{"id":8786,"date":"2016-02-12T11:30:57","date_gmt":"2016-02-12T10:30:57","guid":{"rendered":"http:\/\/www.solucominsight.fr\/?p=8786"},"modified":"2019-12-31T10:25:06","modified_gmt":"2019-12-31T09:25:06","slug":"cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/","title":{"rendered":"Cybers\u00e9curit\u00e9 : Quelle place pour l&#8217;humain et quelle organisation ?"},"content":{"rendered":"<p><em>En cybers\u00e9curit\u00e9 on entend souvent dire que \u00ab\u00a0la principale vuln\u00e9rabilit\u00e9 se situe entre le si\u00e8ge et le clavier\u00a0\u00bb. En effet, les attaquants exploitent souvent les erreurs commises par les individus et \u00e9galement les vuln\u00e9rabilit\u00e9s des organisations. En outre, pour que les dispositifs de protection et les proc\u00e9dures mis en place soient vraiment efficaces, le personnel doit se sentir impliqu\u00e9 et les utiliser correctement.<\/em><\/p>\n<p>Or, ces faiblesses socio-organisationnelles sont analogues aux circonstances de certains accidents observ\u00e9s dans l\u2019industrie. Ainsi, ce secteur a d\u00e9pass\u00e9 depuis plusieurs d\u00e9cennies l\u2019\u00e9tude des \u00e9v\u00e9nements selon les facteurs technique, humain, proc\u00e9dural et environnemental, pour s\u2019int\u00e9resser d\u00e9sormais aux causes dites \u00ab\u00a0syst\u00e9miques\u00a0\u00bb. Une m\u00e9thode d\u2019analyse des accidents consiste \u00e0 travailler \u00e0 partir du mod\u00e8le de d\u00e9fense en profondeur th\u00e9oris\u00e9 par le Pr. James Reason pour comprendre les conditions pr\u00e9alables et trouver les dysfonctionnements cach\u00e9s au sein de l\u2019organisation. Cette approche d\u00e9crit le m\u00e9canisme d\u2019accident par un \u00e9l\u00e9ment d\u00e9clenchant qui trouve un cheminement possible au travers des barri\u00e8res de s\u00e9curit\u00e9 successives (fl\u00e8che rouge ci-dessous) en raison de l\u2019addition de vuln\u00e9rabilit\u00e9s latentes (d\u00e9faut d\u2019organisation, d\u00e9cisions hi\u00e9rarchiques faillibles, mauvais traitement de signaux pr\u00e9curseurs) et patentes (actes non s\u00fbrs, d\u00e9faillance d\u2019un \u00e9quipement).<\/p>\n<figure id=\"post-8787 media-8787\" class=\"align-none\"><img decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/www.solucominsight.fr\/wp-content\/uploads\/2016\/02\/image1.png\" alt=\"\" \/><\/figure>\n<p style=\"text-align: center;\"><em>D\u00e9fense en profondeur (d\u2019apr\u00e8s James Reason, Human error 1990)<\/em><\/p>\n<p>La cybers\u00e9curit\u00e9 n\u2019\u00e9chappe pas \u00e0 ce principe de \u00ab\u00a0d\u00e9fense en profondeur\u00a0\u00bb, et le m\u00e9canisme des cyber-attaques pr\u00e9sente une similitude avec celui des accidents industriels. Par exemple, une mauvaise prise en compte d\u2019\u00e9v\u00e9nements pr\u00e9curseurs ou une sensibilisation insuffisante du personnel sont autant d\u2019\u00e9l\u00e9ments que l\u2019on retrouve de fa\u00e7on r\u00e9currente dans le contexte d\u2019attaques informatiques.<br \/>\nEn cons\u00e9quence, comment exploiter les enseignements issus de l\u2019industrie pour renforcer la cybers\u00e9curit\u00e9 notamment en s\u2019appuyant sur les comportements individuels et collectifs\u00a0et en travaillant sur les FOH (facteurs organisationnel et humain) ?<\/p>\n<h1>La mise en place d\u2019une \u00ab\u00a0organisation apprenante\u00a0\u00bb<\/h1>\n<p>Un des premiers leviers d\u00e9velopp\u00e9s pour la ma\u00eetrise des risques industriels est la mise en place d\u2019un syst\u00e8me de gestion du retour d\u2019exp\u00e9rience (REX) et la construction d\u2019une \u00ab organisation apprenante\u00a0\u00bb sur cinq points essentiels\u00a0:<\/p>\n<ul>\n<li><strong>Un<\/strong> <strong>engagement du niveau de la direction<\/strong> d\u00e9finissant la politique REX, les moyens techniques et humains, les seuils de d\u00e9tection et les modes de report des \u00e9v\u00e9nements, des garanties sur la \u00ab\u00a0non-punitivit\u00e9\u00a0\u00bb\u00a0de l\u2019erreur),<\/li>\n<li><strong>La promotion d\u2019une culture \u00ab\u00a0d\u00e9clarante\u00a0\u00bb\u00a0<\/strong>des erreurs, obtenue par un climat de confiance, changement sociologique au sein de l\u2019entreprise qui permet de passer du \u00ab\u00a0Qu\u2019est-ce que je risque \u00e0 en parler\u00a0?