{"id":9931,"date":"2017-08-23T17:09:08","date_gmt":"2017-08-23T16:09:08","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=9931\/"},"modified":"2020-01-02T11:10:25","modified_gmt":"2020-01-02T10:10:25","slug":"nis-comment-sy-preparer","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/","title":{"rendered":"Directive NIS : quels enjeux et comment s\u2019y pr\u00e9parer ?"},"content":{"rendered":"<p><em>Le 6 juillet 2016 entrait en vigueur la <strong>directive NIS<\/strong> (Network and Information Security). Alors que l\u2019on arrive \u00e0 <strong>moins d\u2019un an de la date limite pour la transposition<\/strong> de la directive (9 mai 2018), elle fait de plus en plus parler d\u2019elle. Mais quelles obligations cette directive introduit-elle\u00a0?<\/em><\/p>\n<h2>La directive NIS : un texte majeur<\/h2>\n<p>Au niveau national, la directive requiert notamment l\u2019\u00e9tablissement d\u2019une strat\u00e9gie cybers\u00e9curit\u00e9 et la mise en place d\u2019un CSIRT ainsi que d\u2019une autorit\u00e9 en charge de ces sujets. Pour les entreprises, elle introduit deux volets d\u2019obligation pour deux types d\u2019acteurs\u00a0:<\/p>\n<ul>\n<li>Les <strong>Op\u00e9rateurs de Services Essentiels<\/strong> doivent mettre en \u0153uvre des <strong>mesures techniques et organisationnelles<\/strong> pour g\u00e9rer les risques mena\u00e7ant la s\u00e9curit\u00e9 des r\u00e9seaux et et des syst\u00e8mes d\u2019information<\/li>\n<li>Les<strong> Fournisseurs de Services Num\u00e9riques<\/strong> sont tenus de notifier les incidents de s\u00e9curit\u00e9 \u00e0 l\u2019autorit\u00e9 comp\u00e9tente<\/li>\n<\/ul>\n<figure id=\"post-9945 media-9945\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-9945 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/08\/image-NIS.png\" alt=\"\" width=\"1067\" height=\"312\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/08\/image-NIS.png 1067w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/08\/image-NIS-437x128.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/08\/image-NIS-768x225.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/08\/image-NIS-71x21.png 71w\" sizes=\"auto, (max-width: 1067px) 100vw, 1067px\" \/><\/figure>\n<figure id=\"post-9932 media-9932\" class=\"align-none\"><\/figure>\n<figure id=\"post-9934 media-9934\" class=\"align-none\"><\/figure>\n<h2>La n\u00e9cessit\u00e9 d&#8217;orientations fortes et communes<\/h2>\n<p>La directive NIS est le <strong>pendant s\u00e9curit\u00e9 de la <a href=\"https:\/\/ec.europa.eu\/commission\/priorities\/digital-single-market_fr\">strat\u00e9gie europ\u00e9enne du March\u00e9 Unique Num\u00e9rique,<\/a><\/strong> lanc\u00e9e en 2015, qui vise \u00e0 faire du num\u00e9rique un moteur de la croissance\u00a0: la confiance des entreprises et des consommateurs est indispensable pour ce projet, car sans confiance, pas de croissance\u00a0!<\/p>\n<p>Les pays europ\u00e9ens sont de plus en plus d\u00e9pendants du num\u00e9rique et des syst\u00e8mes d\u2019information, et leurs r\u00e9seaux sont de plus en plus reli\u00e9s. Et <strong>cette interconnectivit\u00e9 fait leur force comme leur faiblesse<\/strong>, puisque le niveau de s\u00e9curit\u00e9 d\u2019un syst\u00e8me d\u2019information est \u00e9quivalent \u00e0 celui de son point le plus faible.<\/p>\n<p>Or, on observe une tr\u00e8s forte h\u00e9t\u00e9rog\u00e9n\u00e9it\u00e9 entre les Etats Membres au regard de ces enjeux, \u00e9tant donn\u00e9 que la prise en charge de la cybers\u00e9curit\u00e9 se faisait jusqu\u2019ici au niveau national.<\/p>\n<p>C\u2019est \u00e0 ce <strong>risque syst\u00e9mique<\/strong> que l\u2019Europe cherche \u00e0 rem\u00e9dier avec la directive NIS. Il s\u2019agit de la premi\u00e8re l\u00e9gislation europ\u00e9enne r\u00e9gissant les pratiques cybers\u00e9curit\u00e9 de fa\u00e7on cross-sectorielle.