{"id":4619,"date":"2013-11-19T19:00:36","date_gmt":"2013-11-19T18:00:36","guid":{"rendered":"http:\/\/www.solucominsight.fr\/?p=4619"},"modified":"2019-12-30T16:37:36","modified_gmt":"2019-12-30T15:37:36","slug":"iso-27002-tour-dhorizon-des-nouveautes","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/","title":{"rendered":"ISO 27002 : tour d&#8217;horizon des nouveaut\u00e9s"},"content":{"rendered":"<p>Suite \u00e0 la mise \u00e0 jour <a title=\"Mise \u00e0 jour de l\u2019ISO 27001 : quels impacts op\u00e9rationnels ?\" href=\"http:\/\/www.solucominsight.fr\/2013\/09\/mise-a-jour-de-liso-27001-quels-impacts-operationnels\/\" target=\"_blank\" rel=\"noopener noreferrer\">de l\u2019ISO 27001\u00a0:2013<\/a>, une \u00e9volution de l\u2019ISO 27002 est \u00e9galement pr\u00e9vue pour la fin de l\u2019ann\u00e9e. Les objectifs \u00e9taient clairs\u00a0: une meilleure lisibilit\u00e9 et moins de redondance dans les recommandations de s\u00e9curit\u00e9. Sont-ils atteints\u00a0?\u00a0Que nous apporte la nouvelle norme\u00a0?<\/p>\n<h2>Des \u00e9volutions de forme\u2026<\/h2>\n<p>La norme se compose dor\u00e9navant de 14 chapitres contre 11 dans la version 2005. Les nouveaux chapitres intitul\u00e9s \u00ab\u00a0Cryptographie\u00a0\u00bb, \u00ab\u00a0Relations avec les fournisseurs\u00a0\u00bb, \u00ab\u00a0S\u00e9curit\u00e9 des t\u00e9l\u00e9communications\u00a0\u00bb et \u00ab\u00a0S\u00e9curit\u00e9 de l\u2019exploitation\u00a0\u00bb sont issus d\u2019un d\u00e9coupage des chapitres\u00a0existants.<\/p>\n<p>Les objectifs de s\u00e9curit\u00e9 passent de 39 \u00e0 35, ils sont formul\u00e9s de mani\u00e8re plus synth\u00e9tique, plus souple, augurant plus d\u2019efficacit\u00e9 dans l\u2019impl\u00e9mentation.<\/p>\n<p>Certaines mesures de s\u00e9curit\u00e9 ont \u00e9t\u00e9 modifi\u00e9es ou supprim\u00e9es, et finalement peu ont \u00e9t\u00e9 ajout\u00e9es (6 seulement), ce qui diminue le nombre global (133 \u00e0 113 mesures).<\/p>\n<h2>\u2026 et des \u00e9volutions de fond<\/h2>\n<p>Trois sujets ont r\u00e9ellement fait l\u2019objet d\u2019\u00e9volutions structurantes.<\/p>\n<p>Le chapitre \u00ab\u00a0acquisition, d\u00e9veloppement et maintenance\u00a0\u00bb a \u00e9t\u00e9 revu en profondeur et prend maintenant en compte la s\u00e9curit\u00e9 applicative\u00a0en incluant des mesures sur \u00ab\u00a0<em>System acceptance testing\u00a0\u00bb<\/em> (outil d\u2019analyse de code, scanners de vuln\u00e9rabilit\u00e9s), \u00ab\u00a0<em>System security testing during development<\/em>\u00a0\u00bb, \u00ab\u00a0<em>Secure system engineering principles<\/em>\u00a0\u00bb, \u00ab\u00a0<em>Outsourced developement<\/em>\u00a0\u00bb\u2026 Par ailleurs, les mesures deviennent plus g\u00e9n\u00e9rales, en supprimant l\u2019objectif de s\u00e9curit\u00e9 sur \u00ab\u00a0le bon fonctionnement des applications\u00a0\u00bb (validation des donn\u00e9es en entr\u00e9e et en sortie, int\u00e9grit\u00e9 des messages, etc.). La gestion des donn\u00e9es de tests est trait\u00e9e dans ce chapitre.<\/p>\n<p>Le chapitre \u201c<strong>Information security aspects of business continuity management<\/strong>\u201d traite maintenant de la <strong>continuit\u00e9 de la s\u00e9curit\u00e9 de l\u2019information<\/strong> et non plus de la continuit\u00e9 business ! Ainsi, une note indique que les informations concernant le <em>business continuity management <\/em>sont disponibles dans les normes\u00a0 ISO 22301, 27301, 22313. Seul un objectif de s\u00e9curit\u00e9 intitul\u00e9 \u00ab\u00a0<em>redundancies<\/em>\u00a0\u00bb concerne la disponibilit\u00e9 des \u00ab\u00a0<em>information processing facilities<\/em>\u00a0\u00bb. M\u00eame si la norme r\u00e9duit la port\u00e9e de ces mesures, rien n\u2019emp\u00eache de conserver les mesures \u00ab\u00a0historiques\u00a0\u00bb sur le PCA.