\u00a0\u00bb \u00e0 \u00ab\u00a0Que risquons-nous si je n\u2019en parle pas\u00a0?\u00a0\u00bb,<\/li>\n<li><strong>L\u2019utilisation du<\/strong> <strong>principe de subsidiarit\u00e9<\/strong> car, face \u00e0 l\u2019accroissement de la remont\u00e9e d\u2019information g\u00e9n\u00e9r\u00e9 par ce syst\u00e8me, pour continuer \u00e0 d\u00e9tecter \u00ab\u00a0le signal utile dans le bruit de fond\u00a0\u00bb les dirigeants doivent laisser traiter les incidents au bon niveau de responsabilit\u00e9,<\/li>\n<li><strong>L\u2019animation du syst\u00e8me <\/strong>par des revues syst\u00e9matiques et des actions correctrices pour maintenir la motivation du personnel \u00e0 reporter les erreurs en produisant des effets concrets et perceptibles,<\/li>\n<li><strong>L\u2019ajustement<\/strong> des seuils de d\u00e9tection d\u2019\u00e9v\u00e9nements et la diffusion des bonnes pratiques pour entretenir la dynamique du syst\u00e8me lorsque la s\u00e9curit\u00e9 s\u2019am\u00e9liore.\u00a0Cela permet d\u2019\u00e9viter le paradoxe des syst\u00e8mes \u00ab\u00a0ultra-s\u00fbrs\u00a0\u00bb ne g\u00e9n\u00e9rant plus d\u2019incidents significatifs avec le risque de voir le syst\u00e8me REX s\u2019\u00e9teindre.<\/li>\n<\/ul>\n<p>La cybers\u00e9curit\u00e9 s\u2019est parfaitement appropri\u00e9e les points 1 et 5\u00a0: PSSI, chartes, promotions des bonnes pratiques sont en place. Les points 3 et 4 restent \u00e0 consolider\u00a0: L\u2019organisation SSI poss\u00e8de bien des relais locaux, mais l\u2019expertise est souvent centralis\u00e9e. Des audits et des contr\u00f4les sont effectu\u00e9s mais des lacunes sont observ\u00e9es dans le suivi et la mise en \u0153uvre d\u2019actions correctrices (hors SMSI). En revanche, un effort important reste \u00e0 accomplir sur le point 2\u00a0: Les proc\u00e9dures de gestion des incidents existent mais le milieu de la cybers\u00e9curit\u00e9 doit encore d\u00e9velopper une r\u00e9elle \u00ab\u00a0culture d\u00e9clarante\u00a0\u00bb au sein de l\u2019entreprise.<\/p>\n<h1>Une claire s\u00e9paration des pouvoirs<\/h1>\n<p>Pour renforcer la s\u00e9curit\u00e9 une claire s\u00e9paration des pouvoirs est \u00e9galement \u00e0 instaurer, entre autorit\u00e9s r\u00e9gulatrices (fixant lois, r\u00e8gles ou principes organisationnels), organismes de contr\u00f4le, et exploitants (ou fournisseurs de service).<\/p>\n<figure id=\"post-8789 media-8789\" class=\"align-none\">\n<figure id=\"post-8798 media-8798\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/www.solucominsight.fr\/wp-content\/uploads\/2016\/02\/La-separation-des-pouvoirs1.png\" alt=\"\" width=\"618\" height=\"410\" \/><\/figure>\n<\/figure>\n<p style=\"text-align: center;\"><em>La s\u00e9paration des pouvoirs<\/em><\/p>\n<p>Cette disposition permet des prises de d\u00e9cision \u00e9clair\u00e9es par des points de vue ext\u00e9rieurs, parfois divergents, et d\u2019\u00e9viter la \u00ab\u00a0consanguinit\u00e9\u00a0\u00bb dans les processus de d\u00e9cision et de gestion des risques. En cybers\u00e9curit\u00e9 ce point reste \u00e0 consolider, les autorit\u00e9s r\u00e9gulatrices devant davantage d\u00e9l\u00e9guer, \u00e0 terme, la certification des syst\u00e8mes et des organisations \u00e0 des organismes tiers et ind\u00e9pendants.