{"id":399,"date":"2011-06-22T09:11:35","date_gmt":"2011-06-22T08:11:35","guid":{"rendered":"http:\/\/www.solucominsight.fr\/?p=399"},"modified":"2019-12-31T12:27:19","modified_gmt":"2019-12-31T11:27:19","slug":"rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/","title":{"rendered":"Rendre la norme ISO 27001 op\u00e9rationnelle : trouver le SMSI gagnant"},"content":{"rendered":"

[Tribune r\u00e9dig\u00e9e en collaboration avec Marion Couturier]<\/p>\n

Aujourd\u2019hui la norme ISO 27001<\/a> est ind\u00e9niablement devenue le mod\u00e8le de gouvernance de la s\u00e9curit\u00e9 de l\u2019information.\u00a0 Amenant un pilotage de la s\u00e9curit\u00e9 par les risques coupl\u00e9 \u00e0 une approche syst\u00e8me de management, elle permet de structurer et rationaliser le pilotage de la s\u00e9curit\u00e9 tout en construisant une vision strat\u00e9gique \u00e0 moyen terme. Mais comment se lancer dans sa mise en \u0153uvre en r\u00e9pondant au mieux aux enjeux de s\u00e9curit\u00e9 des m\u00e9tiers et en en tirant le meilleur parti\u00a0?<\/p>\n

Avant de d\u00e9marrer\u00a0: se poser les bonnes questions\u00a0!<\/strong><\/h2>\n

Une \u00e9tude d\u2019opportunit\u00e9 et de faisabilit\u00e9 permet de r\u00e9pondre rapidement aux questions cl\u00e9s\u00a0: pourquoi et pour qui impl\u00e9menter la norme\u00a0? Quels sont les enjeux m\u00e9tiers et les grands risques s\u00e9curit\u00e9\u00a0? D\u2019o\u00f9 part-on\u00a0?<\/p>\n

Si la lecture lin\u00e9aire des exigences de la norme s\u2019av\u00e8re vite peu adapt\u00e9e pour \u00e9valuer le niveau de conformit\u00e9 actuel de l\u2019entreprise, une analyse des \u00e9carts en adoptant une vision \u00ab\u00a0processus\u00a0\u00bb (pilotage du syst\u00e8me de management de la s\u00e9curit\u00e9 de l\u2019information, gestion des risques, contr\u00f4le et mesure de l\u2019efficacit\u00e9, etc.) est plus\u00a0 facile \u00e0 mener et souvent bien plus parlante. Conduite avec les m\u00e9tiers, les interlocuteurs s\u00e9curit\u00e9, SI et les fonctions support, elle est \u00e9galement l\u2019occasion de les sensibiliser, de comprendre leurs enjeux business et d\u2019identifier de mani\u00e8re macroscopique leurs risques s\u00e9curit\u00e9.<\/p>\n

Alignement ou certification\u00a0: trouver sa voie<\/strong><\/h2>\n

Ces deux voies correspondent \u00e0 des enjeux diff\u00e9rents\u00a0. L\u2019alignement \u00e0 la norme permet d\u2019apporter coh\u00e9rence et implication \u00e0 la d\u00e9marche de s\u00e9curit\u00e9. Il donne \u00e9galement la possibilit\u00e9 dela l\u00e9gitimer et communiquer sur celle-ci.. Il s\u2019agit d\u00e8s lors de se fixer son propre r\u00e9f\u00e9rentiel d\u2019exigences\u00a0en s\u00e9lectionnant les processus pr\u00e9sentant le meilleur ratio efficacit\u00e9 \/ co\u00fbt dans le contexte, et le degr\u00e9 de conformit\u00e9 vis\u00e9. L\u2019alignement s\u2019inscrit dans une d\u00e9marche de progr\u00e8s sur plusieurs ann\u00e9es, en fonction de la maturit\u00e9 initiale et de la cible. C\u2019est la voie choisie par la majorit\u00e9 de nos clients.<\/p>\n

La certification r\u00e9pond quant \u00e0 elle \u00e0 des enjeux commerciaux, sectoriels, r\u00e9glementaires ou op\u00e9rationnels forts. Au-del\u00e0 des apports de l\u2019alignement, elle constitue un \u00e9l\u00e9ment diff\u00e9renciant, la garantie externe d\u2019un pilotage de la s\u00e9curit\u00e9 ma\u00eetris\u00e9 aux yeux des clients, partenaires et r\u00e9gulateurs. Bien souvent, les organismes qui s\u2019engagent dans la certification manipulent des donn\u00e9es sensibles soumises \u00e0 des r\u00e9glementations fortes (sant\u00e9, banque, assurance) ou sont des h\u00e9bergeurs qui voient dans la certification un int\u00e9r\u00eat d\u2019image, mais aussi op\u00e9rationnellement r\u00e9duction du nombre d\u2019audit de leurs clients\u00a0!<\/p>\n