<\/p>\n<p>Le chapitre \u00ab\u00a0<strong>contr\u00f4le d\u2019acc\u00e8s<\/strong>\u00a0\u00bb se concentre sur la gestion des <strong>acc\u00e8s des utilisateurs et sur l\u2019acc\u00e8s aux applications et aux syst\u00e8mes<\/strong>\u00a0: le contr\u00f4le d\u2019acc\u00e8s r\u00e9seau, le contr\u00f4le d\u2019acc\u00e8s \u00e0 l\u2019OS, le t\u00e9l\u00e9travail ne font plus partie de ce chapitre. En particulier, les mesures portant sur le cycle de vie des habilitations ont \u00e9t\u00e9 compl\u00e9t\u00e9es\u00a0: depuis l\u2019enregistrement des utilisateurs jusqu\u2019aux revues des droits et la suppression des droits en cas de d\u00e9part. L\u2019authentification par mot de passe a \u00e9t\u00e9 \u00e9largie aux \u00ab\u00a0<em>secret authentication<\/em>\u00a0\u00bb. Un focus sp\u00e9cifique est maintenant fait sur l\u2019acc\u00e8s au code source.<\/p>\n<p>Concernant les autres chapitres de la norme, les \u00e9volutions sont moins notables. On peut relever les points suivants.<\/p>\n<p>Le chapitre \u00ab\u00a0<strong>gestion des incidents li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l\u2019information<\/strong>\u00a0\u00bb est compl\u00e9t\u00e9 par quelques pr\u00e9cisions\u00a0: une phase de \u00ab\u00a0<em>assessment of and decision on information security events<\/em>\u00a0\u00bb permet de d\u00e9terminer si les \u00e9v\u00e8nements sont consid\u00e9r\u00e9s comme des incidents de s\u00e9curit\u00e9 et une phase de \u00ab\u00a0<em>response to information security incidents<\/em>\u00a0\u00bb d\u00e9crit la gestion des incidents. La phase d\u2019apprentissage suite \u00e0 l\u2019analyse des incidents est assouplie : il n\u2019est plus n\u00e9cessaire d\u2019\u00e9valuer le type, le volume et les co\u00fbts des incidents.<\/p>\n<p>Le chapitre \u00ab\u00a0<strong>s\u00e9curit\u00e9 du r\u00e9seau\u00a0<\/strong>\u00bb agr\u00e8ge maintenant toutes les mesures li\u00e9es au r\u00e9seau et reprend \u00e9galement celles issues du chapitre \u00ab\u00a0gestion des t\u00e9l\u00e9communications et de l\u2019exploitation\u00a0\u00bb (\u00ab\u00a0gestion de la s\u00e9curit\u00e9 des r\u00e9seaux\u00a0\u00bb et \u00ab\u00a0\u00e9change des informations \u00bb) et celles issues du chapitre \u00ab\u00a0Contr\u00f4le d\u2019acc\u00e8s\u00a0\u00bb en ne conservant que le contr\u00f4le \u00ab\u00a0cloisonnement des r\u00e9seaux<em>\u00a0\u00bb. <\/em><\/p>\n<p>Le chapitre \u00ab\u00a0<strong>relation avec les fournisseurs<\/strong>\u00a0\u00bb concentre tous les contr\u00f4les li\u00e9s \u00e0 la gestion des fournisseurs, en rempla\u00e7ant la notion de \u00ab\u00a0<em>tiers <\/em>\u00bb par \u00ab\u00a0<em>fournisseur\u00a0\u00bb<\/em>. Un nouveau contr\u00f4le est ajout\u00e9 sur le report des mesures de s\u00e9curit\u00e9 sur la chaine de sous-traitance, tandis que le contr\u00f4le sur \u00ab\u00a0l\u2019identification des risques provenant des tiers<em>\u00a0\u00bb<\/em> a \u00e9t\u00e9 supprim\u00e9.<\/p>\n<p>En synth\u00e8se, la version 2013 n\u2019est pas r\u00e9volutionnaire, mais les \u00e9volutions font appara\u00eetre plus de coh\u00e9rence au sein des chapitres, ce qui rend la norme plus lisible pour les acteurs en charge de la mise en \u0153uvre.<\/p>\n<h2>Qu\u2019en est-il des sujets li\u00e9s aux \u00e9volutions des usages et des technologies depuis 2005\u00a0?