<\/p>\n<h1>Vers une culture de s\u00e9curit\u00e9 int\u00e9gr\u00e9e<\/h1>\n<p>Les points pr\u00e9c\u00e9dents doivent \u00eatre renforc\u00e9s par l\u2019instauration, au sein de l\u2019entreprise, d\u2019une culture de s\u00e9curit\u00e9 int\u00e9gr\u00e9e, ensemble de bonnes pratiques visant \u00e0 r\u00e9duire les risques de fa\u00e7on proactive ou r\u00e9active, construites collectivement en int\u00e9grant fortement le personnel d&#8217;ex\u00e9cution dans l&#8217;\u00e9tablissement des r\u00e8gles et proc\u00e9dures.<\/p>\n<figure id=\"post-8790 media-8790\" class=\"align-none\">\n<figure id=\"post-8799 media-8799\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/www.solucominsight.fr\/wp-content\/uploads\/2016\/02\/Une-culture-de-securite-integree1.png\" alt=\"\" width=\"747\" height=\"417\" \/><\/figure>\n<\/figure>\n<p style=\"text-align: center;\"><em>Une culture de s\u00e9curit\u00e9 int\u00e9gr\u00e9e<\/em><\/p>\n<p>Dans cet ensemble<strong> le management<\/strong> fixe les objectifs et fournit \u00e0 ses subordonn\u00e9s les moyens mat\u00e9riels et humains d\u2019agir en temps utile. Il cr\u00e9e \u00e9galement <strong>une organisation<\/strong> qui doit coordonner les activit\u00e9s de chacun, en profitant au mieux des qualit\u00e9s compl\u00e9mentaires des individus. Celle-ci sollicite le management qui est amen\u00e9 sans cesse \u00e0 ajuster et d\u00e9cider (arbitrage collectif si n\u00e9cessaire). L\u2019organisation est vivante et doit avoir la capacit\u00e9 de r\u00e9agir \u00e0 toutes les situations, m\u00eame impr\u00e9vues, <strong>en faisant appel \u00e0 l\u2019intelligence collective et adaptative de tous ses membres<\/strong> pour rattraper des situations critiques.<strong> Les collaborateurs<\/strong> doivent saisir l\u2019importance de leur r\u00f4le dans l\u2019activit\u00e9 en cours ou dans les objectifs \u00e0 atteindre. <strong>Avec un management de proximit\u00e9 qui donne du sens \u00e0 l\u2019action,<\/strong> ils seront plus efficaces, se coordonneront mieux dans l\u2019organisation, et seront \u00e0 m\u00eame de prendre des d\u00e9cisions \u00e0 leur niveau permettant en cela \u00e0 l\u2019organisation de mieux r\u00e9sister aux \u00e9v\u00e9nements n\u00e9fastes. Dans ce contexte, un \u00e9quilibre subtil est \u00e0 trouver entre la s\u00e9curit\u00e9 r\u00e9gl\u00e9e (bas\u00e9e sur le formalisme, les proc\u00e9dures, les \u00e9quipements et les automatismes) et la s\u00e9curit\u00e9 g\u00e9r\u00e9e (s\u2019appuyant sur la capacit\u00e9 d\u2019anticipation, la facult\u00e9 d\u2019initiative et d\u2019adaptation des individus et de l\u2019organisation).<\/p>\n<h1>Conclusion\u00a0: Quelles pistes d\u2019avenir pour la cybers\u00e9curit\u00e9 ?<\/h1>\n<p>Ces derniers points, relatifs \u00e0 la culture d\u2019entreprise et au bon \u00e9quilibre \u00ab\u00a0s\u00e9curit\u00e9 r\u00e9gl\u00e9e \u2013 s\u00e9curit\u00e9 g\u00e9r\u00e9e\u00a0\u00bb, repr\u00e9sentent l\u2019\u00e9tat de l\u2019art en mati\u00e8re de s\u00e9curit\u00e9 industrielle sur lequel travaillent, depuis bien des ann\u00e9es, des organismes experts (ICSI\/FONCSI, IMdR). Force est de constater que le milieu de la cybers\u00e9curit\u00e9 est encore peu impliqu\u00e9 dans ces r\u00e9flexions, alors que l\u2019information et les technologies associ\u00e9es doivent \u00eatre consid\u00e9r\u00e9es comme un actif strat\u00e9gique de l\u2019entreprise jouant un r\u00f4le de plus en plus important dans la ma\u00eetrise des risques. Un meilleur \u00e9change entre ces deux mondes constitue donc un enjeu de taille pour la cybers\u00e9curit\u00e9 dans les ann\u00e9es \u00e0 venir. Notons que cette question, abord\u00e9e ici sous l\u2019angle des cyber-attaques, serait tout aussi pertinente en ce qui concerne la continuit\u00e9 d\u2019activit\u00e9 et les autres menaces environnementales.