Les Assises de la Sécurité” rewards the Information Systems Security Managers
This month marks European Cybersecurity Month, as well as the eighteenth Assises de la Sécurité conference being held in Monaco for the eighteenth edition of the event.As part of a series of conference speeches covering the various aspects of information security, data protection and industrial-scale cybercrime, the event also featured the award of the second consecutive Grand Prizes in Information Security, which were broken down into four categories. Having been reviewed by a panel of demanding expert judges, initiatives to raise awareness among the public, both within the enterprise and beyond, were a particular focus of attention. Cutting-edge knowledge, creative approaches to implementation, and a sense of educational achievement were just some of the qualities that were shared by the entries and the nominees’ experiences.
An exceptional jury
With a similar goal in mind – sharing best practices to enable enterprises of all sizes to benefit from them – pane; members were drawn from CESIN, CLUSIF, CIGREF and ANSSI. This exceptional panel was presided over by Alain Bouillé, Corporate Information Security Manager for the Caisse des Dépôts Group and president of the CESIN, who advised that
“Prizes won’t necessarily go to the entrants with the biggest budgets. On the contrary: we are much more concerned about the security levels that are achieved than the budget that is assigned.”
Steps to increase engagement among company personnel and IT system users attracted votes this year, being favoured over new technologies and research into ways to secure the cloud.
So who were the 2018 award winners?
The Jury’s Special Prize went to Stéphane Tournade, director of Information Systems Security and Audit for Laboratoires Servier. “Employees are the first line of defence in the enterprise,” he explained as he presented his programme to raise awareness using short, fun training programmes. The aim is to ensure that people’s first instinct is to take the right approach to information security, rather than asking our staff to become experts.
It’s no coincidence that the Security Culture Prize was awarded to Viviane Maleterre, Information Security Director of the National Authority for Health (HAS)! In 2016, the aim was to bring together the ministry’s health department and the seven healthcare agencies to deliver a consolidated communications message to 15,000 agents. Once again, the user occupies pride of place and, to ensure that staff are on board, a film and a face-to-face card game were used to stimulate dialogue and improve project take-up across the board.
Other categories have been rewarded
Nevertheless, more technical discussions were not overlooked, as demonstrated by some of the other prize winners. As such, Dominique Alleron, Regional Security Manager for Axa Tech Europe, who was awarded the Prize for the most innovative approach while Fabien Lemarchand, IT Security Director at Cdiscount was awarded the Prize for the greatest promise. Both addressed the security of IT infrastructure and the quality of information that is fed back to decision-making centres, both in terms of penetration testing and information that is made available. In this context, Bug Bounties are now a hot topic of conversation, which reflects a desire to make the world of enterprise information security a little more open to the outside world. In fact, it may appear counterintuitive to make use of “external” experts to test information systems and reveal their vulnerabilities, especially in a world that tends to be quite closed and which keeps itself to itself.
Proving that attitudes change, and that information security is a complex subject, the 2018 Assises de la Sécurité 2018 set an example to live up to by awarding prizes to those who dare to innovate continuously.