Mathieu Gorge, CEO of VigiTrust, developed the award-winning 5 Pillars of Security Framework™ in 2008 to help medium to large sized organisations understand the security risk environment and effectively organise their security risk management roles and protocols. A decade later the Framework remains just as relevant. The Framework accommodates escalating cybersecurity threats as organisations increasingly move towards cloud-based platforms. Its flexibility also makes it easy to apply to changes in regulation, such as the introduction of the GDPR in May 2018.
In recognition of this, VigiTrust was named Best Data Security SaaS Solution 2018 for the 5 Pillars of Security FrameworkTM by the W&F Fintech Awards.
How can the 5 Pillars of Security Framework™ help you?
This page will tell you what you need to know about the 5 Pillars of Security Framework™, and provide resources to help you apply the framework to your organization’s Governance, Risk Management and Compliance.
1. Physical Security
Physical Security relates to everything that is tangible in your organisation.
Responsibility for Physical Security lies with: Operations Manager, Security Staff.
2. People Security
Humans typically present the greatest threat to an organisation’s security, be it through human error or by malicious intent. People Security is about mitigating risk by monitoring and controlling the access and flow of people.
Responsibility for People Security lies with: HR, Security Staff.
3. Data Security
Data can be both an asset and a liability. Whether it is the Intellectual Property (IP) of your organisation, or the personal data of employees and customers, protected by privacy regulations such as the GDPR, it needs to be handled with care. Appropriate data protection policies and procedures must be implemented to manage data storage, processing and compliance.
Responsibility for Data Security lies with: HR, IT Teams & Managers.
4. Infrastructure Security
Information Security refers to the intangible assets of your organisation, where data is stored and controlled. These must be protected to prevent security breaches and leaks.
Responsibility for Infrastructure Security lies with: IT Team & Managers.
5. Crisis Management
Effective Crisis Management depends on an organisation’s ability to be prepared for any eventuality. Policies and protocols must be continuously tested and revised to mitigate exposure.
Responsibility for Crisis Management lies with: Operation Manager, IT Team & HR.
Why was the 5 Pillars of Security Framework first developed?
The 5 Pillars of Security Framework gives you a simple roadmap for compliance. It was developed back in 2008 to demystify the very complex technical and legal landscape of global regulation. Take PCI, HIPAA or EU Data protection, for instance. Even the most security aware professionals needed a way to understand these environments in plain English. We identified 5 common denominators – which are the 5 pillars of security that are still relevant to you today.
How has the security landscape change since the 5 Pillars was first developed in 2008?
What is the biggest security threat for your organisation and how can the 5 Pillars help?
The biggest security threat for your organisation is not knowing your security ecosystem. Where is your data, how does it flow? Who are the stakeholders and what regulations and standards are you subject to? The 5 Pillars Framework gives you a series of easy, non-technical questions to help understand and protect this ecosystem.
How does VigiTrust use the 5 Pillars Framework to support its customers?
Our customers have found the framework to be a successful solution, and we’re very proud of it here at VigiTrust. Indeed it underpins everything we offer, from consultation and eLearning through to VigiOne, our single platform Integrated Risk Management/GRC solution.
Is VigiOne for you?
If you’re an enterprise organisation, VigiOne will enable you to manage all of your compliance in one place. But VigiOne works just as well for smaller companies. It’s completely modular, so if you just need to comply with one regulation or standard you can do that. We designed it to be versatile to our customers needs and hassle-free to deploy.