<\/p>\n<p>Elle se d\u00e9marque des textes sp\u00e9cifiques \u00e0 une probl\u00e9matique particuli\u00e8re, tels que le GDPR. Souvent associ\u00e9 \u00e0 la directive NIS, il n\u2019a pourtant pas les m\u00eames objectifs puisqu\u2019il se concentre sur le seul p\u00e9rim\u00e8tre de la protection des donn\u00e9es personnelles tandis que la directive vise \u00e0 assurer un certain niveau de cybers\u00e9curit\u00e9 via la d\u00e9finition de standards de s\u00e9curit\u00e9 et la notification des incidents (qu\u2019ils touchent \u00e0 des donn\u00e9es personnelles ou non). Reste qu\u2019une cyber-attaque mettra souvent en jeu les deux domaines, et qu\u2019il fait donc sens de ne pas consid\u00e9rer ces deux textes s\u00e9par\u00e9ment lors de la mise en conformit\u00e9.<\/p>\n<figure id=\"post-9945 media-9945\" class=\"align-none\"><\/figure>\n<h2>Un processus de transposition d\u00e9j\u00e0 engag\u00e9<\/h2>\n<p>Le texte \u00e9tant une directive et non un r\u00e8glement, il est n\u00e9cessaire que chaque Etat Membre transpose ces orientations dans son cadre l\u00e9gislatif national.<\/p>\n<p>De nombreux pays ont d\u00e9j\u00e0 annonc\u00e9 des premi\u00e8res mesures s\u2019inscrivant dans le cadre de la directive\u00a0:<\/p>\n<ul>\n<li>Le <strong>Royaume-Uni<\/strong> a confirm\u00e9 son intention de transposer le texte malgr\u00e9 le Brexit\u00a0; le montant des p\u00e9nalit\u00e9s pr\u00e9vues dans le texte vient d\u2019\u00eatre communiqu\u00e9 et <a href=\"https:\/\/www.gov.uk\/government\/news\/new-fines-for-essential-service-operators-with-poor-cyber-security\">celles-ci sont particuli\u00e8rement importantes<\/a><\/li>\n<li>La <strong>Pologne<\/strong> a annonc\u00e9 l\u2019ouverture d\u2019un nouveau centre national d\u00e9di\u00e9 \u00e0 la cybers\u00e9curit\u00e9 (NC Cyber)\u00a0;<\/li>\n<li>La <strong>Belgique<\/strong> a pr\u00e9sent\u00e9 six mesures phares pour renforcer la cybers\u00e9curit\u00e9, \u00e0 la suite de WannaCry, cyberattaque mondiale qui a paralys\u00e9 de nombreuses entreprises le mois dernier\u00a0;<\/li>\n<li>La <strong>R\u00e9publique Tch\u00e8que<\/strong> a amend\u00e9 sa loi cybers\u00e9curit\u00e9 pour prendre un compte plus de secteurs critiques et se conformer aux exigences de la directive\u00a0;<\/li>\n<li>L\u2019<strong>Italie<\/strong> a r\u00e9vis\u00e9 son Plan National pour la Cyber Protection et la S\u00e9curit\u00e9 Digital, en accord avec les orientations donn\u00e9es par la directive\u00a0;<\/li>\n<li>La <strong>Croatie<\/strong> a mis en place un groupe de travail pour pr\u00e9ciser les modalit\u00e9s de transposition de la directive\u00a0;<\/li>\n<li>La <strong>Su\u00e8de<\/strong> a d\u2019ores et d\u00e9j\u00e0 fourni des d\u00e9tails sur la transposition, tels que l\u2019ordre de grandeur des p\u00e9nalit\u00e9s applicables, ou encore les entit\u00e9s responsables de la mise en \u0153uvre.<\/li>\n<\/ul>\n<p>Sur un certain nombre d\u2019aspects, le <strong>texte est tr\u00e8s peu directif<\/strong> et fixe des objectifs sans imposer de moyens. Il est du ressort de <strong>chaque pays de travailler \u00e0 l\u2019interpr\u00e9tation<\/strong> et de d\u00e9finir des mesures plus concr\u00e8tes permettant l\u2019atteinte de ces objectifs.<\/p>\n<p>L\u2019enjeu est donc d\u2019<strong>att\u00e9nuer l\u2019h\u00e9t\u00e9rog\u00e9n\u00e9it\u00e9<\/strong> entre les pays europ\u00e9ens et de parvenir \u00e0 lisser le niveau de cybers\u00e9curit\u00e9 en limitant les \u00e9carts trop importants, afin de r\u00e9duire la complexit\u00e9 de mise en conformit\u00e9 pour les acteurs pr\u00e9sents dans plusieurs pays.