Our Cyber Security Services combines industry-leading exports, industry standards and emerging technology to solve cybersecurity challenges, enabling clients to strategically respond with confidence. Our experts work with you to understand, prioritize, and manage cybersecurity in the context of your existing and future business processes. We offer services in the following areas
• Cyber Risk Assessments
• Data Breach Response and Notification
• GDPR/ Privacy Assessments
• Penetration Testing
Cybersecurity Assessment and Consulting
How mature is your cybersecurity program? Are you at risk of a severe breach? Gemean has developed a sophisticated method to assess your ability to identify, avoid, mitigate, and manage cybersecurity risk. This process is done on-site in order for Gemean to understand the cyber risk associated with your organization. Our assessments will include, but not be limited to, the following:
Enterprise-wide Cybersecurity Program Review and Roadmapping
Gemean understands the nuances of different industries and their regulatory hurdles. WOur consultants also audit the security controls of third-party vendors who have access to your data. We ensure that your business partners’ practices are organized, safe, and compliant as well.
Whether is HIPPA, GDPR compliance, NYDFS SEC, PCI, or any other compliance issue we are able to perform a client-specific assessment that marries strategy, risk management, investment, and risk-transfer decisions. These assessments are based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework and we use other detailed risk matrices to confirm that your policies, training programs, and security infrastructure complies with applicable regulations. Our assessments include:
The Human Element
• Interview key personnel and assess their day-to-day responsibilities and basic business functions
• Assess training and education of end users and other stakeholders, such as the IT and legal departments.
Process
Assess the processes and workflows in different phases, including but not limited to:
• Network monitoring
• Website vulnerability assessment
• Social media and engineering profile assessment
• IT-infrastructure assessment (servers, desktops, laptops, mobiles, and tablets)
• Patching and Security Update Management
• Incident response plan
• Data disposition
• Employee termination
Technology
Assesses the current state of technology inside the organization and how it is leveraged in key areas such as:
• DLP (Data Loss Prevention)
• Incident response
• Identity management
• Threat detection
Once the assessment is complete, Gemean will provide a full report including a gap analysis and remediation plan to assist organizations in developing and implementing a path towards their desired maturity.
Data Breach Response and Notification
With data breaches occurring daily the demand for Data breach response services is at an unprecedented level. Our Data Breach Response Team specializes in two areas:
Incident Response
• Immediate response analysis, resolution, and remediation
• Data Breach Planning and Training: Developing and testing comprehensive incident response plans to minimize the impact of a data breach, including identification of cause and implementation of remediation measures for affected areas. Our team of professionals considers company processes, as well as the roles and responsibilities of individuals throughout the organization.
• Continuous Threat Monitoring and Analysis: – After an incident, we can offer monthly vulnerability scans. These scans ensure that critical systems are properly protected against current cyber-attacks and are up-to-date with all security patches.
• Cyber Incident simulation: We work with organizations to create a tailored simulation of an incident. These exercises are performed on site and can be in multiple locations depending on the organization size. The purpose of these exercises is to evaluate the effectiveness of the current incident response plan as well as educate key stakeholders on methods of handling an incident.
Data Breach Notification
Following a data breach, companies are often faced with a requirement to notify individuals whose personal information was compromised, especially if the breach involves Personally Identifiable Information (PII), Family Educational Rights and Privacy Act (FERPA) data, Payment Card Industry (PCI) data, and Health Insurance Portability and Accountability Act (HIPAA) data, and other information subject to privacy law and regulation.
This can necessitate the review of huge amounts of email, oose files, and database sources. This effort is often exponentially greater than company or counsel anticipate, as the exposure of just 25 email boxes can yield over one million documents for review.
This notification process is subject to increasingly rapid turnaround times, which place a premium on quickly, efficiently, and cost-effectively analyzing and relevant data, then reporting on the results. For example, Colorado recently passed legislation that requires notice to affected Colorado residents and the Colorado Attorney General within 30 days of determining that a security breach occurred.
Gemean’s data breach notification professionals use a combination of proprietary tools and methodologies to review and extract the key data elements needed for data breach notification. Our streamlined workflows and application of cutting-edge technology and analytics allow us to deliver results at industry-leading speeds, while maintaining the highest levels of quality.
Data Privacy
Our data privacy consultants assist our clients with the design and implementation of custom solutions needed to meet and exceed the requirements of best practice, ethical operations, and regulation. We work side by side with our client to creating repeatable strategic solutions for the management of data privacy. Furthermore, we work to identify gaps within existing privacy programs and design solutions to address those challenges. Lastly, we keep our clients up to date on data privacy trends like GDPR compliance.
Our privacy service offering includes but is not limited to the following:
• General Data Protection Regulation (GDPR) Maturity Assessments
• California Consumer Privacy Protection Act (CCPA) Priority Assessments
• Health Insurance Portability and Accountability Act (HIPAA) Assessments