{"id":4514,"date":"2013-11-12T21:15:53","date_gmt":"2013-11-12T20:15:53","guid":{"rendered":"http:\/\/www.solucominsight.fr\/?p=4514"},"modified":"2019-12-31T11:29:25","modified_gmt":"2019-12-31T10:29:25","slug":"les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/","title":{"rendered":"Les outils de GRC : une opportunit\u00e9 d\u2019industrialisation de la gouvernance SSI ?"},"content":{"rendered":"<p>La majorit\u00e9 des RSSI disposent d\u2019un outillage limit\u00e9 pour mener les activit\u00e9s de gouvernance SSI\u00a0: dans la plupart des cas, seuls des outils Excel sont \u00e0 disposition pour g\u00e9rer s\u00e9par\u00e9ment les analyses de risques, les contr\u00f4les permanents ou encore les plans d\u2019actions issus des audits.<\/p>\n<p>Ce d\u00e9faut d\u2019outillage complique l\u2019obtention d\u2019une vision consolid\u00e9e des diff\u00e9rentes activit\u00e9s et impacte directement l\u2019efficacit\u00e9 de la SSI. Dans ce contexte, que peuvent apporter les outils de GRC (Gouvernance, Risque, Conformit\u00e9) ?<\/p>\n<h2>Des outils aux fonctionnalit\u00e9s tr\u00e8s \u00e9tendues<\/h2>\n<p>Historiquement orient\u00e9s vers les besoins de conformit\u00e9 et de contr\u00f4le pour adresser les acteurs de la Banque\/Assurance, les \u00e9diteurs d\u2019outils de GRC ont depuis \u00e9toff\u00e9 leur offre. Les<strong> principales \u00e9volutions ont port\u00e9 sur la gestion du risque<\/strong>, voire des risques SI pour certains \u00e9diteurs, avec des fonctionnalit\u00e9s qui arrivent aujourd\u2019hui \u00e0 maturit\u00e9.<\/p>\n<p>D\u2019un point de vue pratique (et commercial), celles-ci sont souvent regroup\u00e9es dans des modules th\u00e9matiques. Si ce d\u00e9coupage d\u00e9pend de chaque \u00e9diteur, certaines offres sont couramment reprises :<\/p>\n<p style=\"text-align: center;\"><a href=\"http:\/\/www.solucominsight.fr\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/principaux-modules-des-outils-de-grc-2\/\" rel=\"attachment wp-att-4617\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter  wp-image-4617\" title=\"Principaux modules des outils de GRC\" src=\"http:\/\/www.solucominsight.fr\/wp-content\/uploads\/2013\/11\/Principaux-modules-des-outils-de-GRC1.jpg\" alt=\"\" width=\"280\" height=\"327\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/11\/Principaux-modules-des-outils-de-GRC1.jpg 466w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/11\/Principaux-modules-des-outils-de-GRC1-163x191.jpg 163w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/11\/Principaux-modules-des-outils-de-GRC1-33x39.jpg 33w\" sizes=\"auto, (max-width: 280px) 100vw, 280px\" \/><\/a><\/p>\n<h2>Une polyvalence capable de r\u00e9pondre aux besoins du RSSI<\/h2>\n<p>Chaque module des outils de GRC peut \u00eatre utilis\u00e9 dans une logique SSI.<\/p>\n<ul>\n<li>La gestion du risque peut \u00eatre mise en \u0153uvre <strong>selon des normes SSI \u00e9tablies<\/strong> (dont EBIOS et ISO 27005).<\/li>\n<li><strong>Les phases de collecte <\/strong>et <strong>d\u2019\u00e9valuation <\/strong>des risques peuvent \u00eatre aliment\u00e9es \u00e0 partir des autres donn\u00e9es, comme les r\u00e9sultats des contr\u00f4les et les incidents de s\u00e9curit\u00e9 d\u00e9clar\u00e9s.<\/li>\n<li>Les plans de traitement issus des risques, des contr\u00f4les, des incidents, peuvent \u00eatre consolid\u00e9s en une vue unique, quelle que soit la source du plan d\u2019actions.<\/li>\n<\/ul>\n<p>De plus, les outils GRC peuvent contribuer au maintien d\u2019un syst\u00e8me de management de la s\u00e9curit\u00e9 de l\u2019information (SMSI) : en compl\u00e9ment de la gestion et du traitement des risques, certains modules permettent le r\u00e9examen de son bon fonctionnement (via les contr\u00f4les et les audits).