5 Pillars of Security

About the 5 Pillars of Security Framework™

Mathieu Gorge, CEO of VigiTrust, developed the award-winning 5 Pillars of Security Framework™ in 2008 to help medium to large sized organisations understand the security risk environment and effectively organise their security risk management roles and protocols. A decade later the Framework remains just as relevant. The Framework accommodates escalating cybersecurity threats as organisations increasingly move towards cloud-based platforms. Its flexibility also makes it easy to apply to changes in regulation, such as the introduction of the GDPR in May 2018.

In recognition of this, VigiTrust was named Leading Integrated Risk Management Solution Provider of the Year, Republic of Ireland – 2020 for the 5 Pillars of Security Framework™ by Acquisition International.

The 5 Pillars of Security™ Brochure

Mathieu Gorge’s new book: The Cyber Elephant in the Boardroom is aimed at board members, C-Suite, and key decision-makers faced with cyber accountability challenges. The book is based on the award-winning 5 Pillars of Security Framework™: a simple, effective, industry agnostic, timeless methodology allowing enterprises and small businesses to map cybersecurity risks, implement a cybersecurity strategy, and demonstrate cyber accountability to regulators, governing bodies, and law enforcement agencies.

How can the 5 Pillars of Security Framework™ help you?

This page will tell you what you need to know about the 5 Pillars of Security Framework™, and provide resources to help you apply the framework to your organization’s Governance, Risk Management and Compliance.

Understand the 5 Pillars

1. Physical Security

Physical Security relates to everything that is tangible in your organization.

Access to Buildings
Physical Assets
IT Hardware
Vehicle Fleet

Responsibility for Physical Security lies with: Operations Manager, Security Staff.

2. People Security

Humans typically present the greatest threat to an organisation’s security, be it through human error or by malicious intent. People Security is about mitigating risk by monitoring and controlling the access and flow of people.

Permanent & Contract Staff
Partners
3rd Party Employees
Visitors
Special Events Security

Responsibility for People Security lies with: HR, Security Staff.

3. Data Security

Data can be both an asset and a liability. Whether it is the Intellectual Property (IP) of your organization, or the personal data of employees and customers, protected by privacy regulations such as the GDPR, it needs to be handled with care. Appropriate data protection policies and procedures must be implemented to manage data storage, processing and compliance.

Trade Secrets
Employee Data
Database
Customer Data

Responsibility for Data Security lies with: HR, IT Teams & Managers.

4. Infrastructure Security

Information Security refers to the intangible assets of your organization, where data is stored and controlled. These must be protected to prevent security breaches and leaks.

Networks
Remote Sites
Application Security
Website
Intranet

Responsibility for Infrastructure Security lies with: IT Team & Managers.

5. Crisis Management

Effective Crisis Management depends on an organization’s ability to be prepared for any eventuality. Policies and protocols must be continuously tested and revised to mitigate exposure.

Documentation & Work Procedures
Emergency Response Plans
Business Continuity Plans
Disaster Recovery Plans

Responsibility for Crisis Management lies with: Operation Manager, IT Team & HR.

Why was the 5 Pillars of Security Framework first developed?

The 5 Pillars of Security Framework gives you a simple roadmap for compliance. It was developed back in 2008 to demystify the very complex technical and legal landscape of global regulation. Take PCI, HIPAA or EU Data protection, for instance. Even the most security aware professionals needed a way to understand these environments in plain English. We identified 5 common denominators – which are the 5 pillars of security that are still relevant to you today.

How has the security landscape change since the 5 Pillars was first developed in 2008?

From a tech perspective, the attack surface has increased many times over since everything is now online – so new threats, new types of attacks, new assets to protect.
From a legal perspective, you’ve got a host of new regulations and standards such as Privacy in the US and the GDPR in Europe.
Rather than Governance, Risk Management, Compliance – GRC, the buzzword these days is Integrated Risk Management. But really, this emphasis on integration is precisely what the 5 Pillars was introduced to do way back in 2008.

What is the biggest security threat for your organization and how can the 5 Pillars help?

The biggest security threat for your organization is not knowing your security ecosystem. Where is your data, how does it flow? Who are the stakeholders and what regulations and standards are you subject to? The 5 Pillars Framework gives you a series of easy, non-technical questions to help understand and protect this ecosystem.

How does VigiTrust use the 5 Pillars Framework to support its customers?

Our customers have found the framework to be a successful solution, and we’re very proud of it here at VigiTrust. Indeed it underpins everything we offer, from consultation and eLearning through to VigiOne, our single platform Integrated Risk Management/IRM solution.

Is VigiOne for you?

If you’re an enterprise organization, VigiOne will enable you to manage all of your compliance in one place. But VigiOne works just as well for smaller companies. It’s completely modular, so if you just need to comply with one regulation or standard you can do that. We designed it to be versatile to our customers needs and hassle-free to deploy.

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance".
csrftoken	1 year	This cookie is associated with Django web development platform for python. Used to help protect the website against Cross-Site Request Forgery attacks
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
mgref	1 year	This cookie is set by Eventbrite to deliver content tailored to the end user's interests and improve content creation. It is also used for event-booking purposes.

Cookie	Duration	Description
_gat	1 minute	This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites.
G	1 year	Cookie used to facilitate the translation into the preferred language of the visitor.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_59241235_1	1 minute	Set by Google to distinguish users.
_gat_gtag_UA_89738490_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_s	1 year	This cookie is associated with Shopify's analytics suite.
ajs_anonymous_id	never	This cookie is set by Segment to count the number of people who visit a certain site by tracking if they have visited before.
ajs_group_id	never	This cookie is set by Segment to track visitor usage and events within the website.
ajs_user_id	never	This cookie is set by Segment to help track visitor usage, events, target marketing, and also measure application performance and stability.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
active_demand_cookie_cart	1 hour	No description
activedemand_session_guid	10 years	No description available.
AnalyticsSyncHistory	1 month	No description
cookielawinfo-checkbox-functional	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
debug	never	No description available.
lfuuid	9 years 3 months 9 days 10 hours	No description available.
li_gc	2 years	No description
session_uid	20 years	No description available.
timezone	1 month	No description available.
timezone_offset	1 month	No description available.
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.