ITEGRITI: Critical Infrastructure Cybersecurity and Compliance Advisors

How Advanced Metering Infrastructure (AMI) is Building Grid Resilience

May 31, 2023

Unpacking DOE’s National Cyber-Informed Engineering Strategy (CIE)

May 17, 2023

Best Practices for the Energy Trilemma 2023

April 24, 2023

Energy Dilemmas in the 2023 Energy Trilemma

April 11, 2023

National Cybersecurity Strategy 2023 Puts Critical Infrastructure in the Spotlight

March 16, 2023

NIST’s New Cybersecurity Framework 2.0 is Underway

March 7, 2023

FERC Rules to Integrate INSM into CIP 230222

February 28, 2023

The Importance of US Healthcare Supply Chain

February 21, 2023

Is Your Company Ready for the Proposed SEC Cybersecurity Rules?

January 10, 2023

How Do the Revised TSA Pipeline Regulations Impact Your Business?

January 3, 2023

6 Key Highlights from Moody's 2023 Cybersecurity Report

December 21, 2022

FERC Proposed New Reliability Standards for Renewables Storage to Secure the Reliability of the Grid

December 13, 2022

CISA Releases Cross-Sector Cybersecurity Performance Goals to Assist Critical Infrastructure Organizations

December 7, 2022

CISA’s North Star - Secure and Resilient Infrastructure

November 15, 2022

NIST Proposes New Cybersecurity Framework for Liquid Natural Gas

November 8, 2022

The Spookiest Breaches of 2022

November 2, 2022

Atlantic Council Recommendations to Better Secure the IoT Ecosystem

October 26, 2022

The Domestic Threat to Critical Infrastructure

October 18, 2022

FERC Seeks Ways to Incentivize Electric Utility Cybersecurity Investments

October 11, 2022

Ongoing Threats to the US Water Industry

September 27, 2022

6 Tips to Stay Safe during National Cybersecurity Awareness Month

September 13, 2022

Protecting the US Power Grid Against Foreign Threats

September 6, 2022

itegriti_catastrophic_state-sponsored_cyber_insurance_plan2

Lloyd's Will Exclude "Catastrophic" State-Sponsored Attacks from Its Cyber Insurance Plans

August 30, 2022

How the US Energy Industry Works and How We Protect It

August 22, 2022

IoT Threats to the US Power Grid

August 16, 2022

How prepared is the U.S. for a cyberattack on the grid?

August 8, 2022

NERC’s 2022 Summer Reliability Assessment

August 2, 2022

The Road to Passing the NERC CIP Audit

July 25, 2022

SBOM - Recipe for Avoiding a Disaster

July 20, 2022

NERC CIP 012-1 What You Need to Know

June 27, 2022

WHAT WE DO

Cybersecurity and compliance programs require much more than just implementing an order, standard, or directive. They require a long-term vision to truly recognize the benefits of compliance and improved security, and the experience to advise through the challenges of change management, interpretation, implementation, adoption, performance, and validation. Imagine the benefit of working with a consulting firm that has assisted Critical Infrastructure organizations across the U.S. and Canada with IT and OT cybersecurity and compliance since 2008.

ITEGRITI is that firm. Our team has deep expertise gained through our work in protecting large-scale and distributed National Critical Infrastructure since compliance with the cybersecurity Standards first became mandatory. We are flexible, will easily integrate with your team, bring relevant best practices and lessons learned, and will deliver tangible results.

Loading...

Cybersecurity

Reliability Through Cybersecurity Resilience^TM

How We Help Clients

Account management assessments: user, service, and privileged accounts
Asset inventory and site walkdowns, change and configuration management
Attack surface reduction: service, port, asset, and application rationalization
Business continuity planning and testing
Cloud security control assessments, shadow IT reviews
Disaster recovery planning and testing
Incident response and recovery: process, tools, and information
Information protection: classification, identification, and storage
Network security architecture design, segmentation, and redundancy
NIST CSF Security Assessments
Organizational change management
Penetration testing and social engineering, security assessments
Secure asset configuration and hardening, including IOT/IIOT
Security patching: source and file validation and implementation
Security training and awareness
Supply chain management: policy and supplier assessments

WHAT’S YOUR CYBER RISK BASELINE?

Cybersecurity

To operate, organizations require the reliability of their information technology systems and IT/OT managed assets. Well-designed cybersecurity programs defend against and withstand most hacks but, despite best efforts, a motivated hacker will eventually break into a system they target.

What happens next depends on incident planning and preparedness. Cybersecurity Resilience builds on good cybersecurity programs by addressing demands for business continuity, information protection, and crisis communications.

How will business operations and customer service continue until the technology is restored?
What did the hackers take, was sensitive data encrypted, and is it usable by these criminals?
How, when, and what is communicated to leadership, employees, customers, and the community and by whom?

Compliance

Risks associated with cyber systems containing or controlling Critical Infrastructure, BCSI, CEII, CUI, PII and ePHI are growing as regulations mount, hacking tactics evolve, and bad press meets social media. The Federal Government and public demand protection of this information and assets, and these regulations can carry civil, operational and financial penalties. Companies are becoming keenly aware that compliance does not alone provide cybersecurity.