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>En cybers\u00e9curit\u00e9 on entend souvent dire que \u00ab\u00a0la principale vuln\u00e9rabilit\u00e9 se situe entre le si\u00e8ge et le clavier\u00a0\u00bb. En effet, les attaquants exploitent souvent les erreurs commises par les individus et \u00e9galement les vuln\u00e9rabilit\u00e9s des organisations. En outre, pour que&#8230;<\/p>\n","protected":false},"author":1028,"featured_media":8792,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3222,36],"tags":[2091,3304],"coauthors":[2441],"class_list":["post-8786","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyberrisk-management-strategy","category-cybersecurity-digital-trust","tag-facteur-humain","tag-risk-management-strategy-governance"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Cybers\u00e9curit\u00e9 : Quelle place pour l&#039;humain et quelle organisation ? - RiskInsight<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cybers\u00e9curit\u00e9 : Quelle place pour l&#039;humain et quelle organisation ? - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"En cybers\u00e9curit\u00e9 on entend souvent dire que \u00ab\u00a0la principale vuln\u00e9rabilit\u00e9 se situe entre le si\u00e8ge et le clavier\u00a0\u00bb. En effet, les attaquants exploitent souvent les erreurs commises par les individus et \u00e9galement les vuln\u00e9rabilit\u00e9s des organisations. En outre, pour que...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2016-02-12T10:30:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-12-31T09:25:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/02\/Fotolia_69917715_Subscription_Monthly_XXL-businessman-choosing-worker-from-group-of-businesspeople\u00a9-Doode.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"4472\" \/>\n\t<meta property=\"og:image:height\" content=\"3354\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"laurent dubau\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"laurent dubau\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/\"},\"author\":{\"name\":\"laurent dubau\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/24f8fbbe34c12541f55d9a811191b238\"},\"headline\":\"Cybers\u00e9curit\u00e9 : Quelle place pour l&#8217;humain et quelle organisation ?\",\"datePublished\":\"2016-02-12T10:30:57+00:00\",\"dateModified\":\"2019-12-31T09:25:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/\"},\"wordCount\":1313,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/02\/Fotolia_69917715_Subscription_Monthly_XXL-businessman-choosing-worker-from-group-of-businesspeople\u00a9-Doode.jpg\",\"keywords\":[\"facteur humain\",\"Risk management\"],\"articleSection\":[\"Cyberrisk Management &amp; Strategy\",\"Cybersecurity &amp; Digital Trust\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/\",\"name\":\"Cybers\u00e9curit\u00e9 : Quelle place pour l'humain et quelle organisation ? - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/02\/Fotolia_69917715_Subscription_Monthly_XXL-businessman-choosing-worker-from-group-of-businesspeople\u00a9-Doode.jpg\",\"datePublished\":\"2016-02-12T10:30:57+00:00\",\"dateModified\":\"2019-12-31T09:25:06+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/02\/Fotolia_69917715_Subscription_Monthly_XXL-businessman-choosing-worker-from-group-of-businesspeople\u00a9-Doode.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/02\/Fotolia_69917715_Subscription_Monthly_XXL-businessman-choosing-worker-from-group-of-businesspeople\u00a9-Doode.jpg\",\"width\":4472,\"height\":3354},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybers\u00e9curit\u00e9 : Quelle place pour l&rsquo;humain et quelle organisation ?