<\/h2>\n<p>Certaines th\u00e9matiques incontournables en termes de s\u00e9curit\u00e9 ne sont toujours pas trait\u00e9es explicitement dans la norme\u00a0:<\/p>\n<ul>\n<li>Des mesures basiques ne sont pas prises en compte, en particulier\u00a0: le durcissement des postes de travail ou des serveurs, les r\u00e9seaux sans fil, etc.<\/li>\n<\/ul>\n<ul>\n<li>Certaines r\u00e8gles restent trop macroscopiques pour r\u00e9ellement constituer de bonnes pratiques, notamment sur la s\u00e9curit\u00e9 du r\u00e9seau\u00a0: \u00ab\u00a0<em>networks should be managed and controlled to protect information in systems and applications<\/em>\u00a0\u00bb, \u00ab\u00a0<em>groups of information services, users and information systems should be segregated on networks<\/em>\u00a0\u00bb<\/li>\n<\/ul>\n<ul>\n<li>Les nouvelles menaces (cybercriminalit\u00e9) et les r\u00e9ponses associ\u00e9es ne sont pas d\u00e9velopp\u00e9es\u00a0: on ne parle pas de surveillance et de corr\u00e9lation des \u00e9v\u00e8nements de s\u00e9curit\u00e9 (logique SOC), de s\u00e9curisation de l\u2019administration, de s\u00e9curisation des acc\u00e8s \u00e0 l\u2019entreprise, notamment depuis Internet, des dispositifs de r\u00e9action en cas de cyber-attaques (logique CERT)\u2026<\/li>\n<\/ul>\n<ul>\n<li>Les (r)\u00e9volutions technologiques ne sont pas non plus explicitement prises en compte\u00a0: ni le cloud, ni la virtualisation ne sont abord\u00e9s<\/li>\n<\/ul>\n<p>On pourra arguer que la famille ISO 27xxx se compl\u00e8te avec des normes sp\u00e9cifiques (cloud computing, surveillance s\u00e9curit\u00e9, etc.), mais il n\u2019en reste pas moins que ce soit g\u00eanant si on consid\u00e8re que l\u2019ISO 27002 reste le r\u00e9f\u00e9rentiel le plus g\u00e9n\u00e9rique et le plus utilis\u00e9 pour la s\u00e9curit\u00e9 du SI.<\/p>\n<p>A noter que la norme ISO 27001:2013 appuie sur le fait de compl\u00e9ter la D\u00e9claration d\u2019Applicabilit\u00e9 avec des mesures qui ne sont pas pr\u00e9sentes dans l\u2019ISO 27002, ce qui permet de pallier certains manques.<\/p>\n<h2>Une norme qui reste \u00ab\u00a0l\u2019esperanto\u00a0\u00bb de la s\u00e9curit\u00e9<\/h2>\n<p>La nouvelle version de la norme ISO 27002 reste donc une liste de mesures de s\u00e9curit\u00e9, ne d\u00e9taillant pas l\u2019ensemble des caract\u00e9ristiques de mise en \u0153uvre.<\/p>\n<p>Sa stabilit\u00e9 dans le temps et son caract\u00e8re \u00ab\u00a0ind\u00e9pendant des technologies\u00a0\u00bb devrait, malgr\u00e9 ces quelques d\u00e9fauts, lui garantir le m\u00eame succ\u00e8s dans la dur\u00e9e.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Suite \u00e0 la mise \u00e0 jour de l\u2019ISO 27001\u00a0:2013, une \u00e9volution de l\u2019ISO 27002 est \u00e9galement pr\u00e9vue pour la fin de l\u2019ann\u00e9e. Les objectifs \u00e9taient clairs\u00a0: une meilleure lisibilit\u00e9 et moins de redondance dans les recommandations de s\u00e9curit\u00e9. Sont-ils atteints\u00a0?\u00a0Que&#8230;<\/p>\n","protected":false},"author":219,"featured_media":3848,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3222,36],"tags":[62,1261,1156,1419],"coauthors":[1417],"class_list":["post-4619","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyberrisk-management-strategy","category-cybersecurity-digital-trust","tag-iso-27001","tag-iso-27002","tag-normes","tag-recommandations"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>ISO 27002 : tour d&#039;horizon des nouveaut\u00e9s<\/title>\n<meta name=\"description\" content=\"Suite \u00e0 la mise \u00e0 jour de l\u2019ISO 27001 :2013, une \u00e9volution de l\u2019ISO 27002 est \u00e9galement pr\u00e9vue pour la fin de l\u2019ann\u00e9e. Les objectifs \u00e9taient clairs : une meilleure lisibilit\u00e9 et moins de redondance dans les recommandations de s\u00e9curit\u00e9. Sont-ils atteints ? Que nous apporte la nouvelle norme ?