5 Pillars of Security

About the 5 Pillars of Security Framework?

Mathieu Gorge, CEO of VigiTrust, developed the award-winning 5 Pillars of Security Framework™ in 2008 to help medium to large sized organisations understand the security risk environment and effectively organise their security risk management roles and protocols. A decade later the Framework remains just as relevant. The Framework accommodates escalating cybersecurity threats as organisations increasingly move towards cloud-based platforms. Its flexibility also makes it easy to apply to changes in regulation, such as the introduction of the GDPR in May 2018.

In recognition of this, VigiTrust was named Best Data Security SaaS Solution 2018 for the 5 Pillars of Security Framework™ by the W&F Fintech Awards.

VigiTrust has created a survey based on the 5 Pillars of Security Framework™ to allow you to produce your own Risk Analysis and help us identify trends regarding the 5 Pillars.

If you wish to participate in our survey, please follow the steps below:

  1. Click on the link to go to our survey page
  2. Enter the required information about your organization
  3. Enter your response to each question (25 questions, 5 per pillar)
  4. Once you have completed the survey, you will be invited to produce a Risk Analysis for your company
  5. That’s it, you’re done!

How can the 5 Pillars of Security Framework™ help you? 

This page will tell you what you need to know about the 5 Pillars of Security Framework™, and provide resources to help you apply the framework to your organization’s Governance, Risk Management and Compliance.

Understand the 5 Pillars

1. Physical Security

Physical Security relates to everything that is tangible in your organisation. 

  • Access to Buildings
  • Physical Assets
  • IT Hardware
  • Vehicle Fleet

Responsibility for Physical Security lies with: Operations Manager, Security Staff. 

2. People  Security

Humans typically present the greatest threat to an organisation’s security, be it through human error or by malicious intent.  People Security is about mitigating risk by monitoring and controlling the access and flow of people. 

  • Permanent & Contract Staff
  • Partners
  • 3rd Party Employees
  • Visitors
  • Special Events Security

Responsibility for People Security lies with: HR, Security Staff.

3. Data Security 

Data can be both an asset and a liability. Whether it is the Intellectual Property (IP) of your organisation, or the personal data of employees and customers, protected by privacy regulations such as the GDPR, it needs to be handled with care. Appropriate data protection policies and procedures must be implemented to manage data storage, processing and compliance.    

  • Trade Secrets
  • Employee Data
  • Database
  • Customer Data

Responsibility for Data Security lies with: HR, IT Teams & Managers.

4. Infrastructure Security 

Information Security refers to the intangible assets of your organisation, where data is stored and controlled. These must be protected to prevent security breaches and leaks. 

  • Networks
  • Remote Sites
  • Application Security
  • Website
  • Intranet

Responsibility for Infrastructure Security lies with: IT Team & Managers. 

5. Crisis Management

Effective Crisis Management depends on an organisation’s ability to be prepared for any eventuality.  Policies and protocols must be continuously tested and revised to mitigate exposure. 

  • Documentation & Work Procedures
  • Emergency Response Plans
  • Business Continuity Plans
  • Disaster Recovery Plans

Responsibility for Crisis Management lies with: Operation Manager, IT Team & HR.

Why was the 5 Pillars of Security Framework first developed?

The 5 Pillars of Security Framework gives you a simple roadmap for compliance. It was developed back in 2008 to demystify the very complex technical and legal landscape of global regulation. Take PCI, HIPAA or EU Data protection, for instance. Even the most security aware professionals needed a way to understand these environments in plain English. We identified 5 common denominators –  which are the 5 pillars of security that are still relevant to you today.

How has the security landscape change since the 5 Pillars was first developed in 2008?

  • From a tech perspective, the attack surface has increased many times over since everything is now online – so new threats, new types of attacks, new assets to protect.
  • From a legal perspective, you’ve got a host of new regulations and standards such as Privacy in the US and the GDPR in Europe.
  • Rather than Governance, Risk Management, Compliance – GRC, the buzzword these days is Integrated Risk Management. But really, this emphasis on integration is precisely what the 5 Pillars was introduced to do way back in 2008.

What is the biggest security threat for your organisation and how can the 5 Pillars help?

The biggest security threat for your organisation is not knowing your security ecosystem. Where is your data, how does it flow? Who are the stakeholders and what regulations and standards are you subject to?  The 5 Pillars Framework gives you a series of easy, non-technical questions to help understand and protect this ecosystem.

How does VigiTrust use the 5 Pillars Framework to support its customers? 

Our customers have found the framework to be a successful solution, and we’re very proud of it here at VigiTrust. Indeed it underpins everything we offer, from consultation and eLearning through to VigiOne, our single platform Integrated Risk Management/IRM solution.

Is VigiOne for you?

If you’re an enterprise organisation, VigiOne will enable you to manage all of your compliance in one place. But VigiOne works just as well for smaller companies.  It’s completely modular, so if you just need to comply with one regulation or standard you can do that. We designed it to be versatile to our customers needs and hassle-free to deploy.