What is your background ?
I graduated from Ecole Centrale Paris. I started my career at IBM (37 years) as an IT architect and project manager. My main missions concerned outsourcing, management control, marketing and IT security. In 2010, I took on the role of Risk Manager at BP2I (a banking production joint venture between IBM and BNP Paribas) and I joined Trax in 2019 to carry out the localization of the mapping and management application. vRisk risks. Director of ISMS compliance projects with the ISO 27001 standard, of which I am a certified auditor, I am more generally a senior expert in cyber security risk management.
Why did you join Trax?
I met François Lorek, co-founder of Trax, in 2017 during a security audit he was conducting at BP2I and I quickly expressed my interest in the work of AFNOR and ISO. At Trax, I work with committed experts like myself on digital compliance topics. This opportunity allows me to transmit knowledge and discuss the topic of risk management and its challenges.
What are the objectives of a security auditor?
They consist in explaining the standard and ensuring compliance with compliance. To achieve this, he must understand the company, understand its challenges and know how to capture the particularities of the organization, during discussions with its protagonists. This is what I call “cross-fertilization”.
Why is compliance important?
Compliance is a level of requirements that contributes to reducing information system security risks from a technical point of view. Today it is becoming a commercial asset and a pledge of credibility which responds to market demand.
What is the risk of non-compliance?
Non-compliance is inseparable from risk. It exposes the company to intense risks and can hamper its relationship with its counterparties, ruining the trust they placed in it.
How to apprehend this threat?
The threat, difficult to control, requires that we protect ourselves by ensuring that all the measures to comply with security rules are taken and that the vulnerabilities can be treated, i.e. limited or neutralized. . Overall, the standard, once adopted and applied, meets safety objectives.
What is the interest of a company in applying the standard?
The growing number of companies choosing to comply with the standard announces the first convincing statistics: compliance protects companies within their certified perimeters. However, companies can accept a determined level of risk, but with full awareness of their exposure.
What is vRisk?
vRisk is a comprehensive risk mapping and management tool that makes it easy to share information. Adaptable and modular, it supports the user according to his maturity in risk management.
Why map the risk?
Mapping the risk gives the assurance of considering its entire perimeter. Also, the vRisk tool makes it possible to sensitize all the protagonists of the company to the reading and the apprehension of the risk, whatever their prerogatives and their hierarchical positions,
Can we integrate all the risks into the vRisk software?
Yes, if we manage to identify each risk by its two determination criteria (probability and consequence), the modularity of the vRisk application in theory makes it possible to integrate it and therefore to be able to deal with all the risks.