HESS – Cyber Services from ASMGi

ASMGi offers HESS members the full spectrum of cyber solutions for higher education institutions with a focus on cost savings and solving business issues.

ASMGi Cyber Services for Higher Education Systems & Services Consortium (HESS)

The HESS Consortium

ASMGi provide HESS members a robust set of services for the best value available for Cyber Security solutions. ASMGi can help HESS member schools plan, manage, and execute cyber initiatives. This includes it is designing /architecting, implementing, or operating your cyber solution.

Outside expertise can be cost prohibitive, so many Institutions put it on themselves to do the work, missing out on the collaboration, industry insights and wisdom of the outside experts.

ASMGi introduction for Higher Ed

ASMGi Portfolio for HESS

vCISO and IT / Governance, Risk and Compliance (GRC) Consulting Services

ASMGi ONEteam vCISO Service is designed for organizations who either don’t have a CISO or don’t have capacity to perform certain tasks that would normally be accomplished by a CISO or resource with comparable expertise.

Compliance-Based Risk Assessments

Many Universities do not have the budget to perform multiple assessment each year. ASMGi believes that the best approach is to perform one assessment per year that meets your compliance requirements.

Security and Penetration Testing

The goal of a penetration test is to identify and verify the vulnerabilities in your environment that can be exploited by an attacker and effectively communicate the findings and recommendations in a way that makes the remediation process as efficient as possible.

Third-Party Risk Management (TPRM)

Vendor Risk (Third-Party Risk) has become a priority for managing your own risk. Most Institutions don’t have the means or capacity to evaluate the risk of their vendors. TPRM is designed to fully understand the risks imposed by your third parties, and demonstrate that you are performing proper risk assessments.

Cyber Operations – MDR/MSOC plus

Our ONEteam MDR/MSOC plus Service utilizes advanced analytics, automation, risk-based vulnerability management and our team of highly experienced security experts to provide an end-to-end threat management and response strategy.

vCISO and IT / Governance, Risk and Compliance (GRC) Consulting Services

Many of the cyber journeys you take can be made more smoothly with the help of our experts. The vCISO suite of services, include any mix of senior resources required to achieve your goals. This may include CISO, Solution Architect, GRC Consultant, IT Engineer / Consultant, Project/Program Manager or any other single or combination of senior level resources.

Compliance-Based Risk Assessments

Higher Education must meet a wide array of compliance requirements, most of which require an assessment once per year. ASMGi will leverage our own Common Controls Framework to map the controls from four (4) compliance requirements – FERPA, PCI-DSS, HIPAA, GLB – for into one single assessment that can be performed annually to meet all four (4) compliance requirements, for the cost of a single assessment.

Security and Penetration Testing

ASMGi performs a variety of penetration tests for compliance as well as best-practice. The actual requirements for each penetration test are defined during scoping of the engagement and may include:

  • Application Security Testing (DAST, SAST, SCA, APT)
  • Vulnerability Scans (Internal, External)
  • Infrastructure Penetration Test (Internal External)
  • Wireless Penetration Test (Internal, External)
  • Social Engineering and Testing
  • Physical Security / Penetration Test
  • Dark Web Monitoring
  • Social Engineering Exercise(s)
  • Phishing and Security Awareness Training

Third-Party Risk Management (TPRM)

ASMGi has a robust service that focuses exclusively on Third-Party Risk. Our platform includes the HECVAT Full and HECVAT Lite assessment forms, built in. Our ONEteam TPRM Service is structured to include just the parts you need – TPRM Program development, the Vendor Risk Management (VRM) platform, Data Collection (asking Vendors to complete the HECVAT questionnaire), Vendor Assessment, Reporting and Continuous Monitoring.

Cyber Operations – MDR/MSOC plus

ASMGi’s MDR/MSOC plus Program is designed to offer you the benefits of Managed Detect and Respond, and Managed SOC Services, plus Incident Response, Forensics and Risk-Based Vulnerability Management (RBVM). This includes:

  • Security Operations Centers (SOCs)
  • Managed Detect and Response (MDR)
  • Managed Risk Services
  • Managed Cloud Monitoring
  • Cyber Incident Response / Forensics / Table-Top
  • Risk-Based Vulnerability Management

Our MSOC-MDR Service utilizes advanced analytics, automation, risk-based vulnerability management and our team of highly experienced security experts to provide an end-to-end threat management and response strategy.

Additional Cyber Security Services available from ASMGi for HESS

  • Breach Attack Simulation (BAS) – Breach Attack Simulation (BAS) is used to help you prioritize security initiatives, validate controls, operationalize the MITRE ATT&CK Framework, and integrate with valuable Threat Intelligence.
  • Phishing and Security Awareness Training – Social Engineering, and especially email borne attacks such as phishing remain one of the most common attack vectors in all industries. With Higher Ed enabling remote learning and workforce solutions, it has even increased. It is paramount for Institutes to train their employees on the security practices and how best to know what to look for. ASMGi’s Security Awareness Training and Simulated Phishing services include the platform, if needed, and all the services to deliver training and simulated phishing exercises across your organization.
  • Malware – Incident Response, EDR, Site License – Leverage best-in-class Malware software / tools and even let us do the clean up for you! We can offer packages with just Malware tools and services or include this in our MDR/MSOC package with Incident Response / Remediation. We have flexible packages that will enable you with EDR, Malware Remediation / Incident Response and several other features/functionalities available via site license.
Cyber Services Portfolio for HESS (PDF)