Overview
Français
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHORS
-
Nicolas DUFOUR: Doctorate in Management Sciences, - Associate University Professor, CNAM LIRSA, - Insurance risk manager, ANTONY France
-
Matthieu BARRIER: Cyber security expert, MB CONSEIL, Paris France
INTRODUCTION
H ow are cyber-risks saturating the news?
The notion of cyber risk can be defined as the set of threats that exploit computer and Internet space to take advantage of organizations' vulnerabilities to break into their systems and thus recover their financial or intangible assets (sensitive and personal data, for example). Cyber risk often has high-profile consequences for the companies affected, in terms of financial, reputational and regulatory impact, and even business interruption. Numerous corporate cases illustrate this (Yahoo, Uber, Sony PlayStation Network, EasyJet, British Airways, MMA). No company, and no sector, can consider itself immune to these risks, which are often regarded as external and sudden. The purpose of this article is to look at the players involved in this area, the impact of these risks, and the associated risk management measures.
Cyber-risk can be defined as all the risks associated with threats of external intrusion or internal vulnerabilities and malicious acts using Internet data transmission channels and associated peripherals and technologies (shared data storage space, company messaging systems, Wi-Fi spotlights). The aim of these intrusions is most often to steal information, critical data for business continuity, but also sensitive data for customers and employees (banking data, personal data, health data), enabling the extortion of sums of money.
Since the early 2010s, every company has been at risk of a cyber-attack, but when it happens, how do you react? Answering this question requires a clear understanding of the reputational, business continuity, financial and operating loss issues associated with this risk. In order to address this risk, this article will successively detail the identification of cyberthreats, the detection and analysis of this risk, and then look at the players involved and the different types of means of control.
Articles
The Ultimate Scientific and Technical Reference
This article is included in
Safety and risk management
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Cyber risk management
Identifying cyber threats
Bibliography
Bibliography
Websites
Hack this site http://www.hackthissite.org
Newbie Contest http://www.newbiecontest.org
ANSSI (French National Agency for Information Systems Security) https://www.ssi.gouv.fr/
...Standards and norms
- Information Technology – Safety technology – Information security management systems – Requirements - ISO/IEC 27001:2013 - 2013
- Information Technology – Safety technology – Code of practice for information security management - ISO/IEC 27002:2013 - 2013
Regulations
Law no. 2013-1168 of December 18, 2013 on military programming for the years 2014 to 2019 and on various provisions concerning defense and national security
Regulation No. 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection...
The Ultimate Scientific and Technical Reference
