{"id":2980,"date":"2013-01-23T20:52:47","date_gmt":"2013-01-23T19:52:47","guid":{"rendered":"http:\/\/www.solucominsight.fr\/?p=2980"},"modified":"2019-12-31T11:45:43","modified_gmt":"2019-12-31T10:45:43","slug":"une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/","title":{"rendered":"Une nouvelle ann\u00e9e pour une nouvelle strat\u00e9gie s\u00e9curit\u00e9 : priorit\u00e9 \u00e0 la d\u00e9tection et la r\u00e9action"},"content":{"rendered":"<p>2012 a \u00e9t\u00e9 marqu\u00e9e par de tr\u00e8s nombreux cas d\u2019attaques sur les syst\u00e8mes d\u2019information. Les exemples abondent\u00a0: Saudi Amramco, Gauss ou encore Red October, pour ne citer que les plus relay\u00e9s. Ces attaques ont mis en lumi\u00e8re les limites de la strat\u00e9gie s\u00e9curit\u00e9 en vigueur dans la plupart des entreprises\u00a0: un focus quasiment unique sur la protection.<\/p>\n<h2>Un mod\u00e8le de s\u00e9curit\u00e9 qui atteint ses limites<\/h2>\n<p>La protection des informations avec les moyens conventionnels (pare-feu, antivirus, correctif, contr\u00f4le d\u2019acc\u00e8s\u2026) comporte de nombreuses limites \u00a0; \u00a0les attaquants les connaissent et surtout, savent les contourner efficacement. Les attaques par ing\u00e9nierie sociale permettent d\u2019acc\u00e9der aux informations d\u2019utilisateurs l\u00e9gitimes\u00a0et ce malgr\u00e9 de nombreuses sessions de sensibilisation en entreprise, les failles \u00ab\u00a0zero-day\u00a0\u00bb permettent d\u2019attaquer des syst\u00e8mes m\u00eame maintenus \u00e0 jour, l\u2019encapsulation ou encore le chiffrement de trafic qui permettent de traverser les pare-feux sans \u00eatre inqui\u00e9t\u00e9s.<\/p>\n<p>Doit-on pour autant baisser les bras\u00a0et reculer face aux menaces? Non, certainement pas\u00a0! Il s\u2019agit de r\u00e9orienter ses efforts diff\u00e9remment, accepter les risques, \u00a0et se doter des moyens permettant de limiter l\u2019impact des attaques. La d\u00e9tection des attaques et l\u2019identification de r\u00e9actions appropri\u00e9es sont donc \u00e0 prioriser pour 2013.<\/p>\n<h2>\u00a0<strong>D\u00e9tecter et r\u00e9agir\u00a0: les priorit\u00e9s de 2013<\/strong><\/h2>\n<p>Ce changement d\u2019orientation n\u00e9cessite de nombreuses \u00e9volutions, tant en termes technique qu\u2019organisationnel. Il faut r\u00e9fl\u00e9chir \u00e0 la mise en place de nouveaux moyens, internes ou externes, afin de mieux observer le SI et d\u2019en tirer des alertes pertinentes. Nous pensons bien \u00e9videmment aux solutions de surveillance de journaux classiques mais pas uniquement\u00a0! De nouvelles solutions, sp\u00e9cialis\u00e9es dans les analyses statistiques permettent d\u2019obtenir des vues pour d\u00e9tecter les fameux signaux fiables relatifs aux attaques. D\u2019autres produits permettent de d\u00e9tecter dans les flux de donn\u00e9es des comportements \u00e9tranges, en simulant l\u2019ouverture des pi\u00e8ces jointes ou des fichiers. M\u00eame si cela peut para\u00eetre d\u00e9mesur\u00e9, certaines organisations ont mis en place ces solutions sur 2012 et en tirent aujourd\u2019hui des b\u00e9n\u00e9fices concrets.<\/p>\n<p>Et comme l\u2019outil ne r\u00e9sout rien seul, certains processus seront aussi \u00e0 revoir, en particulier sur la surveillance du SI et la gestion de crise. La cr\u00e9ation, ou le renfort, d\u2019une cellule d\u00e9di\u00e9e en charge de ces probl\u00e9matiques, le fameux CERT ou SOC, pourra \u00eatre une solution. Cette cellule sera \u00e0 m\u00eame de piloter les crises, de prendre les bonnes d\u00e9cisions pour limiter les impacts et d\u2019emp\u00eacher les propagations.<\/p>\n<p>Diff\u00e9rents sc\u00e9narios de crise sont \u00e0 envisager en fonction du m\u00e9tier et de l\u2019exposition\u00a0: attaque en d\u00e9ni de service, vol d\u2019information, d\u00e9facement de site, vols de donn\u00e9es sensibles, mais aussi et peut \u00eatre surtout compromission du SI\u2026 Ils devront \u00eatre test\u00e9s par les \u00e9quipes op\u00e9rationnelles mais \u00e9galement les m\u00e9tiers et la direction g\u00e9n\u00e9rale, acteurs essentiels en cas d\u2019attaques cybercriminels.