Gemini's information security assessments help identify IT risks using a structured and proven approach. Our independent perspective has helped our customers to demonstrate security to their clients and auditors, investigate data breaches, increase visibility for security among senior managers, and meet compliance requirements for IT controls. Our assessments may take the form of vulnerability assessments, penetration tests, and security policy reviews.

Vulnerability Assessments of IT Infrastructure

A vast number of computer intrusions succeed as a result of design and implementation flaws that can be addressed before the attack takes place. Gemini helps its customers to proactively identify and remediate vulnerabilities. As part of the vulnerability assessment, we perform a comprehensive examination of the customer's IT infrastructure components by following these steps:

1. Identify security configuration weaknesses via structured, industry-proven techniques
2. Prioritize discovered vulnerabilities according to the customer's business needs and risk profile
3. Devise a specific plan for correcting the relevant vulnerabilities in a timely manner

The results of our assessments are immediately actionable, because they account for business risks, rather than focusing solely on vulnerabilities. This risk-centric approach is what differentiates us from many other consulting firms.

Penetration Tests to Confirm Security Risks

Gemini offers penetration testing services for customers who would like us to mimics actions of an attacker attempting to gain unauthorized access to sensitive information. Pen tests allow organizations to verify the possibility that an attacker may compromise IT infrastructure defenses.

A penetration test could vary in scope, covering some or all of the following aspects of the organization's IT infrastructure:

• External network perimeter and Internet-accessible systems
• Internal servers, workstations, and network devices
• Application-level functionality that could expose sensitive information

While a vulnerability assessment may provide a holistic perspective on IT risks, a penetration test typically locates a path of least resistance that an attacker would take to compromise the network.

Security Policy Assessments

An assessment of security policies and procedures focuses on the practices that affect how the organization protects data to locate deviations from best practices and legal obligations. Gemini's security policy assessments account for recommendations and requirements defined by PCI, HIPAA, ISO 17799, Sarbanes-Oxley, and other frameworks relevant to the customer.

Our security policy assessments typically include the following steps:

1. Examine current practices and documents that affect information security actions and decisions at the organization
2. Locate gaps in current security policies with respect to the relevant laws, regulations, and best practices
3. Consutruct a plan for addressing the identified defficiencies in a timely manner

Such assessments allow our customers to validate and fine-tune their security processes, assisting in the creation of realistic and enforceable information security policies. They play a significant role in establishing an information security program that accounts for the organization's business needs.

• Validate effectiveness of IT security controls
• Demonstrate security to your clients and auditors
• Prioritize IT security spending and defensive efforts
• Ensure compliance with regulatory and legal requirements

Gemini provides tactical assistance with today's information security needs. Our solutions are custom-fitted for individual customers, while building upon standards and best practices.

Please contact us for a brief consultation with our security specialists or to learn how we can address your security concerns.