<\/p>\n<p>Les \u00e9diteurs commencent d\u2019ailleurs \u00e0 s\u2019int\u00e9resser de pr\u00e8s aux probl\u00e9matiques des RSSI et de la mise en conformit\u00e9 aux r\u00e9f\u00e9rentiels de la famille ISO 2700x. Certains proposent d\u00e9j\u00e0 des solutions \u00ab\u00a0sur \u00e9tag\u00e8re\u00a0\u00bb\u00a0: s\u00e9lection des modules appropri\u00e9s pour le maintien d\u2019un SMSI suivant l\u2019ISO 27001, adaptation du vocabulaire, catalogues de contr\u00f4les d\u00e9clin\u00e9s des mesures de l\u2019ISO 27002.<\/p>\n<p>De nouvelles offres propos\u00e9es par les \u00e9diteurs vont \u00e9galement permettre d\u2019industrialiser certaines activit\u00e9s sp\u00e9cifiques du RSSI\u00a0: module de suivi des plans de continuit\u00e9 d\u2019activit\u00e9 (\u00e9laboration de <em>Business Analysis Impact<\/em>, gestion de la mallette de crise)\u00a0; d\u00e9veloppement d\u2019interfaces avec des solutions de gestion des \u00e9v\u00e8nements de s\u00e9curit\u00e9 (type SIEM ou scan de vuln\u00e9rabilit\u00e9) pour suivre leur traitement.<\/p>\n<h2>Une m\u00e9thodologie \u00e9prouv\u00e9e, un d\u00e9ploiement progressif et une d\u00e9marche mutualis\u00e9e\u00a0: les facteurs cl\u00e9s pour envisager une mise en place<\/h2>\n<p>Certains \u00e9l\u00e9ments ne doivent pas \u00eatre n\u00e9glig\u00e9s avant de se lancer. Au-del\u00e0 des probl\u00e9matiques de co\u00fbts et de ressources (int\u00e9gration de l\u2019outil, reprise des donn\u00e9es pouvant \u00eatre chronophage\u2026), une r\u00e9flexion sur trois actions cl\u00e9s doit \u00eatre men\u00e9e en amont\u00a0:<\/p>\n<ul>\n<li><strong>La m\u00e9thodologie doit d\u00e9j\u00e0 \u00eatre industrialis\u00e9e<\/strong> : il est indispensable de ne pas cumuler la mise en place de l\u2019outil \u00e0 la d\u00e9finition des m\u00e9thodes.<\/li>\n<li><strong>Le lotissement doit \u00eatre progressif<\/strong>\u00a0 : cela facilitera l\u2019appropriation de l\u2019outil par les \u00e9quipes, accompagnant ainsi le changement. Les co\u00fbts pourront \u00e9galement \u00eatre liss\u00e9s dans le temps.<\/li>\n<li><strong>La d\u00e9marche peut \u00eatre mutualis\u00e9e avec les entit\u00e9s de la sph\u00e8re \u00ab\u00a0risque\u00a0\u00bb<\/strong>\u00a0: les outils permettent de r\u00e9pondre \u00e0 des besoins tr\u00e8s vari\u00e9s, et peuvent g\u00e9rer plusieurs instances. Ainsi une r\u00e9flexion commune avec d\u2019autres entit\u00e9s en charges des risques (Direction des Risques, Direction de l\u2019Audit, \u00a0Direction de la Conformit\u00e9, etc.) peut \u00eatre envisag\u00e9e pour garantir une meilleure int\u00e9gration de la fili\u00e8re Risques et partager les co\u00fbts de l\u2019outil.<\/li>\n<\/ul>\n<p><strong>Les outils de GRC s\u2019adressent avant tout \u00e0 des RSSI disposant d\u00e9j\u00e0 de processus rod\u00e9s. <\/strong>Ils constituent une r\u00e9elle opportunit\u00e9 d\u2019industrialiser cette gouvernance\u2026\u00a0pour peu que celle-ci soit d\u00e9j\u00e0 bien \u00e9tablie. Dans le futur, ces outils pourront \u00e9galement r\u00e9pondre aux besoins d\u2019industrialisation d\u2019une gestion globale des risques, s\u2019appuyant sur \u00a0<a href=\"http:\/\/www.solucominsight.fr\/2011\/05\/globaliser-la-gestion-des-risques-vers-la-mise-en-place-d%E2%80%99un-cadre-unique\/\" target=\"_blank\" rel=\"noopener noreferrer\">un cadre unique<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>La majorit\u00e9 des RSSI disposent d\u2019un outillage limit\u00e9 pour mener les activit\u00e9s de gouvernance SSI\u00a0: dans la plupart des cas, seuls des outils Excel sont \u00e0 disposition pour g\u00e9rer s\u00e9par\u00e9ment les analyses de risques, les contr\u00f4les permanents ou encore les&#8230;<\/p>\n","protected":false},"author":193,"featured_media":2818,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3222,36],"tags":[70,105,1408,62,3304],"coauthors":[1280,1407],"class_list":["post-4514","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyberrisk-management-strategy","category-cybersecurity-digital-trust","tag-gestion-des-risques","tag-gouvernance","tag-grc","tag-iso-27001","tag-risk-management-strategy-governance"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Les outils de GRC : une opportunit\u00e9 d\u2019industrialisation de la gouvernance SSI ?