{"id":789,"date":"2011-10-12T09:19:05","date_gmt":"2011-10-12T08:19:05","guid":{"rendered":"http:\/\/www.solucominsight.fr\/?p=789"},"modified":"2019-12-31T12:24:07","modified_gmt":"2019-12-31T11:24:07","slug":"bilan-des-assises-2011","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2011\/10\/bilan-des-assises-2011\/","title":{"rendered":"Trois questions \u00e0 G\u00e9r\u00f4me Billois sur les Assises 2011"},"content":{"rendered":"<p><strong>Les Assises de la s\u00e9curit\u00e9 et des syst\u00e8mes d\u2019information viennent de se tenir du 5 au 8 octobre \u00e0 Monaco. Quel est votre retour sur cet \u00e9v\u00e9nement\u00a0?<\/strong><\/p>\n<p>Une fois de plus les Assises sont un succ\u00e8s, un succ\u00e8s \u00e0 la fois gr\u00e2ce \u00e0 une organisation de grande qualit\u00e9 mais aussi du fait de la pr\u00e9sence de l\u2019ensemble de la communaut\u00e9 fran\u00e7aise. RSSI, responsables des risques, DSI, \u00e9diteurs, constructeurs et cabinets de conseil, tous \u00e9taient l\u00e0 dans une optique de partage et d\u2019\u00e9change toujours aussi fructueuse.<\/p>\n<p><strong>Quels sont les sujets d\u2019actualit\u00e9s et les nouveaut\u00e9s rencontr\u00e9es\u00a0?<\/strong><\/p>\n<p>Les sujets ont tellement \u00e9t\u00e9 diversifi\u00e9s qu\u2019il est quasiment impossible de tous les citer. Si je devais le r\u00e9sumer les 3 mots cl\u00e9s les plus rencontr\u00e9s, je dirais\u00a0: cloud, consumersation et cybercriminalit\u00e9. Ils ont \u00e9t\u00e9 largement d\u00e9battus et ont fait l\u2019objet de nombreuses annonces innovantes. A l\u2019inverse, je noterais une \u00a0plus faible repr\u00e9sentation des sujets attenant \u00e0 la s\u00e9curit\u00e9 applicative, pourtant au c\u0153ur de la protection aujourd\u2019hui. Enfin, des sujets plus atypiques et prospectifs comme l\u2019IPv6, ont fait leur apparition.<\/p>\n<p>Finalement la gestion de risques et l\u2019\u00e9volution du r\u00f4le du RSSI ont, une fois de plus, \u00e9t\u00e9 l\u2019objet de nombreuses discussions dans plusieurs ateliers, dont celui anim\u00e9 par Solucom. Le d\u00e9bat s\u2019est \u00e9largi, touchant alors \u00e0 des probl\u00e9matiques hors \u00ab\u00a0s\u00e9curit\u00e9\u00a0\u00bb, avec notamment une intervention de premier plan de Luc Ferry sur la multiplication des peurs dans notre soci\u00e9t\u00e9. J\u2019en retiendrai que la peur ne doit pas \u00eatre le premier \u00e9l\u00e9ment de nos r\u00e9flexions et que la gestion du risque ne doit pas \u00eatre un frein au d\u00e9veloppement ou \u00e0 l\u2019innovation\u00a0!<\/p>\n<p><strong>L\u2019ANSSI a anim\u00e9 une pl\u00e9ni\u00e8re pour alerter la communaut\u00e9 et lui demander de revenir aux fondamentaux de la s\u00e9curit\u00e9, quelle est votre analyse\u00a0? <\/strong><\/p>\n<p>Je pense qu\u2019aujourd\u2019hui la communaut\u00e9 s\u00e9curit\u00e9 conna\u00eet bien ces fondamentaux (gestion d\u2019identit\u00e9, correctifs, antivirus, durcissement\u2026), mais elle est confront\u00e9e depuis plus d\u2019une dizaine d\u2019ann\u00e9e \u00e0 la difficult\u00e9 de les faire appliquer. Les \u00e9quipes techniques et les m\u00e9tiers rechignent, les directions ne comprennent pas.<\/p>\n<p>Cet \u00e9tat de fait a amen\u00e9 la communaut\u00e9 \u00e0 s\u2019orienter d\u2019une part autour de la gestion des risques, afin de \u00a0concr\u00e9tiser et d\u2019expliciter en termes \u00ab\u00a0m\u00e9tier\u00a0\u00bb les impacts potentiels, mais aussi d\u2019autre part dans la publication de nombreuses normes ou r\u00e9glementations pour aider ou \u00ab\u00a0forcer\u00a0\u00bb l\u2019application de ces mesures. Pourtant, cela n\u2019a march\u00e9 qu\u2019un temps et la plupart de ces initiatives se sont transform\u00e9es en s\u00e9curit\u00e9 \u00ab\u00a0cache sexe \u00bb comme le disait Patrick Pailloux. Cela est un vrai drame car ces d\u00e9marches pourtant de qualit\u00e9 sont trop souvent d\u00e9voy\u00e9es !