Risk and Gap Assessments and Preparedness and Testing

Security Incident Preparedness, Testing and Risk Assessments

Our team conducts privileged risk assessments and incident response exercises to analyze and evaluate institutional practices, policies and procedures. Our assessments are performed against industry security standards, such as the NIST Cybersecurity Framework and the Payment Card Industry Data Security Standards (PCI DSS). We also provide strategic guidance and counsel clients on improving, hardening and maturing security and incident response programs.

  • Program development and implementation. Advise on developing, improving and implementing corporate security programs.
  • Exercises and war games. Develop and lead tailored cybersecurity exercises and war games designed to evaluate the comprehensiveness and effectiveness of response protocols and to identify and remediate legal and enterprise risks.
  • Assessments and testing. Conduct assessments mapped to industry standards and frameworks to evaluate risk, identify gaps in controls and benchmark against industry peers. Partner with security firms to oversee and advise on penetration testing, threat hunting and compromise assessments.
  • Incident response plans and security policies. Draft and revise internal corporate security policies and procedures, such as incident response plans, written information security policies (WISPs), acceptable use policies, threat and vulnerability management, adequate disclosures addressing new laws and emerging case law, and bug bounty programs and procedures.
  • Vendor relationships. Manage and direct the vendor process, liaising and establishing strategic engagements with incident response vendors—forensic firms, credit monitoring and identity protection service providers, call center support, and public relations firms—so vendors are ready to provide on-call support in the event of a security incident.
  • Threat intelligence briefings. Partner with security experts and law enforcement to provide industry-specific threat intelligence briefings and presentations.
Other Proactive Services
Written Policies and Procedures and Data Management
Cybersecurity and Privacy Compliance and Regulatory Examinations
Corporate Governance and Executive Board Advisement
Workforce Education and Training
Third-Party and Vendor Management
Transactions, Contracting and Due Diligence
Government Affairs and Advocacy
Other Reactive Services
Incident Response and Internal Investigations
Crisis Management and Communications
Government and Regulatory Investigations and Working With Law Enforcement
Litigation and Class Action Defense


pursuant to New York DR 2-101(f)

© 2023 Manatt, Phelps & Phillips, LLP.

All rights reserved