Cloud computing, social media, mobile technologies and Big Data challenge the security policy and reveal the organizations major weaknesses. Cloud computing accentuates the need to control the security of suppliers and put on the table third parties audit, such as the SOC2 certifications or ISO 27017 standards. Budgets therefore have to be revised upward on the audit / assurance / compliance part. Teams who carry out these controls have to be trained accordingly. Social media pose ethical issues, collection and use of the personal data. The CISO needs to work with the Marketing teams to take into account the complete chain of risk management. With mobile technology, end-user connection device should no more be considered trusted. To address these risks, the SBIC highlights the need for competent and well-trained security teams who understand business risk. Resistance to the security policy today comes more from the "middle management" than the Executives. Finally, the entire chain of application delivery must demonstrate its reliability and its ability to comply with the Organization's risk management policy.