisions"}],"predecessor-version":[{"id":12463,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/2523\/revisions\/12463"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/2509"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=2523"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=2523"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=2523"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=2523"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}