Many organizations are working to develop and support compliance cultures. Sustainable programs must be manageable, scalable, and transparent where compliance tasks are embedded with operational tasks and leadership is provided with timely and accurate information with which to make decisions. Internal audit programs must measure, monitor, and report the operational effectiveness of security controls.

Our team members served in operational, management, and auditor roles and have deep experience in regulatory compliance and affairs, internal compliance program development, cybersecurity, training development and delivery.

Click HERE to download a free version of ITEGRITI’s NERC
CIP Audit Field Guide with no email required.

Loading...

Compliance

Meeting regulatory obligations with proven methodologies

How We Help Clients

Program

Program design and implementation (NERC CIP, TSA SD02, HIPAA, AFRMR, CMMC, SOC2, SEC, EPA, etc.)
Internal control design and implementation
Program and compliance assessments
Audit program design and implementation
Asset inventory and site walkdowns
Exercise design and facilitation
Supply chain management: policy and supplier assessments
Vulnerability Assessments, Penetration Testing
Internal Audit program design and implementation

Audit Preparation

Gap analysis with actionable recommendations
Compliance package creation and review (e.g. RSAWS, narratives, cross-references, etc.)
Mock audits
SME/witness training and coaching
Staff augmentation and support

Mitigation Activities

Root causal analysis with corrective action recommendations
Organizational change management
Process design for key IT functions including account, asset, patch and change management
Process design for measurement, management and reporting internal control effectiveness

Compliance

Risks associated with cyber systems containing or controlling Critical Infrastructure, BCSI, CEII, PII and ePHI are growing as regulations mount, hacking tactics evolve, and bad press meets social media. The Federal Government and public demand protection of this information and assets, and these regulations can carry civil, operational and financial penalties. Companies are becoming keenly aware that compliance does not alone provide cybersecurity.

Many organizations are working to develop and support compliance cultures. Sustainable programs must be manageable, scalable, and transparent where compliance tasks are embedded with operational tasks and leadership is provided with timely and accurate information with which to make decisions. Internal audit programs must measure, monitor, and report the operational effectiveness of security controls.

Our team members served in operational, management, and auditor roles and have deep experience in regulatory compliance and affairs, internal compliance program development, cybersecurity, training development and delivery.

Click HERE to download a free version of ITEGRITI’s NERC
CIP Audit Field Guide with no email required.

Loading...

Managed Services

Providing assistance and expert oversight with leveraged resources

How We Help Clients

CISO Advisory Services

Strategic planning, governance, and oversight
Align security initiatives with business risks and objectives
Technology advisory and steering committee – cybersecurity
Impact analysis and planning – cybersecurity
Technology and program reviews for M&A support
External, independent IT audits (ITGC, AFRMR, etc.)

vCompliance Team

Technology advisory and steering committee – compliance
External, independent compliance audits
Impact analysis and planning – compliance
Compliance resource generation (risk and control mappings, updates to regulations, etc.)
Vulnerability assessment
Third-party vendor assessments

Workforce Support

Perform background checks, personnel risk assessments (PRAs)
Provide end-user training
Manage and report user training
Develop cyber security awareness materials
Cybersecurity candidate screening, development, and pre-employment evaluation

Managed Services

Effective cybersecurity and compliance programs rely on key functional support from security and compliance managers having specific roles and experience. These professionals are in high-demand and not all organizations are staffed to meet these needs, while others divide and distribute tasks across many resources.

By establishing a key set of necessary tasks and developing a model where organizations can select services to meet their specific need and budget, ITEGRITI can provide ongoing compliance and cybersecurity advisory through our Virtual support models: vCISO, vCompliance Team, and Workforce Support. Our fractional resource models are designed to fit your need and budget.

GSD

Companies struggle with ongoing operational, cybersecurity, and regulatory compliance responsibilities. Recruiting, training, and retaining quality talent is difficult, but it can be even harder to find qualified and dependable consultants to ease the burden from:

Having more projects or tasks than time or resources to manage
Ever growing task lists that don’t seem to end
Preparation activities for upcoming audits and reviews

Case Study

An ITEGRITI client had a growing list of cybersecurity, compliance, process improvement, training and organizational change management concerns but lacked internal resources for timely completion of tasks. We reviewed the list with our client, identified dependencies and critical path, anticipated level of effort, and organizational priority. They contracted our team to lead and help complete priority items on their task list, working both independently and in collaboration with their employees, vendors, and other contractors.

ITEGRITI achieved internal and external timelines and has now completed over a dozen projects for this client supporting corporate compliance, IT compliance, CIP program management, enterprise applications, generation, transmission, renewables, critical infrastructure operations, cybersecurity, telecommunications, and physical security.

Loading...