Identifier les sc\u00e9narios gagnants \u00e0 pr\u00e9senter \u00e0 sa Direction<\/strong><\/h2>\n

Le p\u00e9rim\u00e8tre est un \u00e9l\u00e9ment structurant du syst\u00e8me, centr\u00e9 sur les enjeux m\u00e9tiers. Il peut prendre la forme d\u2019un site – un datacenter,\u00a0 d\u2019une organisation – la DSI, d\u2019un processus ou encore d\u2019une offre\u00a0 propos\u00e9e aux clients.<\/p>\n

Au-del\u00e0 de ce qu\u2019il comprend, il est important d\u2019identifier pr\u00e9cis\u00e9ment ses fronti\u00e8res avec les diff\u00e9rentes interfaces (fournisseurs internes, externes, clients, etc.) pour \u00e9valuer les charges internes et les futurs besoins de contractualisation pour assurer la ma\u00eetrise des mesures de s\u00e9curit\u00e9.<\/p>\n

La strat\u00e9gie de d\u00e9finition du syst\u00e8me de management et de l\u2019organisation est intimement d\u00e9pendante de ce p\u00e9rim\u00e8tre et de l\u2019organisation de l\u2019entreprise. Un SMSI, des SMSI\u00a0? Quel cycle de vie\u00a0? Quel(s) responsable\u00a0(s), entit\u00e9(s) de management, instances\u00a0?<\/p>\n

Les diff\u00e9rents sc\u00e9narii imagin\u00e9s doivent \u00eatre confront\u00e9s en s\u2019appuyant sur l\u2019apport de la d\u00e9marche par rapport aux enjeux m\u00e9tiers et aux investissements. N\u2019oublions pas que ces derniers sont en partie d\u00e9j\u00e0 pr\u00e9vus\u00a0: les risques doivent dans tous les cas \u00eatre trait\u00e9s et les chantiers s\u00e9curit\u00e9 budg\u00e9t\u00e9s, et le pilotage du SMSI est une \u00e9volution du r\u00f4le du RSSI d\u00e9j\u00e0 int\u00e9gr\u00e9 aux charges r\u00e9currentes de l\u2019entreprise. Des arguments qui peuvent faire mouche aupr\u00e8s de la Direction \u00e0 qui le projet sera pr\u00e9sent\u00e9\u00a0!<\/p>\n

Apr\u00e8s cette phase de d\u00e9cision, la construction doit commencer et cela fera l\u2019objet de d’un prochain article\u00a0 sur l\u2019ISO 27001\u00a0!<\/p>\n

A suivre\u00a0: rendre la norme ISO 27001 – \u00e9pisode 2\u00a0: construire efficacement son SMSI<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