<\/p>\n<p>Pour ce faire, une collaboration structur\u00e9e s\u2019organise \u00e0 l\u2019\u00e9chelle de l\u2019UE\u00a0:<\/p>\n<ul>\n<li>Une <strong>r\u00e9vision du mandat de l\u2019ENISA<\/strong>, l\u2019agence europ\u00e9enne en charge de la s\u00e9curit\u00e9 des r\u00e9seaux et de l\u2019information, est \u00e0 l\u2019\u00e9tude, avec entre autres l\u2019objectif de lui donner la latitude n\u00e9cessaire \u00e0 l\u2019accomplissement des missions relatives \u00e0 la directive\u00a0;<\/li>\n<li>Un <strong>Groupe de Coop\u00e9ration<\/strong>, compos\u00e9 de repr\u00e9sentants nationaux ainsi que de l\u2019ENISA et la Commission Europ\u00e9enne, donnera des orientations strat\u00e9giques\u00a0;<\/li>\n<li>Un <strong>r\u00e9seau de CSIRT<\/strong> s\u2019organise aussi, et sera en mesure d\u2019assurer la communication et l\u2019\u00e9change de bonnes pratiques, ainsi que d\u2019appuyer les Etats Membres pour les sujets relatifs \u00e0 la directive.<\/li>\n<\/ul>\n<h2>Comment se pr\u00e9parer \u00e0 l&#8217;arriv\u00e9e de la directive ?<\/h2>\n<p>Concr\u00e8tement, comment anticiper d\u00e8s maintenant ce nouveau texte et quel plan d\u2019actions d\u00e9ployer\u00a0? Cela d\u00e9pend en pratique du type de structure (OSE ou FSN).<\/p>\n<p>Concernant les <strong>fournisseurs de service num\u00e9riques (FSN)<\/strong>,\u00a0une approche harmonis\u00e9e est requise : les Etats Membres ne peuvent pas imposer d\u2019autres exigences li\u00e9es \u00e0 la s\u00e9curit\u00e9 ou aux notifications, et en ce sens, la directive se rapproche d\u2019un r\u00e8glement pour ce type d\u2019acteur. Cette singularit\u00e9 par rapport aux OSE provient du caract\u00e8re transfrontalier de leurs activit\u00e9s et du fait que beaucoup sont des entreprises \u00e9trang\u00e8res non implant\u00e9es sur le territoire europ\u00e9en, qui devront d\u00e9signer un repr\u00e9sentant bas\u00e9 dans un Etat Membre pour \u00eatre l\u2019interlocuteur attitr\u00e9 concernant les questions li\u00e9es \u00e0 NIS (Article 18 de la directive). Il est donc essentiel que chaque pays impose les m\u00eames obligations, dans l\u2019objectif d\u2019\u00e9viter que le choix du pays d\u2019implantation ne soit orient\u00e9 par ce crit\u00e8re.<\/p>\n<p>Les obligations pour les FSN sont d\u2019ailleurs un peu moins contraignantes\u00a0: par exemple, ils ne sont dans l\u2019obligation de notifier un incident que s\u2019ils ont acc\u00e8s aux informations n\u00e9cessaires pour \u00e9valuer son impact au regard des crit\u00e8res d\u00e9finis dans la directive (Article 16).<\/p>\n<p><strong>D\u2019ici le 9 ao\u00fbt prochain, la Commission Europ\u00e9enne publiera les actes d\u2019ex\u00e9cution<\/strong> et il sera alors possible de commencer le processus de mise en conformit\u00e9.<\/p>\n<p>Pour les Op\u00e9rateurs de Services Essentiels (OSE), en France, il y a deux principaux cas de figure.<\/p>\n<p>D\u2019abord, les <strong>op\u00e9rateurs d\u00e9j\u00e0 identifi\u00e9s comme OIV<\/strong>, op\u00e9rateurs d\u2019importance vitale, dans le cadre de la Loi de programmation militaire fran\u00e7aise (LPM). Pour eux, l\u2019enjeu de mise en conformit\u00e9 est moins significatif, puisque la LPM introduit d\u00e9j\u00e0 de nombreuses obligations\u00a0; la directive n\u2019en introduira probablement pas de plus exigeantes. Quelques \u00e9l\u00e9ments tels que le reporting pourraient \u00eatre \u00e0 adapter, mais il n\u2019y a <strong>pas de changement majeur \u00e0 pr\u00e9voir<\/strong>.<\/p>\n<p>Toutefois le p\u00e9rim\u00e8tre de la directive est susceptible d\u2019\u00eatre plus large que celui de la LPM, et certains <strong>op\u00e9rateurs des secteurs critiques d\u00e9finis par chaque Etat<\/strong> devront alors commencer leur mise en conformit\u00e9. Les Etats Membres ont jusqu\u2019\u00e0 novembre 2018 pour d\u00e9signer les OSE\u00e0 partir des crit\u00e8res d\u00e9finis dans le texte. La liste des op\u00e9rateurs d\u00e9sign\u00e9s sera ensuite pass\u00e9e en revue par la Commission Europ\u00e9enne en mai 2019.<\/p>\n<p>Les structures concern\u00e9es devront ensuite mettre en place une <strong>veille juridique<\/strong> pour suivre l\u2019\u00e9volution du processus de transposition, puisque pour les OSE, les Etats Membres sont en droit d\u2019imposer des mesures allant au-del\u00e0 du socle commun d\u00e9fini par la directive.