Organizations are increasingly dependent on their information systems (ISs) which contain and create value. Indeed, the collection and use of customer data, stored in databases, makes it possible to improve marketing feedback [MAR 17]. The objective of having a secure and reliable IS leads organizations to implement formalized security rules in the form of an information security policy (ISP). This policy defines security requirements for all resources (hardware, software, personal information data, procedures, processes, etc.) both internally and externally. The advent of the Internet has contributed to the blurring of IS boundaries, and it is becoming part of an increasingly connected and open world. This evolution of the IS (cloud, social networks, etc.) is rooted in the very notion of a system: “Logically, the system can only be understood by including in it the environment, which is both intimate and foreign to it and part of itself while being external to it” [MOR 05, p.32]. Current themes, such as the use of cryptocurrencies or blockchain (e.g. in customer loyalty programs [KOW 17]), further increase the need for security. It should be noted that the cost of cybercrime is estimated at $400 billion [MCA 14]. This cost is in addition to image damage that can result from a “misuse” of data, as in the case of the Cambridge Analytica scandal presented in Chapter 13. Indeed, customers have a very negative ...