Titre : A study on the bridge between information system security and environmental responsibility: the case of optimising vulnerability management in a cloud-based organisation 

Auteurs : Yann Goetgheluck
, Pierre-Emmanuel Arduin
, Myriam Merad,  

Revue : Open Journal in Information Systems Engineering 

Numéro : Special Issue INFORSID 2025 

Volume : 6 

Date : 2026/04/22 

DOI : 10.21494/ISTE.OP.2026.1449 

ISSN : 2634-1468 

Résumé : This paper examines information system (IS) security as a foundational pillar of organisational continuity and resilience. In response to growing environmental responsibility, it becomes essential to adopt a vulnerability management approach that goes beyond purely technical considerations. The study proposes integrating business context and sectorspecific
priorities into the vulnerability prioritisation process, with the aim of optimising resource allocation and reducing the energy footprint of security remediation. We suggest extending the Common Vulnerability Scoring System (CVSS) by incorporating organisational criteria and analysing vulnerability chaining. This approach is illustrated through practical case
studies (banking, healthcare, and websites hosting), demonstrating that contextual factors significantly influence remediation priorities and promote more sustainable cybersecurity practices. The objective is to reconcile security, sustainability, and cost, positioning vulnerability management as a strategic lever for responsible IS governance. 

Éditeur : ISTE OpenScience