Where we learn that the Georgia WhatsApp Number List have changed little for 15 years (ISO 2700x, EBIOS, MEHARI,…). They are well known and consistent. Where the shoe pinches is in their application. Whether at the global level of the Information Security Management System (ISMS) or the securing of an information asset (a business application for example), the basis of all security methods is a risk analysis . We therefore find the difficulties inherent in risk management, whether in the context of project management, or AMDEC.of a product or an industrial process.

The only way to do a relevant risk analysis is to do it collaboratively with knowledgeable people (and in particular operational in the field) possibly with a touch of expertise (in small doses), and possibly with the support of a base. data capitalizing on similar risks or risk factors. In-depth work on business activities (procedures and issues) is necessary to properly conduct this analysis. tiple sleight of hand sometimes used by (bad) digital security players to confuse the issue: take refuge behind the argument of non-disclosure of security vulnerabilities so as not to have to explain yourself. In a way, this is a “Security” version of the authority argument,

Cybersecurity: the method for the method

forbid everything, not authorize anything … to escape all responsibility -> “it’s not my fault if Manu did that, I had formally forbidden him”. When we forbid everything it means we forbid nothing, on the basis of relevant premises and analyzes draw conclusions unrelated to the subject or unrelated to a risk analysis (which has generally not been done or which has simply been used to prop up a cupboard in an office). Cybersecurity: too much security kills Where we learn that like tax performance where too much tax kills tax, too much security kills security: Because users no longer respect security systems


Where we learn that many actors or security managers are convinced that public clouds (including GAMs – Google, Amazon, Microsoft) are the devil, the great American Satan and that it is much more secure to have its own IS infrastructure. The reality is quite different, and it is very relevant for some of its assets and data to use public clouds. They offer, unfortunately for our French and European pride, excellent levels of security for dealing with the activities of a very large number of companies or administrations. Of course, we should not underestimate sovereignty risks and place strategic or confidential assets there.

Cybersecurity: the umbrella

And this does not prevent sponsoring and working for the emergence of aEuropean sovereign cloud . We also wanted to take into account the increase in consumption of online commerce . Indeed, it is very easy to place an Amazon order in a few clicks, which encourages us to use e-commerce as soon as we need a good, while moving in a store requires more time and organization. . In addition, Amazon offers an impressive amount of items, many of which would not be found in a convenience store, due to lack of space. This diversity therefore benefits e-commerce and promotes an increase in online purchases.

Usually, when comparing two situations, one chooses the same hypotheses according to the principle “all other things being equal”. Here, that would mean comparing the carbon impact of an Amazon order and a purchase in a store. However, to take the rebound effect into account, we chose to compare a scenario where a consumer went 40 times in a store and a scenario where a consumer made 100 orders on Amazon, which could correspond to the annual consumption of one of our consultants. In this scenario, the rebound factor is 100/40 = 2.5. We will show the effect of this rebound factor further down in the article.

Leave a Reply

Your email address will not be published.