[Tribune r\u00e9dig\u00e9e en collaboration avec Marion Couturier] Aujourd\u2019hui la norme ISO 27001 est ind\u00e9niablement devenue le mod\u00e8le de gouvernance de la s\u00e9curit\u00e9 de l\u2019information.\u00a0 Amenant un pilotage de la s\u00e9curit\u00e9 par les risques coupl\u00e9 \u00e0 une approche syst\u00e8me de management,…<\/p>\n","protected":false},"author":15,"featured_media":6343,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3222,36],"tags":[62,3304,63],"coauthors":[837],"class_list":["post-399","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyberrisk-management-strategy","category-cybersecurity-digital-trust","tag-iso-27001","tag-risk-management-strategy-governance","tag-smsi"],"acf":[],"yoast_head":"\nRendre la norme ISO 27001 op\u00e9rationnelle : trouver le SMSI gagnant - RiskInsight<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Rendre la norme ISO 27001 op\u00e9rationnelle : trouver le SMSI gagnant - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"[Tribune r\u00e9dig\u00e9e en collaboration avec Marion Couturier] Aujourd\u2019hui la norme ISO 27001 est ind\u00e9niablement devenue le mod\u00e8le de gouvernance de la s\u00e9curit\u00e9 de l\u2019information.\u00a0 Amenant un pilotage de la s\u00e9curit\u00e9 par les risques coupl\u00e9 \u00e0 une approche syst\u00e8me de management,...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2011-06-22T08:11:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-12-31T11:27:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"573\" \/>\n\t<meta property=\"og:image:height\" content=\"214\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"G\u00e9r\u00f4me Billois\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"G\u00e9r\u00f4me Billois\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/\"},\"author\":{\"name\":\"G\u00e9r\u00f4me Billois\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17\"},\"headline\":\"Rendre la norme ISO 27001 op\u00e9rationnelle : trouver le SMSI gagnant\",\"datePublished\":\"2011-06-22T08:11:35+00:00\",\"dateModified\":\"2019-12-31T11:27:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/\"},\"wordCount\":770,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite.jpg\",\"keywords\":[\"ISO 27001\",\"Risk management\",\"SMSI\"],\"articleSection\":[\"Cyberrisk Management & Strategy\",\"Cybersecurity & Digital Trust\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/\",\"name\":\"Rendre la norme ISO 27001 op\u00e9rationnelle : trouver le SMSI gagnant - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite.jpg\",\"datePublished\":\"2011-06-22T08:11:35+00:00\",\"dateModified\":\"2019-12-31T11:27:19+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite.jpg\",\"width\":573,\"height\":214},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Rendre la norme ISO 27001 op\u00e9rationnelle : trouver le SMSI gagnant\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity & digital trust blog by Wavestone's consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17\",\"name\":\"G\u00e9r\u00f4me Billois\",\"description\":\"G\u00e9r\u00f4me Billois is a Partner at Wavestone in the Cybersecurity and Digital Trust practice. He graduated from the National Institute of Applied Sciences in Lyon. He has deep expertise in risk management and cybersecurity, developed over more than 15 years of experience. G\u00e9r\u00f4me is a board member of CLUSIF, a member of the ISO JTC1\/SC27 committee, responsible for information security standardisation, and a founding member of Club27001, a non-profit dedicated to promoting the ISO 27001 standard. He holds CISA, CISSP and ISO 27001 PA certifications. G\u00e9r\u00f4me co-authored several books on cybersecurity (Eyrolles, Cepadues, Wiley & Sons, Larcier), is a regular media and conference speaker (Assises de la S\u00e9curit\u00e9, ISACA, CLUSIF, CNIS, etc.), and gives university lectures.\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/gerome-billois\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Rendre la norme ISO 27001 op\u00e9rationnelle : trouver le SMSI gagnant - RiskInsight","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/","og_locale":"en_US","og_type":"article","og_title":"Rendre la norme ISO 27001 op\u00e9rationnelle : trouver le SMSI gagnant - RiskInsight","og_description":"[Tribune r\u00e9dig\u00e9e en collaboration avec Marion Couturier] Aujourd\u2019hui la norme ISO 27001 est ind\u00e9niablement devenue le mod\u00e8le de gouvernance de la s\u00e9curit\u00e9 de l\u2019information.\u00a0 Amenant un pilotage de la s\u00e9curit\u00e9 par les risques coupl\u00e9 \u00e0 une approche syst\u00e8me de management,...","og_url":"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/","og_site_name":"RiskInsight","article_published_time":"2011-06-22T08:11:35+00:00","article_modified_time":"2019-12-31T11:27:19+00:00","og_image":[{"width":573,"height":214,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite.jpg","type":"image\/jpeg"}],"author":"G\u00e9r\u00f4me Billois","twitter_misc":{"Written by":"G\u00e9r\u00f4me Billois","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/"},"author":{"name":"G\u00e9r\u00f4me Billois","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17"},"headline":"Rendre la norme ISO 27001 op\u00e9rationnelle : trouver le SMSI gagnant","datePublished":"2011-06-22T08:11:35+00:00","dateModified":"2019-12-31T11:27:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/"},"wordCount":770,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite.jpg","keywords":["ISO 27001","Risk management","SMSI"],"articleSection":["Cyberrisk Management & Strategy","Cybersecurity & Digital Trust"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/","url":"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/","name":"Rendre la norme ISO 27001 op\u00e9rationnelle : trouver le SMSI gagnant - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite.jpg","datePublished":"2011-06-22T08:11:35+00:00","dateModified":"2019-12-31T11:27:19+00:00","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite.jpg","width":573,"height":214},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/06\/rendre-la-norme-iso-27001-operationnelle-trouver-le-smsi-gagnant\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Rendre la norme ISO 27001 op\u00e9rationnelle : trouver le SMSI gagnant"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity & digital trust blog by Wavestone's consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17","name":"G\u00e9r\u00f4me Billois","description":"G\u00e9r\u00f4me Billois is a Partner at Wavestone in the Cybersecurity and Digital Trust practice. He graduated from the National Institute of Applied Sciences in Lyon. He has deep expertise in risk management and cybersecurity, developed over more than 15 years of experience. G\u00e9r\u00f4me is a board member of CLUSIF, a member of the ISO JTC1\/SC27 committee, responsible for information security standardisation, and a founding member of Club27001, a non-profit dedicated to promoting the ISO 27001 standard. He holds CISA, CISSP and ISO 27001 PA certifications. G\u00e9r\u00f4me co-authored several books on cybersecurity (Eyrolles, Cepadues, Wiley & Sons, Larcier), is a regular media and conference speaker (Assises de la S\u00e9curit\u00e9, ISACA, CLUSIF, CNIS, etc.), and gives university lectures.","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/gerome-billois\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/399","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=399"}],"version-history":[{"count":9,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/399\/revisions"}],"predecessor-version":[{"id":6527,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/399\/revisions\/6527"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/6343"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=399"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=399"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=399"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=399"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}