Black Chambers

PREVENTATIVE, REACTIVE, most importantly PRIVATE.

Security by design is an empty concept without deliberate thought and foresight. This means thinking carefully about custom and licensed software, network architecture, and parties which ought to be trusted.

Code

Our professionals build and ensure security from top to bottom. We believe in teaching just as much as documenting. Black Chambers’ source code review identifies security-related vulnerabilities with the aim of providing developers insight as to the classes and categories of potential vulnerabilities. By the end of our engagement, source code is more secure and internal developers are better equipped to independently secure an application’s source code.

Our professionals have long histories in the information security community and thus also understand the undesirable narratives that can be spun when undocumented (or worse, documented) vulnerabilities become public information. Within our unique structure of operating through and with the Blackstone Law Group, these narratives are either identified, avoided, or responded to with considered diplomacy.

Network

Network security requires an understanding of entry and access, data flows, and an organization’s risk posture. By working with existing personnel to examine network diagrams and documentation, we provide a legally privileged assessment of existing gaps, areas of non-compliance with stated policies, and assess the function, placement, and need for security controls.

Throughout the engagement, our goal is to cost-effectively ensure our clients are both compliant with industry standard regulations and above reproach for information security best practices.

Trust

Third parties have been the root cause of many of the world’s largest data breaches. The range of data-, cloud-, and security-related products and services has never been greater or more overwhelming. Understanding how vendors manage data — and certifying that vendors are trustworthy — is imperative. Our experts have extensive experience with products new and old, and a network of information security associates that extends to every corner of the community and globe. With this background, we assist with identifying trustworthy vendors and partners who can provide effective services your organization actually needs, within the confines of your budget.

 

The partnership between Black Chambers and Blackstone Law Group lends itself to discreet and sensitive investigations aimed at uncovering or resolving misconduct involving technology.

We have expertise concerning the misuse of internal systems, insider threat identification, detection of exfiltration of confidential information, uncovering identities of anonymous defamatory statements, piracy and copyright infringement, and many other forms of misconduct. Blackstone Law Group, in turn, has complementary experience with whistleblowing and compartmentalized internal investigations in corporate settings.

Throughout the investigative process, Blackstone Law Group provides litigation-avoidance advice and other confidential legal counseling designed to avoid regulatory intervention and limit exposure to liability.

Further, by working with Blackstone Law Group, the full range of legal process complements our InfoSec investigations. Our partnership enables lawyers to draft subpoenas compelling production of information from third parties otherwise unavailable, draft and file actions leading to discovery, and negotiate directly with in-house counsel for the release of information in accordance with terms of services, privacy policies, or state and federal law.

In the event an intrusion, breach, or attack that has occurred or is ongoing, Black Chambers’ relationship with Blackstone Law Group gives an organization the greatest flexibility.

Because communications and analyses are privileged, investigation and remediation can begin immediately without risk of creating legal liability or providing ammunition for regulatory scrutiny. While the InfoSec investigation and incident response process is ongoing, Blackstone Law Group provides confidential counsel regarding regulatory responses, customer notification, cyber-liability insurance applicability, remediation, and litigation-avoidance strategies.

Whether a breach involves a single system or hundreds of systems compromised across a network, our professionals help an organization recover, minimizing the short- and long-term impact.

Adapting to the complexity of information security is critical for businesses.  With the theft of IP, trade secrets, research and development data, personal data, and financial records steadily on the rise, information security is an existential issue and business imperative.  

Within a legally privileged context to minimize risk and client exposure, Black Chambers performs organization-wide and targeted security assessments, encompassing both physical and digital security.  Combining the skillsets of information security and legal professionals allows Black Chambers to address security design and compliance as an ecosystem, and not in a tick-the-box manner.

Black Chambers professionals begin each engagement with a risk assessment.  Understanding an organization’s business and the identification of core assets are a critical component of this, together with the gathering and analysis of intelligence from outside sources.  

Through the lens of a risk assessment, physical and network security architecture and policies are then reviewed, assessed, revised, and remediated to harden defenses around core assets, allowing organizations to be ahead of best-practices curves.

Our professionals have rich and varied experience with large-scale vulnerability assessments.  Assess and documenting, however, is not sufficient: our professionals assist with not only with  technical remediation, but with adapting and transitioning to information security processes, policies, and procedures designed to reinforce an organization’s all-around security posture. 

Complex disputes require collection and exploitation of all available information. E-mails and files are a mere starting point: the universe of data and exploitable intelligence that resides on any computer is much greater than appears on the surface. 

Our experts recover targeted and actionable intelligence relevant to any investigations or litigation; examples include:

  • Timelines of activity on a computer, mobile device, or network
  • Discovery of electronic communications outside of conventional e-mail, text messages, or instant messages
  • Discovery of malware and spyware
  • Recovery and analysis of deleted information
  • Analysis of Internet usage
  • Analysis of social network usage
  • Analysis of geolocation data
  • Applications installed and executed
  • Analysis of photographs and other media files
  • Peripheral device usage (USB drives, printers, etc.)

More Articles ...

Page 1 of 2