<\/p>\n<p>&nbsp;<\/p>\n<p><em>Beaucoup de chantiers restent maintenant \u00e0 mener par les Etats Membres\u00a0: sp\u00e9cification des mesures de s\u00e9curit\u00e9 \u00e0 mettre en place, d\u00e9finition des proc\u00e9dures de notification, sanctions applicables, sans oublier la d\u00e9signation des secteurs critiques et des OES par chaque pays. <\/em><\/p>\n<p><em>On assiste ainsi \u00e0 un <strong>v\u00e9ritable renouveau du paysage l\u00e9gislatif de la cybers\u00e9curit\u00e9 en Europe <\/strong>visant avant tout \u00e0 homog\u00e9n\u00e9iser le niveau de s\u00e9curit\u00e9 des SI entre \u00e9tats membres, dont il sera int\u00e9ressant de suivre l\u2019\u00e9volution.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Le 6 juillet 2016 entrait en vigueur la directive NIS (Network and Information Security). Alors que l\u2019on arrive \u00e0 moins d\u2019un an de la date limite pour la transposition de la directive (9 mai 2018), elle fait de plus en&#8230;<\/p>\n","protected":false},"author":1288,"featured_media":9948,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[36,3226],"tags":[414,2598,2850,310,3326],"coauthors":[2853,2854],"class_list":["post-9931","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-digital-compliance","tag-legislation","tag-nis","tag-ose","tag-risque","tag-sectoral-regulations"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Directive NIS : quels enjeux et comment s\u2019y pr\u00e9parer ? - RiskInsight<\/title>\n<meta name=\"description\" content=\"Le 6 juillet 2016 entrait en vigueur la directive NIS. Comme nous sommes \u00e0 moins d&#039;un an de sa transposition, examinons les obligations introduites\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Directive NIS : quels enjeux et comment s\u2019y pr\u00e9parer ? - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"Le 6 juillet 2016 entrait en vigueur la directive NIS. Comme nous sommes \u00e0 moins d&#039;un an de sa transposition, examinons les obligations introduites\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2017-08-23T16:09:08+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-01-02T10:10:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/08\/Fotolia_62375187_Subscription_Monthly_XXL.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"3873\" \/>\n\t<meta property=\"og:image:height\" content=\"3873\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"C8ndiceDubois\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"C8ndiceDubois\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/\"},\"author\":{\"name\":\"C8ndiceDubois\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/a74b91d4f4a9a9b10e93b3d4b9d0f7a0\"},\"headline\":\"Directive NIS : quels enjeux et comment s\u2019y pr\u00e9parer ?\",\"datePublished\":\"2017-08-23T16:09:08+00:00\",\"dateModified\":\"2020-01-02T10:10:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/\"},\"wordCount\":1506,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/08\/Fotolia_62375187_Subscription_Monthly_XXL.jpg\",\"keywords\":[\"l\u00e9gislation\",\"NIS\",\"OSE\",\"Risque\",\"sectoral regulations\"],\"articleSection\":[\"Cybersecurity &amp; Digital Trust\",\"Digital Compliance\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/\",\"name\":\"Directive NIS : quels enjeux et comment s\u2019y pr\u00e9parer ? - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/08\/Fotolia_62375187_Subscription_Monthly_XXL.jpg\",\"datePublished\":\"2017-08-23T16:09:08+00:00\",\"dateModified\":\"2020-01-02T10:10:25+00:00\",\"description\":\"Le 6 juillet 2016 entrait en vigueur la directive NIS. Comme nous sommes \u00e0 moins d'un an de sa transposition, examinons les obligations introduites\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/08\/Fotolia_62375187_Subscription_Monthly_XXL.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/08\/Fotolia_62375187_Subscription_Monthly_XXL.jpg\",\"width\":3873,\"height\":3873},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Directive NIS : quels enjeux et comment s\u2019y pr\u00e9parer ?