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/24f8fbbe34c12541f55d9a811191b238\",\"name\":\"laurent dubau\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/laurent-dubau\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cybers\u00e9curit\u00e9 : Quelle place pour l'humain et quelle organisation ? - RiskInsight","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/","og_locale":"en_US","og_type":"article","og_title":"Cybers\u00e9curit\u00e9 : Quelle place pour l'humain et quelle organisation ? - RiskInsight","og_description":"En cybers\u00e9curit\u00e9 on entend souvent dire que \u00ab\u00a0la principale vuln\u00e9rabilit\u00e9 se situe entre le si\u00e8ge et le clavier\u00a0\u00bb. En effet, les attaquants exploitent souvent les erreurs commises par les individus et \u00e9galement les vuln\u00e9rabilit\u00e9s des organisations. En outre, pour que...","og_url":"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/","og_site_name":"RiskInsight","article_published_time":"2016-02-12T10:30:57+00:00","article_modified_time":"2019-12-31T09:25:06+00:00","og_image":[{"width":4472,"height":3354,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/02\/Fotolia_69917715_Subscription_Monthly_XXL-businessman-choosing-worker-from-group-of-businesspeople\u00a9-Doode.jpg","type":"image\/jpeg"}],"author":"laurent dubau","twitter_misc":{"Written by":"laurent dubau","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/"},"author":{"name":"laurent dubau","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/24f8fbbe34c12541f55d9a811191b238"},"headline":"Cybers\u00e9curit\u00e9 : Quelle place pour l&#8217;humain et quelle organisation ?","datePublished":"2016-02-12T10:30:57+00:00","dateModified":"2019-12-31T09:25:06+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/"},"wordCount":1313,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/02\/Fotolia_69917715_Subscription_Monthly_XXL-businessman-choosing-worker-from-group-of-businesspeople\u00a9-Doode.jpg","keywords":["facteur humain","Risk management"],"articleSection":["Cyberrisk Management &amp; Strategy","Cybersecurity &amp; Digital Trust"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/","url":"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/","name":"Cybers\u00e9curit\u00e9 : Quelle place pour l'humain et quelle organisation ? - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/02\/Fotolia_69917715_Subscription_Monthly_XXL-businessman-choosing-worker-from-group-of-businesspeople\u00a9-Doode.jpg","datePublished":"2016-02-12T10:30:57+00:00","dateModified":"2019-12-31T09:25:06+00:00","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/02\/Fotolia_69917715_Subscription_Monthly_XXL-businessman-choosing-worker-from-group-of-businesspeople\u00a9-Doode.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/02\/Fotolia_69917715_Subscription_Monthly_XXL-businessman-choosing-worker-from-group-of-businesspeople\u00a9-Doode.jpg","width":4472,"height":3354},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/02\/cybersecurite-quelle-place-pour-lhumain-et-quelle-organisation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Cybers\u00e9curit\u00e9 : Quelle place pour l&rsquo;humain et quelle organisation ?"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/24f8fbbe34c12541f55d9a811191b238","name":"laurent dubau","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/laurent-dubau\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/8786","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/1028"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=8786"}],"version-history":[{"count":8,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/8786\/revisions"}],"predecessor-version":[{"id":8883,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/8786\/revisions\/8883"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/8792"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=8786"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=8786"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=8786"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=8786"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}