<\/title>\n<meta name=\"description\" content=\"La majorit\u00e9 des RSSI disposent d\u2019un outillage limit\u00e9 pour mener les activit\u00e9s de gouvernance SSI : dans la plupart des cas, seuls des outils Excel sont \u00e0 disposition pour g\u00e9rer s\u00e9par\u00e9ment les analyses de risques, les contr\u00f4les permanents ou encore les plans d\u2019actions issus des audits.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Les outils de GRC : une opportunit\u00e9 d\u2019industrialisation de la gouvernance SSI ?\" \/>\n<meta property=\"og:description\" content=\"La majorit\u00e9 des RSSI disposent d\u2019un outillage limit\u00e9 pour mener les activit\u00e9s de gouvernance SSI : dans la plupart des cas, seuls des outils Excel sont \u00e0 disposition pour g\u00e9rer s\u00e9par\u00e9ment les analyses de risques, les contr\u00f4les permanents ou encore les plans d\u2019actions issus des audits.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2013-11-12T20:15:53+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-12-31T10:29:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/01\/Fotolia_15385861_XL-58x39.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"58\" \/>\n\t<meta property=\"og:image:height\" content=\"39\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Florence Le Goff, Stanislas Poiraud\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Florence Le Goff, Stanislas Poiraud\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/\"},\"author\":{\"name\":\"Florence Le Goff\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/3dbf603d68922dd355bf464e2d050098\"},\"headline\":\"Les outils de GRC : une opportunit\u00e9 d\u2019industrialisation de la gouvernance SSI ?\",\"datePublished\":\"2013-11-12T20:15:53+00:00\",\"dateModified\":\"2019-12-31T10:29:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/\"},\"wordCount\":768,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/01\/Fotolia_15385861_XL.jpg\",\"keywords\":[\"Gestion des risques\",\"gouvernance\",\"GRC\",\"ISO 27001\",\"Risk management\"],\"articleSection\":[\"Cyberrisk Management &amp; Strategy\",\"Cybersecurity &amp; Digital Trust\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/\",\"name\":\"Les outils de GRC : une opportunit\u00e9 d\u2019industrialisation de la gouvernance SSI ?\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/01\/Fotolia_15385861_XL.jpg\",\"datePublished\":\"2013-11-12T20:15:53+00:00\",\"dateModified\":\"2019-12-31T10:29:25+00:00\",\"description\":\"La majorit\u00e9 des RSSI disposent d\u2019un outillage limit\u00e9 pour mener les activit\u00e9s de gouvernance SSI : dans la plupart des cas, seuls des outils Excel sont \u00e0 disposition pour g\u00e9rer s\u00e9par\u00e9ment les analyses de risques, les contr\u00f4les permanents ou encore les plans d\u2019actions issus des audits.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/01\/Fotolia_15385861_XL.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/01\/Fotolia_15385861_XL.jpg\",\"width\":4361,\"height\":2911},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Les outils de GRC : une opportunit\u00e9 d\u2019industrialisation de la gouvernance SSI ?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/3dbf603d68922dd355bf464e2d050098\",\"name\":\"Florence Le Goff\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/florence-le-goff\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Les outils de GRC : une opportunit\u00e9 d\u2019industrialisation de la gouvernance SSI ?","description":"La majorit\u00e9 des RSSI disposent d\u2019un outillage limit\u00e9 pour mener les activit\u00e9s de gouvernance SSI : dans la plupart des cas, seuls des outils Excel sont \u00e0 disposition pour g\u00e9rer s\u00e9par\u00e9ment les analyses de risques, les contr\u00f4les permanents ou encore les plans d\u2019actions issus des audits.