<\/p>\n<p>Bien \u00e9videmment, il n\u2019est pas question d\u2019abandonner toutes les mesures de protection. Bien souvent, elles retarderont la r\u00e9ussite de l\u2019attaque, voire m\u00eame sur certains p\u00e9rim\u00e8tres tr\u00e8s prot\u00e9g\u00e9s et face \u00e0 des attaquants de niveau interm\u00e9diaire, elles les bloqueront. Mais aujourd\u2019hui, se baser uniquement sur une protection est illusoire, il est indispensable de revoir sa strat\u00e9gie s\u00e9curit\u00e9 et en 2013 d\u2019orienter sa r\u00e9flexion vers la d\u00e9tection et la r\u00e9action\u00a0!<\/p>\n<div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>2012 a \u00e9t\u00e9 marqu\u00e9e par de tr\u00e8s nombreux cas d\u2019attaques sur les syst\u00e8mes d\u2019information. Les exemples abondent\u00a0: Saudi Amramco, Gauss ou encore Red October, pour ne citer que les plus relay\u00e9s. Ces attaques ont mis en lumi\u00e8re les limites de&#8230;<\/p>\n","protected":false},"author":15,"featured_media":6264,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[36,3225],"tags":[1241,183,840,3320,3284,447],"coauthors":[837],"class_list":["post-2980","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-ethical-hacking-indicent-response","tag-cyberattaque","tag-cybercriminalite","tag-failles","tag-incident-response-cert-w","tag-menace","tag-strategie"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Une nouvelle ann\u00e9e pour une nouvelle strat\u00e9gie s\u00e9curit\u00e9 : priorit\u00e9 \u00e0 la d\u00e9tection et la r\u00e9action - SolucomINSIGHT<\/title>\n<meta name=\"description\" content=\"2012 a \u00e9t\u00e9 marqu\u00e9e par de tr\u00e8s nombreux cas d\u2019attaques sur les syst\u00e8mes d\u2019information. Les exemples abondent : Saudi Amramco, Gauss ou encore Red October, pour ne citer que les plus relay\u00e9s. Ces attaques ont mis en lumi\u00e8re les limites de la strat\u00e9gie s\u00e9curit\u00e9 en vigueur dans la plupart des entreprises : un focus quasiment unique sur la protection.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Une nouvelle ann\u00e9e pour une nouvelle strat\u00e9gie s\u00e9curit\u00e9 : priorit\u00e9 \u00e0 la d\u00e9tection et la r\u00e9action - SolucomINSIGHT\" \/>\n<meta property=\"og:description\" content=\"2012 a \u00e9t\u00e9 marqu\u00e9e par de tr\u00e8s nombreux cas d\u2019attaques sur les syst\u00e8mes d\u2019information. Les exemples abondent : Saudi Amramco, Gauss ou encore Red October, pour ne citer que les plus relay\u00e9s. Ces attaques ont mis en lumi\u00e8re les limites de la strat\u00e9gie s\u00e9curit\u00e9 en vigueur dans la plupart des entreprises : un focus quasiment unique sur la protection.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2013-01-23T19:52:47+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-12-31T10:45:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/07\/chute1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"573\" \/>\n\t<meta property=\"og:image:height\" content=\"214\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"G\u00e9r\u00f4me Billois\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"G\u00e9r\u00f4me Billois\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/\"},\"author\":{\"name\":\"G\u00e9r\u00f4me Billois\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17\"},\"headline\":\"Une nouvelle ann\u00e9e pour une nouvelle strat\u00e9gie s\u00e9curit\u00e9 : priorit\u00e9 \u00e0 la d\u00e9tection et la r\u00e9action\",\"datePublished\":\"2013-01-23T19:52:47+00:00\",\"dateModified\":\"2019-12-31T10:45:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/\"},\"wordCount\":618,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/07\/chute1.jpg\",\"keywords\":[\"Cyberattaque\",\"Cybercriminalit\u00e9\",\"failles\",\"incident