About Our Cyber Security Assessments Practice

Law & Forensics Cyber Security Assessment practice is comprised of multi-lingual world-class legal, cyber, and privacy engineers with a wealth of experience and expertise in performing cybersecurity assessments. Our practice works across all industries, and government agencies, measuring their posture against a myriad of regulatory frameworks and standards.

For every assessment, Law & Forensics sends a joint task force of world-class technology and legal experts to identify any gaps in the organization’s existing information security posture that could prevent meeting compliance.

As part of our assessments, our Cybersecurity Assessment Practice works with our clients to mitigate the gaps – from creating an Incident Response Plan, to implementing security measures to protect confidential data, to establishing and implementing training programs.

Law & Forensics legal, cyber, and privacy engineers have a wealth of experience and expertise to work with organizations to ensure that their business partners and affiliates conduct themselves to the same high standards you comply with respective to data security. Law & Forensics Cybersecurity Assessment practice can certify that affiliates, third parties, and strategic vendors you work with handle your data under regulatory guidelines and contracts.

Our Services

100s of years of collective experience doing cybersecurity work. And of course working out of the box and solving problems…

New York Department Financial Services

  • Work with organizations to develop, review, and implement a cybersecurity program that complies with New York Department Financial Services’ cybersecurity requirements.
  • Create security frameworks that comply with the NYS-DFS requirements and numerous other state and federal cybersecurity regulations using the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF).
  • Craft written policies and procedures, developing a compliant cybersecurity training program, and review an organization’s IT cybersecurity posture (e.g., Multi-factor authentication, monitoring and testing, and etc.).
  • Perform risk assessments to assess the level of compliance  NY-DFS statute and create, review, or update a companies existing incident response plan to comply with NY-DFS.

Chemical Facility Anti-Terrorism Standards (CFATS) Assessments and Solutions

  • Assist clients that have in their possession chemical substances recognized by the US Department of Homeland Security (DHS) as Chemicals of Interest (COI) with submissions to DHS, including Top Screen survey, Security Vulnerability Assessment (SVA), Site Security Plan (SSP) and Alternative Security Plan (ASP).
  • Assess organizations’ existing security posture against the CFATS Risk-Based Performance Standards (RBPS) and work with clients to remediate any deficiencies that need to be remedied including, create and/or modify Incident Response measures and protocols, implement cybersecurity measures, and create necessary policies.

HIPAA Healthcare Privacy and Security Assessments and Solutions

  • Work with healthcare organizations (Covered Entity or Business Associate) that create, receive, maintain, or transmit protected health information (PHI) to periodically conduct a HIPAA risk assessment to comply with §164.308 of the HIPAA Security Rule.
  • Collaborate with an organization’s internal IT, compliance, and legal stakeholders to review existing controls, policies, procedures, test security and privacy controls, and interview staff.
  • Consult with an organization and outside counsel in responding to Health and Human Services (HHS) Office for Civil Rights (OCR) inquiries and perform independent risk assessments of a healthcare organization’s security and compliance posture against the safeguards specified in the HIPAA Security and Privacy Rule and assisting companies to address gaps identified.

Third Party Vendor Assessment Program

  • Work with IT, Audit and Legal departments to vet third-party vendor’s data security,
  • Assess the technical aspects of the service to review policies and measures taken by the vendor to ensure that your data is kept safe and sound,
  • Create cybersecurity third-party vendor risk programs for large and small companies using proprietary controls and processes and off-the-shelf software in-line with our customer’s budget.

Business-driven Assessments (FFIEC, FAIR, and etc.)

  • Work with Executive Leadership and organizational policy creators such as Audit, Legal and corporate IT departments to validate and verify that internal controls and SOPs align with corporate goals, strategies, and policies.
  • Review and establish policies, SOPs, and work instructions to mitigate gaps in internal compliance and ensure effective execution and enforcement of corporate policies.
  • Independently assess an organization’s alignment with the cybersecurity requirements defined by various regulators including those set-out in the FFIEC Information Technology (IT) Examination Handbook.

California Consumer Privacy Act (CCPA) Consulting

  • Work with clients to perform an assessment leveraging our proprietary privacy assessment tool that ascertains an organization’s privacy posture against the CCPA, and deliver a roadmap on how to comply, and a framework to ensure going forward compliance.
  • Review all existing systems and create a robust data map for these systems so it allows the company to support and maintain the data map requiring no additional licenses fees or agreements.
  • Analyze existing data maps, controls, policies, and related materials to identify gaps that an organization must address to demonstrate CCPA compliance.
  • Collaborate with compliance, legal, and business stakeholders to review the privacy program, specific to CCPA, and create and execute a program that will raise awareness and engagement across the company regarding CCPA requirements.

Case Studies by Industry

1.23k Cases

solved to date

10.4k Computers

forensically analyzed

3.9k Mobile Devices

collected, scanned, and analyzed

Industry/Sector: Chemical

Type of Case: CFATS Assessment

Description: Retained by General Counsel and Chief Compliance Officer of a national chemical producer to perform CFATS assessments of multiple locations to validate if these locations could comply with the CFATS regulatory program that the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) manages. Efforts included:

    • Assist the organization to prepare for on-site Department of Homeland Security inspections at multiple locations.
    • Review and provide feedback on cyber and physical security postures of several chemical facility’s site security plans (SSP).
    • Identify specific areas to address to ensure compliance with the cybersecurity components of CFATS.
    • Assist various chemical facilities to develop their cybersecurity posture. Our CFATS assessment efforts were critical in assisting the Chemical Producer in passing on-site DHS CFATS inspections.
54.1k Mailboxes

collected, analyzed, and searched by L&F

3.9k Social Media Accounts

collected, analyzed, and searched

597 Expert and Rebuttal Reports

written

Cyber Security Assessments Practice Edge

Cyber Insurance for Law Firms: Understanding the Cyber Risk Policy and Key Considerations for Law Firm Policy Holders

Capabilities

Annual Review of Regulations of Bitcoin and Blockchain in the United States and Abroad

Competitive fees

Expertise

Review of Alternative Dispute Resolution Case Law in 2018

Quality Control