Cyber Security Assessments

Cyber Security Assessments

About Our Cyber Security Assessments Practice

Law & Forensics Cyber Security Assessment practice is comprised of multi-lingual world-class legal, cyber, and privacy engineers with a wealth of experience and expertise in performing cybersecurity assessments. Our practice works across all industries, and government agencies, measuring their posture against a myriad of regulatory frameworks and standards.

For every assessment, Law & Forensics sends a joint task force of world-class technology and legal experts to identify any gaps in the organization’s existing information security posture that could prevent meeting compliance.

As part of our assessments, our Cybersecurity Assessment Practice works with our clients to mitigate the gaps – from creating an Incident Response Plan, to implementing security measures to protect confidential data, to establishing and implementing training programs.

Law & Forensics legal, cyber, and privacy engineers have a wealth of experience and expertise to work with organizations to ensure that their business partners and affiliates conduct themselves to the same high standards you comply with respective to data security. Law & Forensics Cybersecurity Assessment practice can certify that affiliates, third parties, and strategic vendors you work with handle your data under regulatory guidelines and contracts.

Our Services

100s of years of collective experience doing cybersecurity work. And of course working out of the box and solving problems…

New York Department CFATS HIPAA Healthcare Third Party Vendor Business-driven Assessments California Consumer Privacy Act

New York Department Financial Services

Work with organizations to develop, review, and implement a cybersecurity program that complies with New York Department Financial Services’ cybersecurity requirements.
Create security frameworks that comply with the NYS-DFS requirements and numerous other state and federal cybersecurity regulations using the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF).
Craft written policies and procedures, developing a compliant cybersecurity training program, and review an organization’s IT cybersecurity posture (e.g., Multi-factor authentication, monitoring and testing, and etc.).
Perform risk assessments to assess the level of compliance NY-DFS statute and create, review, or update a companies existing incident response plan to comply with NY-DFS.

Chemical Facility Anti-Terrorism Standards (CFATS) Assessments and Solutions

Assist clients that have in their possession chemical substances recognized by the US Department of Homeland Security (DHS) as Chemicals of Interest (COI) with submissions to DHS, including Top Screen survey, Security Vulnerability Assessment (SVA), Site Security Plan (SSP) and Alternative Security Plan (ASP).
Assess organizations’ existing security posture against the CFATS Risk-Based Performance Standards (RBPS) and work with clients to remediate any deficiencies that need to be remedied including, create and/or modify Incident Response measures and protocols, implement cybersecurity measures, and create necessary policies.

HIPAA Healthcare Privacy and Security Assessments and Solutions

Work with healthcare organizations (Covered Entity or Business Associate) that create, receive, maintain, or transmit protected health information (PHI) to periodically conduct a HIPAA risk assessment to comply with §164.308 of the HIPAA Security Rule.
Collaborate with an organization’s internal IT, compliance, and legal stakeholders to review existing controls, policies, procedures, test security and privacy controls, and interview staff.
Consult with an organization and outside counsel in responding to Health and Human Services (HHS) Office for Civil Rights (OCR) inquiries and perform independent risk assessments of a healthcare organization’s security and compliance posture against the safeguards specified in the HIPAA Security and Privacy Rule and assisting companies to address gaps identified.

Third Party Vendor Assessment Program

Work with IT, Audit and Legal departments to vet third-party vendor’s data security,
Assess the technical aspects of the service to review policies and measures taken by the vendor to ensure that your data is kept safe and sound,
Create cybersecurity third-party vendor risk programs for large and small companies using proprietary controls and processes and off-the-shelf software in-line with our customer’s budget.

Business-driven Assessments (FFIEC, FAIR, and etc.)

Work with Executive Leadership and organizational policy creators such as Audit, Legal and corporate IT departments to validate and verify that internal controls and SOPs align with corporate goals, strategies, and policies.
Review and establish policies, SOPs, and work instructions to mitigate gaps in internal compliance and ensure effective execution and enforcement of corporate policies.
Independently assess an organization’s alignment with the cybersecurity requirements defined by various regulators including those set-out in the FFIEC Information Technology (IT) Examination Handbook.

California Consumer Privacy Act (CCPA) Consulting

Work with clients to perform an assessment leveraging our proprietary privacy assessment tool that ascertains an organization’s privacy posture against the CCPA, and deliver a roadmap on how to comply, and a framework to ensure going forward compliance.
Review all existing systems and create a robust data map for these systems so it allows the company to support and maintain the data map requiring no additional licenses fees or agreements.
Analyze existing data maps, controls, policies, and related materials to identify gaps that an organization must address to demonstrate CCPA compliance.
Collaborate with compliance, legal, and business stakeholders to review the privacy program, specific to CCPA, and create and execute a program that will raise awareness and engagement across the company regarding CCPA requirements.

