About Our Cyber Security Assessment Practice

Our Cyber Security Assessment practice is comprised of multi-lingual world-class legal, cyber, and privacy engineers with a wealth of experience and expertise in performing cybersecurity assessments. Our Cyber Security Assessment team works across all industries, and government agencies, measuring their posture against a myriad of regulatory frameworks and standards. For every assessment, our Cyber Security Assessment team deploys a diverse set of world-class technology and legal cybersecurity experts to perform the assessments. The Cybersecurity Assessment team works with our clients to mitigate the gaps from creating an Incident Response Plan, to implementing security measures to protect confidential data, to establishing and implementing training programs.

Our Cyber Security Assessment practice can certify that affiliates, third parties, and strategic vendors you work with handle your data under regulatory guidelines and contracts. Our Cyber Security Practice also uses, tabletop.ai, our proprietary cloud-based cybersecurity risk assessment platform, to improve a company’s regulatory, compliance, and legal cybersecurity posture before an incident happens. Often, we work with big and small companies to gauge the organization’s de-facto compliance with internal policies, as well as federal and state regulatory frameworks and cybersecurity frameworks such as NIST, vis-a-vis tabletop.ai our comprehensive enterprise platform for cyber risk management and prevention.

Our Services

100s of years of collective experience doing cybersecurity work. And of course working out of the box and solving problems…

New York Department Financial Services

  • Work with organizations to develop, review, and implement a cybersecurity program that complies with New York Department Financial Services’ cybersecurity requirements.
  • Create security frameworks that comply with the NYS-DFS requirements and numerous other state and federal cybersecurity regulations using the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF).
  • Craft written policies and procedures, developing a compliant cybersecurity training program, and review an organization’s IT cybersecurity posture (e.g., Multi-factor authentication, monitoring and testing, and etc.).
  • Perform risk assessments to assess the level of compliance  NY-DFS statute and create, review, or update a companies existing incident response plan to comply with NY-DFS.
Cyber Security Assessment
Cyber Security Assessment

Chemical Facility Anti-Terrorism Standards (CFATS) Assessments and Solutions

  • Assist clients that have in their possession chemical substances recognized by the US Department of Homeland Security (DHS) as Chemicals of Interest (COI) with submissions to DHS, including Top Screen survey, Security Vulnerability Assessment (SVA), Site Security Plan (SSP) and Alternative Security Plan (ASP).
  • Assess organizations’ existing security posture against the CFATS Risk-Based Performance Standards (RBPS) and work with clients to remediate any deficiencies that need to be remedied including, create and/or modify Incident Response measures and protocols, implement cybersecurity measures, and create necessary policies.

HIPAA Healthcare Privacy and Security Assessments and Solutions

  • Work with healthcare organizations (Covered Entity or Business Associate) that create, receive, maintain, or transmit protected health information (PHI) to periodically conduct a HIPAA risk assessment to comply with §164.308 of the HIPAA Security Rule.
  • Collaborate with an organization’s internal IT, compliance, and legal stakeholders to review existing controls, policies, procedures, test security and privacy controls, and interview staff.
  • Consult with an organization and outside counsel in responding to Health and Human Services (HHS) Office for Civil Rights (OCR) inquiries and perform independent risk assessments of a healthcare organization’s security and compliance posture against the safeguards specified in the HIPAA Security and Privacy Rule and assisting companies to address gaps identified.
Cyber Security Assessment
Cyber Security Assessment

Third Party Vendor Assessment Program

  • Work with IT, Audit and Legal departments to vet third-party vendor’s data security,
  • Assess the technical aspects of the service to review policies and measures taken by the vendor to ensure that your data is kept safe and sound,
  • Create cybersecurity third-party vendor risk programs for large and small companies using proprietary controls and processes and off-the-shelf software in-line with our customer’s budget.

Business-driven Assessments (FFIEC, FAIR, and etc.)

  • Work with Executive Leadership and organizational policy creators such as Audit, Legal and corporate IT departments to validate and verify that internal controls and SOPs align with corporate goals, strategies, and policies.
  • Review and establish policies, SOPs, and work instructions to mitigate gaps in internal compliance and ensure effective execution and enforcement of corporate policies.
  • Independently assess an organization’s alignment with the cybersecurity requirements defined by various regulators including those set-out in the FFIEC Information Technology (IT) Examination Handbook.
Cyber Security Assessment
Cyber Security Assessment

California Consumer Privacy Act (CCPA) Consulting

  • Work with clients to perform an assessment leveraging our proprietary privacy assessment tool that ascertains an organization’s privacy posture against the CCPA, and deliver a roadmap on how to comply, and a framework to ensure going forward compliance.
  • Review all existing systems and create a robust data map for these systems so it allows the company to support and maintain the data map requiring no additional licenses fees or agreements.
  • Analyze existing data maps, controls, policies, and related materials to identify gaps that an organization must address to demonstrate CCPA compliance.
  • Collaborate with compliance, legal, and business stakeholders to review the privacy program, specific to CCPA, and create and execute a program that will raise awareness and engagement across the company regarding CCPA requirements.

Case Studies by Industry

Industry/Sector: Chemical

Type of Case: CFATS Assessment

Description: Retained by General Counsel and Chief Compliance Officer of a national chemical producer to perform CFATS assessments of multiple locations to validate if these locations could comply with the CFATS regulatory program that the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) manages. Efforts included:

    • Assist the organization to prepare for on-site Department of Homeland Security inspections at multiple locations.
    • Review and provide feedback on cyber and physical security postures of several chemical facility’s site security plans (SSP).
    • Identify specific areas to address to ensure compliance with the cybersecurity components of CFATS.
    • Assist various chemical facilities to develop their cybersecurity posture. Our CFATS assessment efforts were critical in assisting the Chemical Producer in passing on-site DHS CFATS inspections.
1.23k Cases

solved to date

10.4k Computers

forensically analyzed

3.9k Mobile Devices

collected, scanned, and analyzed

54.1k Mailboxes

collected, analyzed, and searched by L&F

3.9k Social Media Accounts

collected, analyzed, and searched

597 Expert and Rebuttal Reports


Cyber Security Assessments Practice Edge

Cyber Insurance for Law Firms: Understanding the Cyber Risk Policy and Key Considerations for Law Firm Policy Holders


Annual Review of Regulations of Bitcoin and Blockchain in the United States and Abroad

Competitive fees


Review of Alternative Dispute Resolution Case Law in 2018

Quality Control