<\/p>\n<p>A mon sens, aujourd\u2019hui, la communaut\u00e9 s\u00e9curit\u00e9 manque de leviers pour convaincre les directions et les m\u00e9tiers. Elle manque \u00e9galement de support manag\u00e9rial pour r\u00e9ellement sanctionner et faire \u00e9voluer des pratiques d\u00e9viantes souvent rencontr\u00e9es. Les r\u00e9cents incidents m\u00e9diatiques sont une aide mais la logique du \u00ab\u00a0cela n\u2019arrive qu\u2019aux autres\u00a0\u00bb est encore trop r\u00e9pandue<\/p>\n<p>L\u2019ANSSI, gr\u00e2ce \u00e0 son message \u00ab\u00a0back to basics\u00a0\u00bb, joue un r\u00f4le de premier plan. Mais elle pourrait aller plus loin en faisant part r\u00e9guli\u00e8rement de leur \u00ab\u00a0thermom\u00e8tre\u00a0\u00bb du risque tel qu\u2019\u00e9voqu\u00e9 durant la pl\u00e9ni\u00e8re afin de faciliter la sensibilisation des donneurs d\u2019ordre.<\/p>\n<p>Il faut arr\u00eater de minimiser l\u2019exposition de la France aux menaces cybercriminelles. L\u2019illusion de s\u00e9curit\u00e9 est bien trop r\u00e9pandue aujourd\u2019hui et j\u2019esp\u00e8re que\u00a0 les messages forts de la pl\u00e9ni\u00e8re aideront \u00e0 changer cette situation.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Les Assises de la s\u00e9curit\u00e9 et des syst\u00e8mes d\u2019information viennent de se tenir du 5 au 8 octobre \u00e0 Monaco. Quel est votre retour sur cet \u00e9v\u00e9nement\u00a0? Une fois de plus les Assises sont un succ\u00e8s, un succ\u00e8s \u00e0 la&#8230;<\/p>\n","protected":false},"author":226,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3223,36],"tags":[184,80,3119,183],"coauthors":[1458],"class_list":["post-789","post","type-post","status-publish","format-standard","hentry","category-cloud-next-gen-it-security","category-cybersecurity-digital-trust","tag-assises","tag-cloud","tag-cloud-security","tag-cybercriminalite"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Trois questions \u00e0 G\u00e9r\u00f4me Billois sur les Assises 2011 - RiskInsight<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2011\/10\/bilan-des-assises-2011\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Trois questions \u00e0 G\u00e9r\u00f4me Billois sur les Assises 2011 - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"Les Assises de la s\u00e9curit\u00e9 et des syst\u00e8mes d\u2019information viennent de se tenir du 5 au 8 octobre \u00e0 Monaco. Quel est votre retour sur cet \u00e9v\u00e9nement\u00a0? Une fois de plus les Assises sont un succ\u00e8s, un succ\u00e8s \u00e0 la...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2011\/10\/bilan-des-assises-2011\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2011-10-12T08:19:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-12-31T11:24:07+00:00\" \/>\n<meta name=\"author\" content=\"SolucomINSIGHT\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"SolucomINSIGHT\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2011\/10\/bilan-des-assises-2011\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2011\/10\/bilan-des-assises-2011\/\"},\"author\":{\"name\":\"SolucomINSIGHT\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/db6adc4938259b49b2bfa661026ca1f5\"},\"headline\":\"Trois questions \u00e0 G\u00e9r\u00f4me Billois sur les Assises 2011\",\"datePublished\":\"2011-10-12T08:19:05+00:00\",\"dateModified\":\"2019-12-31T11:24:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2011\/10\/bilan-des-assises-2011\/\"},\"wordCount\":645,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"keywords\":[\"Assises\",\"Cloud\",\"Cloud security\",\"Cybercriminalit\u00e9\"],\"articleSection\":[\"Cloud &amp; Next-Gen IT Security\",\"Cybersecurity &amp; Digital Trust\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2011\/10\/bilan-des-assises-2011\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2011\/10\/bilan-des-assises-2011\/\",\"name\":\"Trois questions \u00e0 G\u00e9r\u00f4me Billois sur les Assises 2011 - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"datePublished\":\"2011-10-12T08:19:05+00:00\",\"dateModified\":\"2019-12-31T11:24:07+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2011\/10\/bilan-des-assises-2011\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2011\/10\/bilan-des-assises-2011\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2011\/10\/bilan-des-assises-2011\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trois questions \u00e0 G\u00e9r\u00f4me Billois sur les Assises 2011\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/db6adc4938259b49b2bfa661026ca1f5\",\"name\":\"SolucomINSIGHT\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/solucominsight\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Trois questions \u00e0 G\u00e9r\u00f4me Billois sur les Assises 2011 - RiskInsight","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2011\/10\/bilan-des-assises-2011\/","og_locale":"en_US","og_type":"article","og_title":"Trois questions \u00e0 G\u00e9r\u00f4me Billois sur les Assises 2011 - RiskInsight","og_description":"Les Assises de la s\u00e9curit\u00e9 et des syst\u00e8mes d\u2019information viennent de se tenir du 5 au 8 octobre \u00e0 Monaco. Quel est votre retour sur cet \u00e9v\u00e9nement\u00a0? Une fois de plus les Assises sont un succ\u00e8s, un succ\u00e8s \u00e0 la...","og_url":"https:\/\/www.riskinsight-wavestone.com\/2011\/10\/bilan-des-assises-2011\/","og_site_name":"RiskInsight","article_published_time":"2011-10-12T08:19:05+00:00","article_modified_time":"2019-12-31T11:24:07+00:00","author":"SolucomINSIGHT","twitter_misc":{"Written by":"SolucomINSIGHT","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2011\/10\/bilan-des-assises-2011\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2011\/10\/bilan-des-assises-2011\/"},"author":{"name":"SolucomINSIGHT","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/db6adc4938259b49b2bfa661026ca1f5"},"headline":"Trois questions \u00e0 G\u00e9r\u00f4me Billois sur les Assises 2011","datePublished":"2011-10-12T08:19:05+00:00","dateModified":"2019-12-31T11:24:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2011\/10\/bilan-des-assises-2011\/"},"wordCount":645,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"keywords":["Assises","Cloud","Cloud security","Cybercriminalit\u00e9"],"articleSection":["Cloud &amp; Next-Gen IT Security","Cybersecurity &amp; Digital Trust"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2011\/10\/bilan-des-assises-2011\/","url":"https:\/\/www.riskinsight-wavestone.com\/2011\/10\/bilan-des-assises-2011\/","name":"Trois questions \u00e0 G\u00e9r\u00f4me Billois sur les Assises 2011 - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"datePublished":"2011-10-12T08:19:05+00:00","dateModified":"2019-12-31T11:24:07+00:00","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2011\/10\/bilan-des-assises-2011\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2011\/10\/bilan-des-assises-2011\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2011\/10\/bilan-des-assises-2011\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Trois questions \u00e0 G\u00e9r\u00f4me Billois sur les Assises 2011"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/db6adc4938259b49b2bfa661026ca1f5","name":"SolucomINSIGHT","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/solucominsight\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/789","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/226"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=789"}],"version-history":[{"count":6,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/789\/revisions"}],"predecessor-version":[{"id":7700,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/789\/revisions\/7700"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=789"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=789"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=789"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=789"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}