TY - Type of reference TI - A study on the bridge between information system security and environmental responsibility: the case of optimising vulnerability management in a cloud-based organisation AU - Yann Goetgheluck AU - Pierre-Emmanuel Arduin AU - Myriam Merad AB - This paper examines information system (IS) security as a foundational pillar of organisational continuity and resilience. In response to growing environmental responsibility, it becomes essential to adopt a vulnerability management approach that goes beyond purely technical considerations. The study proposes integrating business context and sectorspecific priorities into the vulnerability prioritisation process, with the aim of optimising resource allocation and reducing the energy footprint of security remediation. We suggest extending the Common Vulnerability Scoring System (CVSS) by incorporating organisational criteria and analysing vulnerability chaining. This approach is illustrated through practical case studies (banking, healthcare, and websites hosting), demonstrating that contextual factors significantly influence remediation priorities and promote more sustainable cybersecurity practices. The objective is to reconcile security, sustainability, and cost, positioning vulnerability management as a strategic lever for responsible IS governance. DO - 10.21494/ISTE.OP.2026.1449 JF - Open Journal in Information Systems Engineering KW - Security, Environmental Responsibility, Vulnerability Management, CVSS, Vulnerability Chaining, Sécurité des systèmes d’information, Responsabilité environnementale, Gestion des vulnérabilités, CVSS, Chaînage des vulnérabilités, L1 - https://www.openscience.fr/IMG/pdf/iste_roisi26v6n2_3.pdf LA - en PB - ISTE OpenScience DA - 2026/04/22 SN - 2634-1468 TT - Étude sur les ponts entre la sécurité des systèmes d’information et la responsabilité environnementale : le cas de l’optimisation de la gestion des vulnérabilités dans une organisation Cloud UR - https://www.openscience.fr/A-study-on-the-bridge-between-information-system-security-and-environmental IS - Special Issue INFORSID 2025 VL - 6 ER -