ABSTRACT
Every organization has an information system (IS) to support its activities, business, and exchanges with the outside world, whatever its size, purpose, means, or sector of activity. The IS is at the heart of any organization. It is the organization’s nervous system; indeed it reflects its image. The organization’s performance depends on the efficiency of its IS; in other words, the organization cannot function without IS. The services they provide are just as indispensable as the supply of water or electricity. Communication, which occupies a prominent place in our contemporary societies searching for ever-increasing productivity, requires the mastery of economic, social, and cultural information. The global explosion of the Internet has considerably changed the situation and given IS an inescapable dimension to the development of the global economy and society (Ali et al., 2015). All this makes IS governance, security, and agility a nationwide issue (Sahid et al., 2020). Thus, any organization must understand and be aware of the need to ensure the security of its IS by analyzing and managing the risks that weigh on its IT assets to ensure the continuity of operation of its services to ensure sustainability over time. The environment related to IT and communication is the target of many threats. The openness of networks and their increasing complexity involving actors with multiple profiles have increased the vulnerability of IS, which is manifested by the destruction, alteration, access, and disclosure of sensitive data to modify them or harm the proper functioning of IS or the reputation of organizations (Chatterjee et al., 2018). Organizations are subject to numerous attacks. The balance sheet has enough to worry executives and IT managers (Benaroch & Chernobai, 2017), in fact, according to a study by the consulting firm Price Waterhouse Coopers (PwC) published in October 2015 (PwC, n.d.), the number of computer attacks against companies has increased by 38% worldwide in 12 months.