Get Stuff Done

How We Help Clients

Dedicated resources to complete projects and task list items
Independent, external IT, OT, HIoT, and compliance audits
IT/OT asset inventory and physical walkdowns
IT, OT, compliance process design, implementation, and training
Management and oversight of “Shadow IT”, outsourced Cloud applications
Organizational change management
Recovery Plan, exercise design, planning, and facilitation
Vulnerability Assessments

GSD

Companies struggle with ongoing operational, cybersecurity, and regulatory compliance responsibilities. Recruiting, training, and retaining quality talent is difficult, but it can be even harder to find qualified and dependable consultants to ease the burden from:

Having more projects or tasks than time or resources to manage
Ever growing task lists that don’t seem to end
Preparation activities for upcoming audits and reviews

Case Study

An ITEGRITI client had a growing list of cybersecurity, compliance, process improvement, training and organizational change management concerns but lacked internal resources for timely completion of tasks. We reviewed the list with our client, identified dependencies and critical path, anticipated level of effort, and organizational priority. They contracted our team to lead and help complete priority items on their task list, working both independently and in collaboration with their employees, vendors, and other contractors.

ITEGRITI achieved internal and external timelines and has now completed over a dozen projects for this client supporting corporate compliance, IT compliance, CIP program management, enterprise applications, generation, transmission, renewables, critical infrastructure operations, cybersecurity, telecommunications, and physical security.

WHY ITEGRITI?

ITEGRITI designs an approach that follows the Plan, Do, Check, Adjust model. Our leadership team is involved in every project, including initial project advisory, scoping, and organization, and later through direct assignment or oversight roles. Our expertise includes:

Experience in mandatory Critical Infrastructure IT and OT cybersecurity and compliance since 2008.
Management, oversight, or service on over 300 projects in cybersecurity, compliance, and audit.
Team members with deep experience across multiple disciplines:
- IT and OT operational experience with industry, Big 4 and large consulting backgrounds.
- Former regulatory auditors, and former compliance and enforcement regulator senior leadership.
- Advanced degrees, specialties in IT and cybersecurity: MBA, MS, and Doctoral levels.
- Multiple framework & methodology experience:
  NERC CIP, TSA SD02, ISO27k, NIST (RMF, CSF, 800-37, 800-53, 800-171, NISTIR-7628), NRC 5.71, NEI 08-09, AFRMR, and COBIT.
- Certified cybersecurity & compliance professionals:
  CAP, C|CISO, CCNP-S, CDPSE, C|EH, CISA, CISM, CISSP, CRISC, FITSP-M, GCIP, HIPAA CHP, HITRUST CCSFP, MCSE, PMP, SABSA SCF, SASE.
Planning and management of large, complex projects throughout the U.S. & Canada supporting Critical Infrastructure across healthcare, oil & gas, and electric sectors, supporting utilities, transmission, municipalities, cooperatives, and generation representing coal, natural gas, and renewables – wind, solar, hydro and geothermal.

CONTACT US

RESULTS DRIVEN …

“Michael and the ITEGRITI team has partnered with us to advance and mature our cyber security capabilities across the technology that operates our critical energy infrastructure, in the midst of an evolving regulatory environment and threat landscape. ITEGRITI seamlessly integrated into our team, providing valuable industry expertise and practical solutions to imbed these new capabilities into the way we work at Duke Energy. Fantastic insights, tangible results. Thank you for the partnership!”

Brian Savoy
SVP, Business Transformation & Technology
Duke Energy Corporation

… EXPANDED SCOPE AND SCALE

ITEGRITI is pleased to announce that we entered a strategic partnership with HCL Technologies, combining their worldwide network of R&D, innovation labs and delivery centers, cybersecurity fusion centers, and 211,000+ ‘Ideapreneurs’ with ITEGRITI’s deep cybersecurity, compliance, and Critical Infrastructure expertise. Through this relationship, we can offer expanded remediation and implementation services.

How can we support your goals?

Let’s work together

Want to make an impact?

Come work with us

Examples of Our Work

Asset Walkdown and Cyber Asset Inventory

ITEGRITI performed asset walkdown and cyber asset inventories for a multi-regional client. The client’s goal was to ensure the list of cyber assets is accurate and complete to support and inform cybersecurity and compliance [...]

O&G Security Assessment

ITEGRITI performed an OT security risk assessment for an oil and gas client, leveraging NIST CSF controls and related critical infrastructure standards and best practices. This effort included a review of current security documentation, [...]

Healthcare Security Audit

In conjunction with the internal audit team of a major healthcare organization, ITEGRITI collected evidence through interviews, observation, and documentation, assessing the alignment of implemented security review processes with implemented organizational policies, procedures, and [...]

Healthcare Compliance Audit

ITEGRITI led the annual audit effort for a prominent healthcare provider on behalf of the internal audit team. Using organizationally defined security controls, the team reviewed provided evidence and conducted effectiveness tests to determine [...]

BES Cyber Asset Inventory Assessment

ITEGRITI performed annual critical infrastructure "walkdowns" at multiple locations for one of the world's largest utilities, validating the alignment of cyber assets with current inventory. The ITEGRITI team visited numerous renewable and combustion energy [...]

HIPAA & PCI Cyber Health Check

ITEGRITI assisted a client concerned with HIPAA and PCI risks by reviewing baseline cybersecurity controls to assess the health of their cybersecurity program.

View More Projects

Critical Infrastructure Protection

Critical Infrastructure Protection

Cybersecurity + Compliance + Managed Services