response CERT-W\",\"menace\",\"strat\u00e9gie\"],\"articleSection\":[\"Cybersecurity &amp; Digital Trust\",\"Ethical Hacking &amp; Incident Response\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/\",\"name\":\"Une nouvelle ann\u00e9e pour une nouvelle strat\u00e9gie s\u00e9curit\u00e9 : priorit\u00e9 \u00e0 la d\u00e9tection et la r\u00e9action - SolucomINSIGHT\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/07\/chute1.jpg\",\"datePublished\":\"2013-01-23T19:52:47+00:00\",\"dateModified\":\"2019-12-31T10:45:43+00:00\",\"description\":\"2012 a \u00e9t\u00e9 marqu\u00e9e par de tr\u00e8s nombreux cas d\u2019attaques sur les syst\u00e8mes d\u2019information. Les exemples abondent : Saudi Amramco, Gauss ou encore Red October, pour ne citer que les plus relay\u00e9s. Ces attaques ont mis en lumi\u00e8re les limites de la strat\u00e9gie s\u00e9curit\u00e9 en vigueur dans la plupart des entreprises : un focus quasiment unique sur la protection.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/07\/chute1.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/07\/chute1.jpg\",\"width\":573,\"height\":214},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Une nouvelle ann\u00e9e pour une nouvelle strat\u00e9gie s\u00e9curit\u00e9 : priorit\u00e9 \u00e0 la d\u00e9tection et la r\u00e9action\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17\",\"name\":\"G\u00e9r\u00f4me Billois\",\"description\":\"G\u00e9r\u00f4me Billois is a Partner at Wavestone in the Cybersecurity and Digital Trust practice. He graduated from the National Institute of Applied Sciences in Lyon. He has deep expertise in risk management and cybersecurity, developed over more than 15 years of experience. G\u00e9r\u00f4me is a board member of CLUSIF, a member of the ISO JTC1\/SC27 committee, responsible for information security standardisation, and a founding member of Club27001, a non-profit dedicated to promoting the ISO 27001 standard. He holds CISA, CISSP and ISO 27001 PA certifications. G\u00e9r\u00f4me co-authored several books on cybersecurity (Eyrolles, Cepadues, Wiley &amp; Sons, Larcier), is a regular media and conference speaker (Assises de la S\u00e9curit\u00e9, ISACA, CLUSIF, CNIS, etc.), and gives university lectures.\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/gerome-billois\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Une nouvelle ann\u00e9e pour une nouvelle strat\u00e9gie s\u00e9curit\u00e9 : priorit\u00e9 \u00e0 la d\u00e9tection et la r\u00e9action - SolucomINSIGHT","description":"2012 a \u00e9t\u00e9 marqu\u00e9e par de tr\u00e8s nombreux cas d\u2019attaques sur les syst\u00e8mes d\u2019information. Les exemples abondent : Saudi Amramco, Gauss ou encore Red October, pour ne citer que les plus relay\u00e9s. Ces attaques ont mis en lumi\u00e8re les limites de la strat\u00e9gie s\u00e9curit\u00e9 en vigueur dans la plupart des entreprises : un focus quasiment unique sur la protection.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/","og_locale":"en_US","og_type":"article","og_title":"Une nouvelle ann\u00e9e pour une nouvelle strat\u00e9gie s\u00e9curit\u00e9 : priorit\u00e9 \u00e0 la d\u00e9tection et la r\u00e9action - SolucomINSIGHT","og_description":"2012 a \u00e9t\u00e9 marqu\u00e9e par de tr\u00e8s nombreux cas d\u2019attaques sur les syst\u00e8mes d\u2019information. Les exemples abondent : Saudi Amramco, Gauss ou encore Red October, pour ne citer que les plus relay\u00e9s. Ces attaques ont mis en lumi\u00e8re les limites de la strat\u00e9gie s\u00e9curit\u00e9 en vigueur dans la plupart des entreprises : un focus quasiment unique sur la protection.","og_url":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/","og_site_name":"RiskInsight","article_published_time":"2013-01-23T19:52:47+00:00","article_modified_time":"2019-12-31T10:45:43+00:00","og_image":[{"width":573,"height":214,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/07\/chute1.jpg","type":"image\/jpeg"}],"author":"G\u00e9r\u00f4me