Case Studies by Industry

Chemical Producer

Industry/Sector: Chemical

Type of Case: CFATS Assessment

Description: Retained by General Counsel and Chief Compliance Officer of a national chemical producer to perform CFATS assessments of multiple locations to validate if these locations could comply with the CFATS regulatory program that the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) manages. Efforts included:

- Assist the organization to prepare for on-site Department of Homeland Security inspections at multiple locations.
- Review and provide feedback on cyber and physical security postures of several chemical facility’s site security plans (SSP).
- Identify specific areas to address to ensure compliance with the cybersecurity components of CFATS.
- Assist various chemical facilities to develop their cybersecurity posture. Our CFATS assessment efforts were critical in assisting the Chemical Producer in passing on-site DHS CFATS inspections.

Global Financial Institution

Industry/Sector: Financial

Type of Case: Business Assessment – FFIEC Handbook

Description: Hired by the Chief Information Officer to independently assess the organization’s resilience in responding to cyber threats and making recommendations presented to senior leadership and the Audit Committee. Efforts included:

- Evaluate how critical controls, processes, and SOPs were implemented by the organization.
- Validate the organization’s existing program against the FFIEC Information Technology (IT) Examination Handbook.
- Validate the modified FAIR cyber risk quantification models was accurate.
- Identify opportunities to improve the IT and cyber controls and systems, and present our findings as a presentation to senior leadership of the organization. Our efforts were critical in assisting the organization in responding to various examinations by regulators.

Global Risk and Insurance Service Business

Industry/Sector: Insurance

Type of Case: NY-DFS Assessment

Description: Hired by the senior leadership of a Global Risk and Insurance Service Business organization to assess the organization’s NY-DFS readiness. Efforts included:

- Assess the organization’s IT security posture based on the Federal Financial Institutions Examinations Council (FFIEC) framework and make recommendations on how to improve their security posture.
- Examine more broadly the current state of the IT organization and infrastructure.
- Review the skill set of the current staff.
- Develop a project roadmap that outlined costs and timeframes to implement the recommendations and assist the IT and security organization with implementation. Our NY-DFS assessment efforts were used by the organization to satisfy its regulatory requirement under the NY-DFS.

National Healthcare Provider

Industry/Sector: Healthcare

Type of Case: HIPAA Risk Assessment and Remediation

Description: Retained by General Counsel of a National Healthcare Provider to conduct an accurate and thorough risk analysis that addresses their enterprise-wide IT infrastructure and assist with remediating any gaps with the IT organization, existing vendors, and consultants. Efforts included:

- Identify where the organization’s PHI was at risk and associated threats.
- Evaluate if existing protective measures would address these risks.
- Identify areas the organization could improve both in terms of technology and controls.
- Assist the organization in remediating the areas identified in the assessment. Our work product was used to facilitate a positive outcome arising from an OCR investigation into a data breach at the company.

1.23k Cases

solved to date

10.4k Computers

forensically analyzed

3.9k Mobile Devices

collected, scanned, and analyzed

54.1k Mailboxes

collected, analyzed, and searched by L&F

3.9k Social Media Accounts

collected, analyzed, and searched

597 Expert and Rebuttal Reports

written

Cyber Security Assessments Practice Edge

Cyber Insurance for Law Firms: Understanding the Cyber Risk Policy and Key Considerations for Law Firm Policy Holders

Capabilities

Our Cybersecurity Assessment practice has real world experience assessing cybersecurity programs for readiness, alignment with best practices, and compliance with regulatory and industry best practices. Leading the team are senior legal engineers, technical experts, and veteran consultants with demonstrated success in performing cybersecurity assessments driven by civil litigation, regulatory or agency inquiries, or the concerns of company senior leadership.

Annual Review of Regulations of Bitcoin and Blockchain in the United States and Abroad

Competitive fees

Our fees structure is competitive, we offer clients success based, hourly and/or fixed fee arrangements while ensuring that each engagement is spearheaded by a knowledgeable and experienced senior team member of our team.

Expertise

Law & Forensics Cybersecurity Assessment practice has collectively 50+ years of experience performing cybersecurity driven assessments for organizations all over the globe at the request of lawyers or organization stakeholders. Our experience covers a wide range of industries and sectors, including: Aerospace and Defense , Banking, California Privacy Act (CCPA) Assessments, DFARS and DoD Cyber Assessments, Chemical Cyber Assessments (CFATS), FFIEC Cybersecurity Assessments, Gaming , General Data Protection Regulations (GDPR) Assessments, Green Energy, Healthcare, HIPAA Cybersecurity Risk Assessments, Hospitality Cyber Assessments, Insurance (NY-DFS), Manufacturing Cyber Assessments, Mining, Office of Civil Right Assessments and Inquiries, Oil and Gas Cyber Risk Evaluations, SEC Office of Compliance Inspections and Exam Readiness Assessments, Steel Manufacturing Risk Assessments, and Supply Chain Risk Assessments.

Review of Alternative Dispute Resolution Case Law in 2018

Quality Control

We deliver prompt solutions and thoughtful recommendations that rigorously meet or exceed industry best practices and meet the needs of our clients.