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/a74b91d4f4a9a9b10e93b3d4b9d0f7a0\",\"name\":\"C8ndiceDubois\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/c8ndicedubois\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Directive NIS : quels enjeux et comment s\u2019y pr\u00e9parer ? - RiskInsight","description":"Le 6 juillet 2016 entrait en vigueur la directive NIS. Comme nous sommes \u00e0 moins d'un an de sa transposition, examinons les obligations introduites","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/","og_locale":"en_US","og_type":"article","og_title":"Directive NIS : quels enjeux et comment s\u2019y pr\u00e9parer ? - RiskInsight","og_description":"Le 6 juillet 2016 entrait en vigueur la directive NIS. Comme nous sommes \u00e0 moins d'un an de sa transposition, examinons les obligations introduites","og_url":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/","og_site_name":"RiskInsight","article_published_time":"2017-08-23T16:09:08+00:00","article_modified_time":"2020-01-02T10:10:25+00:00","og_image":[{"width":3873,"height":3873,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/08\/Fotolia_62375187_Subscription_Monthly_XXL.jpg","type":"image\/jpeg"}],"author":"C8ndiceDubois","twitter_misc":{"Written by":"C8ndiceDubois","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/"},"author":{"name":"C8ndiceDubois","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/a74b91d4f4a9a9b10e93b3d4b9d0f7a0"},"headline":"Directive NIS : quels enjeux et comment s\u2019y pr\u00e9parer ?","datePublished":"2017-08-23T16:09:08+00:00","dateModified":"2020-01-02T10:10:25+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/"},"wordCount":1506,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/08\/Fotolia_62375187_Subscription_Monthly_XXL.jpg","keywords":["l\u00e9gislation","NIS","OSE","Risque","sectoral regulations"],"articleSection":["Cybersecurity &amp; Digital Trust","Digital Compliance"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/","url":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/","name":"Directive NIS : quels enjeux et comment s\u2019y pr\u00e9parer ? - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/08\/Fotolia_62375187_Subscription_Monthly_XXL.jpg","datePublished":"2017-08-23T16:09:08+00:00","dateModified":"2020-01-02T10:10:25+00:00","description":"Le 6 juillet 2016 entrait en vigueur la directive NIS. Comme nous sommes \u00e0 moins d'un an de sa transposition, examinons les obligations introduites","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/08\/Fotolia_62375187_Subscription_Monthly_XXL.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/08\/Fotolia_62375187_Subscription_Monthly_XXL.jpg","width":3873,"height":3873},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/08\/nis-comment-sy-preparer\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Directive NIS : quels enjeux et comment s\u2019y pr\u00e9parer ?"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/a74b91d4f4a9a9b10e93b3d4b9d0f7a0","name":"C8ndiceDubois","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/c8ndicedubois\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/9931","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/1288"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=9931"}],"version-history":[{"count":8,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/9931\/revisions"}],"predecessor-version":[{"id":9947,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/9931\/revisions\/9947"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/9948"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=9931"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=9931"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=9931"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=9931"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}