About Our Cyber Security Assessments Practice

Law & Forensics Cyber Security Assessment practice is comprised of multi-lingual world-class legal, cyber, and privacy engineers with a wealth of experience and expertise in performing cybersecurity assessments. Our practice works across all industries, and government agencies, measuring their posture against a myriad of regulatory frameworks and standards.

For every assessment, Law & Forensics sends a joint task force of world-class technology and legal experts to identify any gaps in the organization’s existing information security posture that could prevent meeting compliance.

As part of our assessments, our Cybersecurity Assessment Practice works with our clients to mitigate the gaps – from creating an Incident Response Plan, to implementing security measures to protect confidential data, to establishing and implementing training programs.

Law & Forensics legal, cyber, and privacy engineers have a wealth of experience and expertise to work with organizations to ensure that their business partners and affiliates conduct themselves to the same high standards you comply with respective to data security. Law & Forensics Cybersecurity Assessment practice can certify that affiliates, third parties, and strategic vendors you work with handle your data under regulatory guidelines and contracts.

Our Services

100s of years of collective experience doing cybersecurity work. And of course working out of the box and solving problems…

New York Department Financial Services

  • Work with organizations to develop, review, and implement a cybersecurity program that complies with New York Department Financial Services’ cybersecurity requirements.
  • Create security frameworks that comply with the NYS-DFS requirements and numerous other state and federal cybersecurity regulations using the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF).
  • Craft written policies and procedures, developing a compliant cybersecurity training program, and review an organization’s IT cybersecurity posture (e.g., Multi-factor authentication, monitoring and testing, and etc.).
  • Perform risk assessments to assess the level of compliance  NY-DFS statute and create, review, or update a companies existing incident response plan to comply with NY-DFS.

Chemical Facility Anti-Terrorism Standards (CFATS) Assessments and Solutions

  • Assist clients that have in their possession chemical substances recognized by the US Department of Homeland Security (DHS) as Chemicals of Interest (COI) with submissions to DHS, including Top Screen survey, Security Vulnerability Assessment (SVA), Site Security Plan (SSP) and Alternative Security Plan (ASP).
  • Assess organizations’ existing security posture against the CFATS Risk-Based Performance Standards (RBPS) and working with clients to remediate any deficiencies that need to be remedied including creating and/or modifying Incident Response measures and protocols, implementing cybersecurity measures, creating necessary policies, etc.

HIPAA Healthcare Privacy and Security Assessments and Solutions

  • Working with healthcare organizations (Covered Entity or Business Associate) that create, receive, maintain, or transmit protected health information (PHI) to periodically conduct a HIPAA risk assessment to comply with §164.308 of the HIPAA Security Rule.
  • Collaborate with an organization’s internal IT, compliance, and legal stakeholders to review existing controls, policies, procedures, test security and privacy controls, and interview staff.
  • Consult with an organization and outside counsel in responding to Health and Human Services (HHS) Office for Civil Rights (OCR) inquiries and perform independent risk assessments of a healthcare organization’s security and compliance posture against the safeguards specified in the HIPAA Security and Privacy Rule and assisting companies to address gaps identified.

Third Party Vendor Assessment Program

  • Work with IT, Audit and Legal departments to vet third-party vendor’s data security,
  • Assess the technical aspects of the service to review policies and measures taken by the vendor to ensure that your data is kept safe and sound,
  • Create cybersecurity third-party vendor risk programs for large and small companies using proprietary controls and processes and off-the-shelf software in-line with our customer’s budget.

Business-driven Assessments (FFIEC, FAIR, and etc.)

  • Work with Executive Leadership and organizational policy creators such as Audit, Legal and corporate IT departments to validate and verify that internal controls and SOPs align with corporate goals, strategies, and policies.
  • Review and establish policies, SOPs, and work instructions to mitigate gaps in internal compliance and ensure effective execution and enforcement of corporate policies.
  • Independently assess an organization’s alignment with the cybersecurity requirements defined by various regulators including those set-out in the FFIEC Information Technology (IT) Examination Handbook.

California Consumer Privacy Act (CCPA) Consulting

  • Working with clients to perform an assessment leveraging our proprietary privacy assessment tool that ascertains an organization’s privacy posture against the CCPA, and deliver a roadmap on how to comply, and a framework to ensure going forward compliance.
  • Review all existing systems and create a robust data map for these systems so it allows the company to support and maintain the data map requiring no additional licenses fees or agreements.
  • Analyze existing data map, controls, policies, and related materials to identify gaps that an organization must address to demonstrate CCPA compliance.
  • Collaborate with compliance, legal, and business stakeholders to review the privacy program, specific to CCPA, and create and execute a program that will raise awareness and engagement across the company regarding CCPA requirements.

Case Studies by Industry

Industry/Sector: Chemical

Type of Case: CFATS Assessment

Description: Retained by General Counsel and Chief Compliance Officer of a national chemical producer to perform CFATS assessments of multiple locations to validate if these locations could comply with the CFATS regulatory program that the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) manages. Efforts included:

    • Assisting the organization to prepare for on-site Department of Homeland Security inspections at multiple locations.
    • Reviewing and providing feedback on cyber and physical security posture of several chemical facilities site security plans (SSP).
    • Identifying specific areas to address to ensure compliance with the cybersecurity components of CFATS.
    • Assisting various chemical facilities to develop their cybersecurity posture. Our CFATS assessment efforts were critical in assisting the Chemical Producer in passing on-site DHS CFATS inspections.
1.23k Cases

solved to date

10.4k Computers

forensically analyzed

3.9k Mobile Devices

collected, scanned, and analyzed

54.1k Mailboxes

collected, analyzed, and searched by LnF

3.9k Social Media Accounts

collected, analyzed, and searched

597 Expert and Rebuttal Reports


Cyber Security Assessments Practice Edge


Our Cybersecurity Assessment practice has real world experience assessing cybersecurity programs for readiness, alignment with best practices, and compliance with regulatory and industry best practices. Leading the team are senior legal engineers, technical experts, and veteran consultants with demonstrated success in performing cybersecurity assessments driven by civil litigation, regulatory or agency inquiries, or the concerns of company senior leadership.

Competitive fees

Our fees structure is competitive, we offer clients success based, hourly and/or fixed fee arrangements while ensuring that each engagement is spearheaded by a knowledgeable and experienced senior team member of our team.


Law & Forensics Cybersecurity Assessment practice has collectively 50+ years of experience performing cybersecurity driven assessments for organizations all over the globe at the request of lawyers or organization stakeholders. Our experience covers a wide range of industries and sectors, including: Aerospace and Defense , Banking, California Privacy Act (CCPA) Assessments, DFARS and DoD Cyber Assessments, Chemical Cyber Assessments (CFATS), FFIEC Cybersecurity Assessments, Gaming , General Data Protection Regulations (GDPR) Assessments, Green Energy, Healthcare, HIPAA Cybersecurity Risk Assessments, Hospitality Cyber Assessments, Insurance (NY-DFS), Manufacturing Cyber Assessments, Mining, Office of Civil Right Assessments and Inquiries, Oil and Gas Cyber Risk Evaluations, SEC Office of Compliance Inspections and Exam Readiness Assessments, Steel Manufacturing Risk Assessments, and Supply Chain Risk Assessments.

Quality Control

We deliver prompt solutions and thoughtful recommendations that rigorously meet or exceed industry best practices and meet the needs of our clients.