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ISO 27002 : tour d&#039;horizon des nouveaut\u00e9s\" \/>\n<meta property=\"og:description\" content=\"Suite \u00e0 la mise \u00e0 jour de l\u2019ISO 27001 :2013, une \u00e9volution de l\u2019ISO 27002 est \u00e9galement pr\u00e9vue pour la fin de l\u2019ann\u00e9e. Les objectifs \u00e9taient clairs : une meilleure lisibilit\u00e9 et moins de redondance dans les recommandations de s\u00e9curit\u00e9. Sont-ils atteints ? Que nous apporte la nouvelle norme ?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2013-11-19T18:00:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-12-30T15:37:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/06\/Fotolia_15385861_XL-58x39.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"58\" \/>\n\t<meta property=\"og:image:height\" content=\"39\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Claire Carr\u00e9\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Claire Carr\u00e9\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/\"},\"author\":{\"name\":\"Claire Carr\u00e9\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/c36ab80820cc5ef922a5f19ed01a6f9b\"},\"headline\":\"ISO 27002 : tour d&#8217;horizon des nouveaut\u00e9s\",\"datePublished\":\"2013-11-19T18:00:36+00:00\",\"dateModified\":\"2019-12-30T15:37:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/\"},\"wordCount\":1115,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/06\/Fotolia_15385861_XL.jpg\",\"keywords\":[\"ISO 27001\",\"iso 27002\",\"normes\",\"recommandations\"],\"articleSection\":[\"Cyberrisk Management &amp; Strategy\",\"Cybersecurity &amp; Digital Trust\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/\",\"name\":\"ISO 27002 : tour d'horizon des nouveaut\u00e9s\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/06\/Fotolia_15385861_XL.jpg\",\"datePublished\":\"2013-11-19T18:00:36+00:00\",\"dateModified\":\"2019-12-30T15:37:36+00:00\",\"description\":\"Suite \u00e0 la mise \u00e0 jour de l\u2019ISO 27001 :2013, une \u00e9volution de l\u2019ISO 27002 est \u00e9galement pr\u00e9vue pour la fin de l\u2019ann\u00e9e. Les objectifs \u00e9taient clairs : une meilleure lisibilit\u00e9 et moins de redondance dans les recommandations de s\u00e9curit\u00e9. Sont-ils atteints ? Que nous apporte la nouvelle norme ?\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/06\/Fotolia_15385861_XL.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/06\/Fotolia_15385861_XL.jpg\",\"width\":4361,\"height\":2911},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ISO 27002 : tour d&rsquo;horizon des nouveaut\u00e9s\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/c36ab80820cc5ef922a5f19ed01a6f9b\",\"name\":\"Claire Carr\u00e9\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/claire-carre\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ISO 27002 : tour d'horizon des nouveaut\u00e9s","description":"Suite \u00e0 la mise \u00e0 jour de l\u2019ISO 27001 :2013, une \u00e9volution de l\u2019ISO 27002 est \u00e9galement pr\u00e9vue pour la fin de l\u2019ann\u00e9e. Les objectifs \u00e9taient clairs : une meilleure lisibilit\u00e9 et moins de redondance dans les recommandations de s\u00e9curit\u00e9. Sont-ils atteints ? Que nous apporte la nouvelle norme ?