
Educational Cryptology Workshops and Cybersecurity Questionnaire Critique in New Video Segment
The video features two main segments: the first introduces La boîte à crypto, an educational project by the French association ARCSI (Association des Réservistes du Chiffre et de la Sécurité de l’Information) aimed at teaching cryptology to young audiences through interactive workshops. These workshops include simple exercises like the 'mirror game' for decoding words, as well as more advanced tools such as the Alberti cipher disk and the Enigma machine, with historical and artistic contexts (e.g., Auguste Herbin’s coded paintings). The second segment focuses on cybersecurity questionnaires, critiquing their inefficiency—such as 200-question Excel files with macros—while emphasizing best practices like tailoring questionnaires to supplier criticality, using closed-ended questions, and requesting concrete evidence (e.g., ISO 27001 certifications or incident response policies). Étienne Retou, co-founder of Galink, highlights the limitations of universal questionnaires and the rise of 'trust hunters' (digital trust passports) but concludes that questionnaires remain useful if streamlined and paired with risk-based audits. The discussion also notes the distinction between ISO 27001 (global standard) and SOC 2 (U.S.-centric), with ARCSI’s working group aiming to publish practical guidelines for supplier risk management.