Mathieu Gorge, CEO of VigiTrust, developed the award-winning 5 Pillars of Security Framework™ in 2008 to help medium to large sized organisations understand the security risk environment and effectively organise their security risk management roles and protocols. A decade later the Framework remains just as relevant. The Framework accommodates escalating cybersecurity threats as organisations increasingly move towards cloud-based platforms. Its flexibility also makes it easy to apply to changes in regulation, such as the introduction of the GDPR in May 2018.
In recognition of this, VigiTrust was named Leading Integrated Risk Management Solution Provider of the Year, Republic of Ireland – 2020 for the 5 Pillars of Security Framework™ by Acquisition International.
Mathieu Gorge’s new book: The Cyber Elephant in the Boardroom is aimed at board members, C-Suite, and key decision-makers faced with cyber accountability challenges. The book is based on the award-winning 5 Pillars of Security Framework™: a simple, effective, industry agnostic, timeless methodology allowing enterprises and small businesses to map cybersecurity risks, implement a cybersecurity strategy, and demonstrate cyber accountability to regulators, governing bodies, and law enforcement agencies.
How can the 5 Pillars of Security Framework™ help you?
This page will tell you what you need to know about the 5 Pillars of Security Framework™, and provide resources to help you apply the framework to your organization’s Governance, Risk Management and Compliance.
1. Physical Security
Physical Security relates to everything that is tangible in your organization.
Responsibility for Physical Security lies with: Operations Manager, Security Staff.
2. People Security
Humans typically present the greatest threat to an organisation’s security, be it through human error or by malicious intent. People Security is about mitigating risk by monitoring and controlling the access and flow of people.
Responsibility for People Security lies with: HR, Security Staff.
3. Data Security
Data can be both an asset and a liability. Whether it is the Intellectual Property (IP) of your organization, or the personal data of employees and customers, protected by privacy regulations such as the GDPR, it needs to be handled with care. Appropriate data protection policies and procedures must be implemented to manage data storage, processing and compliance.
Responsibility for Data Security lies with: HR, IT Teams & Managers.
4. Infrastructure Security
Information Security refers to the intangible assets of your organization, where data is stored and controlled. These must be protected to prevent security breaches and leaks.
Responsibility for Infrastructure Security lies with: IT Team & Managers.
5. Crisis Management
Effective Crisis Management depends on an organization’s ability to be prepared for any eventuality. Policies and protocols must be continuously tested and revised to mitigate exposure.
Responsibility for Crisis Management lies with: Operation Manager, IT Team & HR.
Why was the 5 Pillars of Security Framework first developed?
The 5 Pillars of Security Framework gives you a simple roadmap for compliance. It was developed back in 2008 to demystify the very complex technical and legal landscape of global regulation. Take PCI, HIPAA or EU Data protection, for instance. Even the most security aware professionals needed a way to understand these environments in plain English. We identified 5 common denominators – which are the 5 pillars of security that are still relevant to you today.
How has the security landscape change since the 5 Pillars was first developed in 2008?
What is the biggest security threat for your organization and how can the 5 Pillars help?
The biggest security threat for your organization is not knowing your security ecosystem. Where is your data, how does it flow? Who are the stakeholders and what regulations and standards are you subject to? The 5 Pillars Framework gives you a series of easy, non-technical questions to help understand and protect this ecosystem.
How does VigiTrust use the 5 Pillars Framework to support its customers?
Our customers have found the framework to be a successful solution, and we’re very proud of it here at VigiTrust. Indeed it underpins everything we offer, from consultation and eLearning through to VigiOne, our single platform Integrated Risk Management/IRM solution.
Is VigiOne for you?
If you’re an enterprise organization, VigiOne will enable you to manage all of your compliance in one place. But VigiOne works just as well for smaller companies. It’s completely modular, so if you just need to comply with one regulation or standard you can do that. We designed it to be versatile to our customers needs and hassle-free to deploy.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
|_GRECAPTCHA||5 months 27 days||This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.|
|cookielawinfo-checkbox-advertisement||1 year||Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .|
|cookielawinfo-checkbox-analytics||1 year||Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .|
|cookielawinfo-checkbox-necessary||1 year||Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .|
|cookielawinfo-checkbox-others||1 year||Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others".|
|cookielawinfo-checkbox-performance||1 year||Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance".|
|csrftoken||1 year||This cookie is associated with Django web development platform for python. Used to help protect the website against Cross-Site Request Forgery attacks|
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
|__cf_bm||30 minutes||Cloudflare set the cookie to support Cloudflare Bot Management.|
|bcookie||2 years||LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.|
|lang||session||This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.|
|lidc||1 day||LinkedIn sets the lidc cookie to facilitate data center selection.|
|mgref||1 year||This cookie is set by Eventbrite to deliver content tailored to the end user's interests and improve content creation. It is also used for event-booking purposes.|
|visitorId||1 year||ZoomInfo sets this cookie to identify a user.|
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
|_gat||1 minute||This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites.|
|G||1 year||Cookie used to facilitate the translation into the preferred language of the visitor.|
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
|_ga||2 years||The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.|
|_gat_gtag_UA_*||1 minute||Google Analytics sets this cookie to store a unique user ID.|
|_gat_gtag_UA_59241235_1||1 minute||Set by Google to distinguish users.|
|_gat_gtag_UA_89738490_1||1 minute||Set by Google to distinguish users.|
|_gid||1 day||Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.|
|_s||1 year||This cookie is associated with Shopify's analytics suite.|
|ajs_anonymous_id||never||This cookie is set by Segment to count the number of people who visit a certain site by tracking if they have visited before.|
|ajs_group_id||never||This cookie is set by Segment to track visitor usage and events within the website.|
|ajs_user_id||never||This cookie is set by Segment to help track visitor usage, events, target marketing, and also measure application performance and stability.|
|ln_or||1 day||Linkedin sets this cookie to registers statistical data on users' behaviour on the website for internal analytics.|
|vuid||2 years||Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.|
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
|bscookie||2 years||This cookie is a browser ID cookie set by Linked share Buttons and ad tags.|
|li_sugr||3 months||LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.|
|test_cookie||15 minutes||doubleclick.net sets this cookie to determine if the user's browser supports cookies.|
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
|_ad_session||session||No description available.|
|_cfuvid||session||Description is currently not available.|
|active_demand_cookie_cart||1 hour||No description|
|activedemand_session_guid||10 years||No description available.|
|AnalyticsSyncHistory||1 month||No description|
|cookielawinfo-checkbox-functional||1 year||The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".|
|debug||never||No description available.|
|lfuuid||9 years 3 months 9 days 10 hours||No description available.|
|li_gc||2 years||No description|
|session_uid||20 years||No description available.|
|timezone||1 month||No description available.|
|timezone_offset||1 month||No description available.|
|UserMatchHistory||1 month||Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.|