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/","og_locale":"en_US","og_type":"article","og_title":"ISO 27002 : tour d'horizon des nouveaut\u00e9s","og_description":"Suite \u00e0 la mise \u00e0 jour de l\u2019ISO 27001 :2013, une \u00e9volution de l\u2019ISO 27002 est \u00e9galement pr\u00e9vue pour la fin de l\u2019ann\u00e9e. Les objectifs \u00e9taient clairs : une meilleure lisibilit\u00e9 et moins de redondance dans les recommandations de s\u00e9curit\u00e9. Sont-ils atteints ? Que nous apporte la nouvelle norme ?","og_url":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/","og_site_name":"RiskInsight","article_published_time":"2013-11-19T18:00:36+00:00","article_modified_time":"2019-12-30T15:37:36+00:00","og_image":[{"width":58,"height":39,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/06\/Fotolia_15385861_XL-58x39.jpg","type":"image\/jpeg"}],"author":"Claire Carr\u00e9","twitter_misc":{"Written by":"Claire Carr\u00e9","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/"},"author":{"name":"Claire Carr\u00e9","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/c36ab80820cc5ef922a5f19ed01a6f9b"},"headline":"ISO 27002 : tour d&#8217;horizon des nouveaut\u00e9s","datePublished":"2013-11-19T18:00:36+00:00","dateModified":"2019-12-30T15:37:36+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/"},"wordCount":1115,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/06\/Fotolia_15385861_XL.jpg","keywords":["ISO 27001","iso 27002","normes","recommandations"],"articleSection":["Cyberrisk Management &amp; Strategy","Cybersecurity &amp; Digital Trust"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/","url":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/","name":"ISO 27002 : tour d'horizon des nouveaut\u00e9s","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/06\/Fotolia_15385861_XL.jpg","datePublished":"2013-11-19T18:00:36+00:00","dateModified":"2019-12-30T15:37:36+00:00","description":"Suite \u00e0 la mise \u00e0 jour de l\u2019ISO 27001 :2013, une \u00e9volution de l\u2019ISO 27002 est \u00e9galement pr\u00e9vue pour la fin de l\u2019ann\u00e9e. Les objectifs \u00e9taient clairs : une meilleure lisibilit\u00e9 et moins de redondance dans les recommandations de s\u00e9curit\u00e9. Sont-ils atteints ? Que nous apporte la nouvelle norme ?","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/06\/Fotolia_15385861_XL.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/06\/Fotolia_15385861_XL.jpg","width":4361,"height":2911},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/11\/iso-27002-tour-dhorizon-des-nouveautes\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"ISO 27002 : tour d&rsquo;horizon des nouveaut\u00e9s"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/c36ab80820cc5ef922a5f19ed01a6f9b","name":"Claire Carr\u00e9","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/claire-carre\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/4619","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/219"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=4619"}],"version-history":[{"count":4,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/4619\/revisions"}],"predecessor-version":[{"id":12443,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/4619\/revisions\/12443"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/3848"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=4619"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=4619"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=4619"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=4619"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}