About Michael Sanchez

This author has not yet filled in any details.
So far Michael Sanchez has created 26 blog entries.

Removable Media and Transient Device Program

ITEGRITI developed a program and set of controls for a client to address risks around the issues related to "Removable Media" (USB drives, Recordable CDs, SD Cards, etc.) and "Transient Devices" (vendor laptops used for analysis, etc.), areas of challenge for many companies, to ensure both compliance and effectiveness.

Removable Media and Transient Device Program2017-08-13T22:56:55+00:00

ITEGRITI Speaking @ GCPA Fall 2017

ITEGRITI will be speaking on "Compliance vs. Cybersecurity" as part of a panel discussion at the Gulf Coast Power Association (GCPA) Fall Conference 2017, Oct. 3 - 4 In Austin, TX. Event Link

ITEGRITI Speaking @ GCPA Fall 20172017-08-13T22:56:25+00:00

Training to Improve Evidence & Processes

ITEGRITI improved the evidence of a cybersecurity department through training and real time, "live", advisory services via conference calls. As a result, cybersecurity process evidence that initially had a rejection rate for insufficient evidence by an independent review party of nearly 60% was reduced to 10% and the revised processes and evidence received positive feedback [...]

Training to Improve Evidence & Processes2017-08-13T22:35:28+00:00

Cybersecurity Risk Evaluation

ITEGRITI performed a cybersecurity risk evaluation for a company seeking to provide assurance to its cybersecurity insurance provider. The assessment included reviewing network infrastructure and cybersecurity process controls and evaluating those processes against a baseline of processes that provide assurance that the majority of cybersecurity risks are addressed. As a result of the assessment, both [...]

Cybersecurity Risk Evaluation2017-08-13T22:55:55+00:00

Cybersecurity Evaluation Process Creation

ITEGRITI developed a "check-list" process for a client to validate compliance with cybersecurity controls on critical infrastructure operational systems as part of system implementation. The process was designed to be repeatable and translatable to other areas of the business and allow for institutional knowledge to be captured and leveraged during subsequent reviews. The process allowed [...]

Cybersecurity Evaluation Process Creation2017-08-13T22:35:28+00:00

Cybersecurity Controls Program Development

ITEGRITI reviewed the cybersecurity controls for a $1B organization and compared the controls in place to a set of baseline cybersecurity controls used to determine overall program efficacy. By performing this analysis, several areas of improvement were identified and the organization was better able to visualize its overall cybersecurity posture, articulate its control environment to [...]

Cybersecurity Controls Program Development2017-08-13T22:35:28+00:00

Clarity to Complex Cyber Compliance Issues

Not every area of IT compliance is clear cut. ITEGRITI helped one client define and clarify it's positions in areas where more ambiguity exists, working with the client to develop, document, and articulate its rationale and providing sound reasoning and risk based justification for the methods it employed to meet regulatory obligations.

Clarity to Complex Cyber Compliance Issues2017-08-13T22:54:35+00:00

CIP Compliance for Lows

ITEGRITI developed a CIP compliance program to support a client with "Low Impact" only cyber assets that is both sustainable and manageable by working with our client to identify already existing processes that were augmented where needed before any new processes were developed. A prioritized action list was developed for the client to address well [...]

CIP Compliance for Lows2017-08-13T22:54:09+00:00

“Root Cause” Analysis of Systemic Cyber Issues

ITEGRITI provided one client with deep analysis to determine the "root cause" of systemic and repeated cybersecurity issues that had undergone several attempts at process improvement without resolution. By reviewing details of these issues, interviewing SMEs, and drawing on decades of operational experience, several specific areas were identified and concrete action plans were developed to [...]

“Root Cause” Analysis of Systemic Cyber Issues2017-08-13T22:35:28+00:00