Cybersecurity Third Party Due Diligence

Cybersecurity Third Party Due Diligence

About Our Cyber Security Third Party Due Diligence Practice

Law & Forensics Third Party Due Diligence practice works with organizations to assess not only vendors’ professional and technical offering, but also to perform a thorough due diligence process to identify any compliance issues and risks before implementation and deployment within the organization.

Our team is well versed in the processes involved in selecting and evaluating vendors for many organizations, including local authorities, companies in the private sector, and non-profit organizations. We work with our clients to assess the most suitable solution, by working closely and engaging key stakeholders in the organization.

Our Services

100s of years of collective experience doing cybersecurity. And of course working out of the box and solving problems…

Mergers and Acquisitions Security, Risk, and Control Cybersecurity Program Review

Mergers and Acquisitions Cybersecurity Due Diligence

Detect tangible cybersecurity gaps and/or potential at-risk areas in the target company. Efforts included reviewing security programs, leveraging patent threat scanning technology, and assessing the alignment of policies and controls with the underlying cybersecurity program.
Quantify costs to remediate cybersecurity gaps identified using our proprietary financial models and cyber industry expertise.
Author a report summarizing gaps and financial costs to remediate said issues identified in the target company.

Information Security and Risk Policy and Control Effectiveness

Independently assess the target’s commitment to cyber/data security and ascertain the alignment with corporate policies and compliance with any laws or regulatory frameworks that apply to target (DFS, CFATS, HIPAA, and etc.).
Evaluate the effectiveness of a target’s audit and information security programs.

Cybersecurity Program Review

Ascertain the target’s cybersecurity program and effectiveness to detect and respond to a cyber incident and benchmarking it against industry norms.
Review existing policies and controls to identify any material gaps in the target’s cybersecurity program.
Analyze the target’s cybersecurity insurance coverage to ensure coverage is appropriate.

Case Studies by Industry

Healthcare

Industry/Sector: Healthcare

Type of Service: Independent Review of Cybersecurity Program for Board of Public Company.

Description: Hired by Board of Directors of a large healthcare company to independently assess the cybersecurity program. Efforts included the following:

- Interviewed CISO and senior leadership.
- Evaluated alignment of controls and policies with cybersecurity technologies.
- Audited existing training programs.
- Provided a written report to the board documenting findings.
- Presented to the Audit Committee the results of our efforts.

Private Equity

Industry/Sector: Finance

Type of Service: Perform cyber due diligence for a private equity firm.

Description: Retained by Private Equity group team to perform due diligence review and analysis of the cybersecurity posture of an e-commerce company. Efforts included:

- - Reviewed alignment of cybersecurity controls and policies with systems.
  - Interviewed senior executives and board members about the cybersecurity program.
  - Audited third-party vendor risk management program, quantifying cyber risks and remediation of risks.
  - Provided a written report with findings to the client.

Home Appliance

Industry/Sector: Home

Type of Service: Cyber due diligence for a home appliance company

Description: Hired by outside counsel to assist an appliance organization in a transaction involving a social media monitoring and analytics start-up. Efforts included the following:

- Conducted an independent expert current state assessment of a social media monitoring and analytics startup information security program and practices based on CISSP domain standards and ISO27001 guidelines.
- Drafted reports for counsel regarding gaps identified and remediation estimates.
- Provided a written report with findings to the client.

441+ Third-Party Vendors

assessed

59+ Companies

advised in diligence

37+ Mergers

and acquisitions

78+ Reports

delivered to companies

113+ Insurance Coverage

policies reviewed

102+ Full Internal Cybersecurity

audits assessed

Cybersecurity Third Party Due Diligence Practice Edge

Cyber Insurance for Law Firms: Understanding the Cyber Risk Policy and Key Considerations for Law Firm Policy Holders

Capabilities

Veteran team with more than 10 decades of experience in assessing technological solutions and each engagement is led by a senior member with more than 100+ years of collective experience. Our teams’ unique experience and training allows us to examine every solution from an attacker’s point of view to identify and remediate any potential gaps in security and compliance.

Annual Review of Regulations of Bitcoin and Blockchain in the United States and Abroad

Competitive fees

Our fees structure is competitive, we offer clients success based, hourly and/or fixed fee arrangements while ensuring that each engagement is spearheaded by a knowledgeable and experienced senior team member of our team.

Expertise

Law & Forensics has worked with dozens of large companies and private equity firms to evaluate the cybersecurity posture of companies that were potential acquisition targets, identifying gaps and issues with the targets cyber policies and practices, and providing a detailed report for senior management on identified issues and proffering appropriate remediation steps.

Review of Alternative Dispute Resolution Case Law in 2018

Quality Control

We deliver prompt solutions and thoughtful recommendations that rigorously meet or exceed industry best practices and meet the needs of our clients.