Billois","twitter_misc":{"Written by":"G\u00e9r\u00f4me Billois","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/"},"author":{"name":"G\u00e9r\u00f4me Billois","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17"},"headline":"Une nouvelle ann\u00e9e pour une nouvelle strat\u00e9gie s\u00e9curit\u00e9 : priorit\u00e9 \u00e0 la d\u00e9tection et la r\u00e9action","datePublished":"2013-01-23T19:52:47+00:00","dateModified":"2019-12-31T10:45:43+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/"},"wordCount":618,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/07\/chute1.jpg","keywords":["Cyberattaque","Cybercriminalit\u00e9","failles","incident response CERT-W","menace","strat\u00e9gie"],"articleSection":["Cybersecurity &amp; Digital Trust","Ethical Hacking &amp; Incident Response"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/","url":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/","name":"Une nouvelle ann\u00e9e pour une nouvelle strat\u00e9gie s\u00e9curit\u00e9 : priorit\u00e9 \u00e0 la d\u00e9tection et la r\u00e9action - SolucomINSIGHT","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/07\/chute1.jpg","datePublished":"2013-01-23T19:52:47+00:00","dateModified":"2019-12-31T10:45:43+00:00","description":"2012 a \u00e9t\u00e9 marqu\u00e9e par de tr\u00e8s nombreux cas d\u2019attaques sur les syst\u00e8mes d\u2019information. Les exemples abondent : Saudi Amramco, Gauss ou encore Red October, pour ne citer que les plus relay\u00e9s. Ces attaques ont mis en lumi\u00e8re les limites de la strat\u00e9gie s\u00e9curit\u00e9 en vigueur dans la plupart des entreprises : un focus quasiment unique sur la protection.","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/07\/chute1.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/07\/chute1.jpg","width":573,"height":214},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/01\/une-nouvelle-annee-pour-une-nouvelle-strategie-securite-priorite-a-la-detection-et-la-reaction\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Une nouvelle ann\u00e9e pour une nouvelle strat\u00e9gie s\u00e9curit\u00e9 : priorit\u00e9 \u00e0 la d\u00e9tection et la r\u00e9action"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17","name":"G\u00e9r\u00f4me Billois","description":"G\u00e9r\u00f4me Billois is a Partner at Wavestone in the Cybersecurity and Digital Trust practice. He graduated from the National Institute of Applied Sciences in Lyon. He has deep expertise in risk management and cybersecurity, developed over more than 15 years of experience. G\u00e9r\u00f4me is a board member of CLUSIF, a member of the ISO JTC1\/SC27 committee, responsible for information security standardisation, and a founding member of Club27001, a non-profit dedicated to promoting the ISO 27001 standard. He holds CISA, CISSP and ISO 27001 PA certifications. G\u00e9r\u00f4me co-authored several books on cybersecurity (Eyrolles, Cepadues, Wiley &amp; Sons, Larcier), is a regular media and conference speaker (Assises de la S\u00e9curit\u00e9, ISACA, CLUSIF, CNIS, etc.), and gives university lectures.","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/gerome-billois\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/2980","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=2980"}],"version-history":[{"count":7,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/2980\/revisions"}],"predecessor-version":[{"id":6315,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/2980\/revisions\/6315"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/6264"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=2980"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=2980"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=2980"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=2980"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}