Risk and Gap Assessments and Preparedness and Testing
Security Incident Preparedness, Testing and Risk Assessments
Our team conducts privileged risk assessments and incident response exercises to analyze and evaluate institutional practices, policies and procedures. Our assessments are performed against industry security standards, such as the NIST Cybersecurity Framework and the Payment Card Industry Data Security Standards (PCI DSS). We also provide strategic guidance and counsel clients on improving, hardening and maturing security and incident response programs.
- Program development and implementation. Advise on developing, improving and implementing corporate security programs.
- Exercises and war games. Develop and lead tailored cybersecurity exercises and war games designed to evaluate the comprehensiveness and effectiveness of response protocols and to identify and remediate legal and enterprise risks.
- Assessments and testing. Conduct assessments mapped to industry standards and frameworks to evaluate risk, identify gaps in controls and benchmark against industry peers. Partner with security firms to oversee and advise on penetration testing, threat hunting and compromise assessments.
- Incident response plans and security policies. Draft and revise internal corporate security policies and procedures, such as incident response plans, written information security policies (WISPs), acceptable use policies, threat and vulnerability management, adequate disclosures addressing new laws and emerging case law, and bug bounty programs and procedures.
- Vendor relationships. Manage and direct the vendor process, liaising and establishing strategic engagements with incident response vendors—forensic firms, credit monitoring and identity protection service providers, call center support, and public relations firms—so vendors are ready to provide on-call support in the event of a security incident.
- Threat intelligence briefings. Partner with security experts and law enforcement to provide industry-specific threat intelligence briefings and presentations.