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/","og_locale":"en_US","og_type":"article","og_title":"Les outils de GRC : une opportunit\u00e9 d\u2019industrialisation de la gouvernance SSI ?","og_description":"La majorit\u00e9 des RSSI disposent d\u2019un outillage limit\u00e9 pour mener les activit\u00e9s de gouvernance SSI : dans la plupart des cas, seuls des outils Excel sont \u00e0 disposition pour g\u00e9rer s\u00e9par\u00e9ment les analyses de risques, les contr\u00f4les permanents ou encore les plans d\u2019actions issus des audits.","og_url":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/","og_site_name":"RiskInsight","article_published_time":"2013-11-12T20:15:53+00:00","article_modified_time":"2019-12-31T10:29:25+00:00","og_image":[{"width":58,"height":39,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/01\/Fotolia_15385861_XL-58x39.jpg","type":"image\/jpeg"}],"author":"Florence Le Goff, Stanislas Poiraud","twitter_misc":{"Written by":"Florence Le Goff, Stanislas Poiraud","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/"},"author":{"name":"Florence Le Goff","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/3dbf603d68922dd355bf464e2d050098"},"headline":"Les outils de GRC : une opportunit\u00e9 d\u2019industrialisation de la gouvernance SSI ?","datePublished":"2013-11-12T20:15:53+00:00","dateModified":"2019-12-31T10:29:25+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/"},"wordCount":768,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/01\/Fotolia_15385861_XL.jpg","keywords":["Gestion des risques","gouvernance","GRC","ISO 27001","Risk management"],"articleSection":["Cyberrisk Management &amp; Strategy","Cybersecurity &amp; Digital Trust"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/","url":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/","name":"Les outils de GRC : une opportunit\u00e9 d\u2019industrialisation de la gouvernance SSI ?","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/01\/Fotolia_15385861_XL.jpg","datePublished":"2013-11-12T20:15:53+00:00","dateModified":"2019-12-31T10:29:25+00:00","description":"La majorit\u00e9 des RSSI disposent d\u2019un outillage limit\u00e9 pour mener les activit\u00e9s de gouvernance SSI : dans la plupart des cas, seuls des outils Excel sont \u00e0 disposition pour g\u00e9rer s\u00e9par\u00e9ment les analyses de risques, les contr\u00f4les permanents ou encore les plans d\u2019actions issus des audits.","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/01\/Fotolia_15385861_XL.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/01\/Fotolia_15385861_XL.jpg","width":4361,"height":2911},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/les-outils-de-grc-une-opportunite-dindustrialisation-de-la-gouvernance-ssi\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Les outils de GRC : une opportunit\u00e9 d\u2019industrialisation de la gouvernance SSI ?"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/3dbf603d68922dd355bf464e2d050098","name":"Florence Le Goff","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/florence-le-goff\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/4514","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/193"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=4514"}],"version-history":[{"count":14,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/4514\/revisions"}],"predecessor-version":[{"id":12444,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/4514\/revisions\/12444"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/2818"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=4514"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=4514"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=4514"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=4514"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}