Название: Cybersecurity and Decision Makers
Автор: Marie De Fréminville
Издательство: John Wiley & Sons Limited
Жанр: Зарубежная компьютерная литература
isbn: 9781119720379
isbn:
Directors and executives are now at the heart of cybersecurity issues. This is my conviction; this is my experience gained by launching one of the first cybersecurity companies in 2005 and by meeting many executives. This is my conviction as the director of a defense company that is particularly exposed to these risks, as well as active in the development of new protection strategies.
Let us make this expertise a driving force for differentiating our companies and France as a safe place to do business. This is where this book written by Marie de Fréminville takes on its full importance.
It brings together five years of work and exchanges between experts and leaders, between the State and industrial actors who forge our conviction that the issue of cybersecurity can no longer remain confined to the circles of geeks, but that it has become a real issue of economic resilience.
The issue is obviously much broader, and corporate governance must address it in all its dimensions: economic resilience, vulnerability of extended business strategies, customer protection, human issues, infrastructure development, insurance policy, crisis management, etc.
The general management and its board of directors must not only be aware of this, but must also each act according to its own responsibility, in order to set up the necessary organizations, risk governance, as well as the company’s protection systems. It is this “call to consciences” that must resonate with the reader, who must then find appropriate solutions: this book will provide you with possible solutions and will enlighten you on the risks to be taken into account to inform your decisions.
As they say in the shift changeover: now it’s up to you to take care of it…
Hervé GUILLOU
President and Chief Executive Officer
Naval Group
Preface
The organization of round tables with HEC Gouvernance and workshops with the Swiss Women Directors’ Circle (Cercle Suisse des Administratrices) was the starting point of this book for decision makers: managers and directors of companies, public organizations, foundations or associations.
The protection of the company’s strategic data and information systems is the responsibility of the directors and executives, as well as the company’s decision makers, within the operational and functional departments, inside and outside the company.
The comments of the various speakers at these round tables have been included in this book.
In October 2016, “Understanding and preventing cyber-risks: a priority”:
– Hervé Guillou, President and Chief Executive Officer of Naval Group;
– Alain Juillet, Director of Intelligence at the DGSE, Senior Manager for Economic Intelligence at the SGDSN and President of the CDSE (Club des directeurs de sécurité et de sûreté des entreprises);
– Guillaume Poupard, Director General of ANSSI (Agence nationale de la sécurité des systèmes d’information);
– Alain Bouillé, President of CESIN (Club des experts de la sécurité de l’information et du numérique);
– Alexandre Montay, Secretary General of METI (Mouvement des entreprises de taille intermédiaire).
In June 2017, “Cyber-risk: a subject to govern”:
– Yves Bigot, General Manager of TV5 Monde;
– Brigitte Bouquot, President of AMRAE (Association pour le management des risques et des assurances de l’entreprise);
– Frédérick Douzet, Professor of Universities at the IFG (French Institute of Geopolitics) of the University of Paris 8 and Castex Chair in Cyberstrategy;
– Solange Ghernaouti, Professor of Information Security at UNIL (université de Lausanne) and Director of the Swiss Cyber Security Advisory and Research Group;
– Philippe Gaillard, Director of Technical and Cyber-risks at Axa France;
– Alain Robic, Partner Enterprise Risks and Services at Deloitte – Information Systems Security.
In December 2018, “Cybercrime and personal data protection: what good practices for the board of directors and managers?”:
– Isabelle Falque-Pierrotin, President of the CNIL (Commission nationale de l’informatique et des libertés) since 2011, elected in 2017 in Hong Kong, President of the World Conference of Data Protection and Privacy Commissioners;
– Philippe Castagnac, President of the Management Board of Mazars, an international, integrated and independent organization specializing in audit, advice and accounting, tax and legal services;
– Annick Rimlinger, Executive Director of the CDSE (Club des directeurs de sécurité et sûreté des entreprises), founding member of Cercle K2 and member of the board of directors of Hack Academy;
– Éliane Rouyer, independent director, President of the Audit Committee and member of the Compensation Committee of Legrand, independent director of Vigéo Eiris.
I would like to thank all these speakers for their contributions and support, as well as Marc Triboulet (my teammate from HEC Gouvernance, with whom this round table cycle was initiated).
The training I developed within the Airbus group for directors and managers of subsidiaries, the work carried out for these conferences, as well as the exchanges during these round tables, have been supplemented by research work carried out over the past five years, participation in working groups (Switzerland’s cybersecurity strategy, for example), support for several start-ups in the field of cybersecurity, the implementation of training, speeches given at the university of HEC Paris and Swiss management universities and at companies or service providers, the implementation of risk mapping, the definition and deployment of measures to improve compliance with the GDPR (General Data Protection Regulation), not to mention the implementation of cyber programs through companies, associations, foundations and public bodies.
Marie DE FRÉMINVILLE
December 2019
Introduction: Financial and Cyber Performance
Why not assess the cyber performance of companies in the same way as their financial and non-financial performance (governance and CSR – corporate social responsibility)?
Why not certify the cyber performance of companies in the same way as their financial performance via auditors, whose intervention is mandatory for companies of a certain size?
Despite some progress, the vast majority of shareholders, and therefore the board of directors and management, are primarily interested in the company’s financial performance.
However, the digital age is introducing upheavals in the company and in its ecosystem. Indeed, the “all-digital” concerns all stakeholders, administration, public services СКАЧАТЬ