5 Pillars of Security

About the 5 Pillars of Security Framework™

Mathieu Gorge, CEO of VigiTrust, developed the award-winning 5 Pillars of Security Framework™ in 2008 to help medium to large sized organisations understand the security risk environment and effectively organise their security risk management roles and protocols. A decade later the Framework remains just as relevant. The Framework accommodates escalating cybersecurity threats as organisations increasingly move towards cloud-based platforms. Its flexibility also makes it easy to apply to changes in regulation, such as the introduction of the GDPR in May 2018.

In recognition of this, VigiTrust was named Leading Integrated Risk Management Solution Provider of the Year, Republic of Ireland – 2020 for the 5 Pillars of Security Framework™ by Acquisition International.

Mathieu Gorge’s new book: The Cyber Elephant in the Boardroom is aimed at board members, C-Suite, and key decision-makers faced with cyber accountability challenges. The book is based on the award-winning 5 Pillars of Security Framework™: a simple, effective, industry agnostic, timeless methodology allowing enterprises and small businesses to map cybersecurity risks, implement a cybersecurity strategy, and demonstrate cyber accountability to regulators, governing bodies, and law enforcement agencies.

How can the 5 Pillars of Security Framework™ help you? 

This page will tell you what you need to know about the 5 Pillars of Security Framework™, and provide resources to help you apply the framework to your organization’s Governance, Risk Management and Compliance.

Understand the 5 Pillars

1. Physical Security

Physical Security relates to everything that is tangible in your organization. 

  • Access to Buildings
  • Physical Assets
  • IT Hardware
  • Vehicle Fleet

Responsibility for Physical Security lies with: Operations Manager, Security Staff. 

2. People  Security

Humans typically present the greatest threat to an organisation’s security, be it through human error or by malicious intent.  People Security is about mitigating risk by monitoring and controlling the access and flow of people. 

  • Permanent & Contract Staff
  • Partners
  • 3rd Party Employees
  • Visitors
  • Special Events Security

Responsibility for People Security lies with: HR, Security Staff.

3. Data Security 

Data can be both an asset and a liability. Whether it is the Intellectual Property (IP) of your organization, or the personal data of employees and customers, protected by privacy regulations such as the GDPR, it needs to be handled with care. Appropriate data protection policies and procedures must be implemented to manage data storage, processing and compliance.    

  • Trade Secrets
  • Employee Data
  • Database
  • Customer Data

Responsibility for Data Security lies with: HR, IT Teams & Managers.

4. Infrastructure Security 

Information Security refers to the intangible assets of your organization, where data is stored and controlled. These must be protected to prevent security breaches and leaks. 

  • Networks
  • Remote Sites
  • Application Security
  • Website
  • Intranet

Responsibility for Infrastructure Security lies with: IT Team & Managers. 

5. Crisis Management

Effective Crisis Management depends on an organization’s ability to be prepared for any eventuality.  Policies and protocols must be continuously tested and revised to mitigate exposure. 

  • Documentation & Work Procedures
  • Emergency Response Plans
  • Business Continuity Plans
  • Disaster Recovery Plans

Responsibility for Crisis Management lies with: Operation Manager, IT Team & HR.

Why was the 5 Pillars of Security Framework first developed?

The 5 Pillars of Security Framework gives you a simple roadmap for compliance. It was developed back in 2008 to demystify the very complex technical and legal landscape of global regulation. Take PCI, HIPAA or EU Data protection, for instance. Even the most security aware professionals needed a way to understand these environments in plain English. We identified 5 common denominators –  which are the 5 pillars of security that are still relevant to you today.

How has the security landscape change since the 5 Pillars was first developed in 2008?

  • From a tech perspective, the attack surface has increased many times over since everything is now online – so new threats, new types of attacks, new assets to protect.
  • From a legal perspective, you’ve got a host of new regulations and standards such as Privacy in the US and the GDPR in Europe.
  • Rather than Governance, Risk Management, Compliance – GRC, the buzzword these days is Integrated Risk Management. But really, this emphasis on integration is precisely what the 5 Pillars was introduced to do way back in 2008.

What is the biggest security threat for your organization and how can the 5 Pillars help?

The biggest security threat for your organization is not knowing your security ecosystem. Where is your data, how does it flow? Who are the stakeholders and what regulations and standards are you subject to?  The 5 Pillars Framework gives you a series of easy, non-technical questions to help understand and protect this ecosystem.

How does VigiTrust use the 5 Pillars Framework to support its customers? 

Our customers have found the framework to be a successful solution, and we’re very proud of it here at VigiTrust. Indeed it underpins everything we offer, from consultation and eLearning through to VigiOne, our single platform Integrated Risk Management/IRM solution.

Is VigiOne for you?

If you’re an enterprise organization, VigiOne will enable you to manage all of your compliance in one place. But VigiOne works just as well for smaller companies.  It’s completely modular, so if you just need to comply with one regulation or standard you can do that. We designed it to be versatile to our customers needs and hassle-free to deploy.