ITEGRITI built a custom database tool for a client that combined all the various NERC inputs and tools (i.e. Evidence Request Spreadsheet, RSAWs, Standards, etc.) and supplemented them with information developed and retained by the client over time. The tool helped automate the collection and review of NERC compliance evidence as well as facilitated the [...]
ITEGRITI assisted a logistics company deal with the impact of a ransomware event and a unknown persistent threat actor.
ITEGRITI helped bring an entire CIP audit package together for a large utility client to ensure that compliance narratives, evidence references, and supporting evidence all aligned, was appropriately cross-referenced, and addressed the requests from the auditor. ITEGRITI helped coordinate this response across multiple business areas and ensured a quality audit package despite tight timelines and [...]
ITEGRITI developed a program and set of controls for a client to address risks around the issues related to "Removable Media" (USB drives, Recordable CDs, SD Cards, etc.) ...
ITEGRITI will be speaking on "Compliance vs. Cybersecurity" as part of a panel discussion at the Gulf Coast Power Association (GCPA) Fall Conference 2017, Oct. 3 - 4 In Austin, TX. Event Link
ITEGRITI improved the evidence of a cybersecurity department through training and real time, "live", advisory services via conference calls. As a result, cybersecurity process evidence that initially had a rejection rate for insufficient evidence by an independent review party of nearly 60% was reduced to 10% and the revised processes and evidence received positive feedback [...]
ITEGRITI performed a cybersecurity risk evaluation for a company seeking to provide assurance to its cybersecurity insurance provider. The assessment included reviewing network infrastructure and cybersecurity process controls and evaluating those processes against a baseline of processes that provide assurance that the majority of cybersecurity risks are addressed. As a result of the assessment, both [...]
ITEGRITI developed a "check-list" process for a client to validate compliance with cybersecurity controls on critical infrastructure operational systems as part of system implementation. The process was designed to be repeatable and translatable to other areas of the business and allow for institutional knowledge to be captured and leveraged during subsequent reviews. The process allowed [...]
ITEGRITI reviewed the cybersecurity controls for a $1B organization and compared the controls in place to a set of baseline cybersecurity controls used to determine overall program efficacy. By performing this analysis, several areas of improvement were identified and the organization was better able to visualize its overall cybersecurity posture, articulate its control environment to [...]
ITEGRITI wraps up a 10 week series on the top lessons learned from CIPv5 audits. Start at the beginning: Link