Commercial Services

When you partner with Aspis, we provide competent qualified staffing resources that meet your organization’s service delivery objectives.

Whether in person and on site or virtual, we document a statement of work so that there is clarity by both you as our client and our employees on expectations.  

Our Process

Aspis is not a “temporary help” company. For this reason, Aspis service contracts are written with a pre-determined number of hours to be used over a defined period of time. The number of hours worked during the period are flexible based on your needs. Additionally, the service contract is with Aspis and independent of the specific Aspis employee delivering the service.

Our staff are at all times Aspis employees and supervised by Aspis. During the course of providing service, employee assignments are requested, prioritized, and managed by our clients. Performance and conduct concerns are to be immediately brought to the attention of Aspis management so they may be corrected as quickly as possible.

As part of our service delivery model, it is important to us that if our employees interact with your customers that there is clarity in the employment relationship and that Aspis is your contractor. We consider ourselves to be guests in your environment and conduct our business for you in a professional and respectful manner with the highest degree of integrity.

Cyber security and Administrative Offerings

Executive & Administrative Assistants

Our original service, this is a catch-all for cybersecurity professional services.  Many companies cannot afford to keep full-time cybersecurity professionals on staff.  When a company is large enough to have a professional IT staff, cybersecurity is often an other-duty-as-assigned.  The business model is similar to an accountant, attorney, marketing agency, or another professional service that a company needs regularly but not enough to justify the in-house expense.  We use a misnomer of “retainer” for the service when really there is no prepayment with the promise of future delivery.  It is a labor hour/time & materials service which for certain well-defined projects we may propose a fixed price.

CMMC
NIST CSF
Cyber Liability Insurance
HIPAA
GDPR

Many companies are required to comply with cybersecurity laws, regulations, contract and insurance policy clauses (e.g., HIPAA, CMMC, GDPR, CCPA, HiTRUST, etc.).  Companies may also like to become more informed about their cybersecurity posture to determine if more investment is needed into people, process, and technology.  Aspis uses a third party tool (Authorized Partner of Compliance Manager by Rapid Fire Tools) to conduct automated cybersecurity compliance assessments on customer networks and IT equipment.  We use standard questionnaires designed to ask cybersecurity compliance-related questions and gather and document evidence and artifacts from the client.  We then use our professional skills and education to determine if the responses to the interview and evidence provided is sufficient to comply with the cybersecurity regulation.  We provide the client a series of reports which document the effort which can be used to demonstrate due diligence should they be found in violation of a law/regulation or in breach of a contract clause.  Our risk analysis report also provides a score which management may use to assess their compliance progress and remediation of findings over time.  Should a client be deficient, we have the capability to provide them consulting services and documentation templates to become compliant.

Training Programs
Phishing Exercises

Contrary to popular culture, the most common cause of cybersecurity incidents for companies are not criminals “hacking away” (aka brute force) at the network and servers.  Rather, employees and others who access the company’s systems (such as contractors – not customers) are tricked by criminals to divulge their usernames and passwords.  The criminals then use the compromised credentials to move from server to server looking for a weak system which to exploit further… that’s when the “hacking” starts.  Therefore, the most effective defense against the initial compromise is to educate, train, and test employees to ensure they understand the how criminals target them and the methods the criminals use to get usernames and passwords.  Aspis is an authorized reseller of KnowBe4 and provides value added services by operating the security awareness and training software on behalf of companies.  This includes managing access to the training, assigning training, and creating management reports.  Additionally, the software has a “phishing” simulation which Aspis operates to provide companies simulations of cyber criminal techniques for gathering employee usernames and passwords.  Aspis operates monthly exercises and generates reports for companies. 

One of the most common ways for companies’ networks and applications to be breached by cyber criminals is the use of illegally obtained credentials (identification and authentication; i.e., usernames and passwords).  Aspis uses a third party tool (Authorized Partner of ID Agent) to asynchronously monitor the dark web (websites and servers that distribute contraband) by scanning “dumps” (caches) of illegally obtained (“hacked”) usernames and passwords.  With the client’s expressed authorization, we input their domain name (website address) and personal email addresses.  The tool then searches and reports when the domain name or email addresses are found.  The tool requires explicit client authorization because it reports compromised passwords which the client may be actively using for other purposes (especially with the personal email address passwords). 

Capabilities

  • Access Control
  • Contingency Planning
  • Disaster Recovery
  • Vulnerability Management
  • Threat Hunt & Intel
  • Penetration Testing
  • Digital Forensic Investigation
  • Incident Response & Recovery
  • Control Assessment
  • Test & Evaluation
  • Risk Management
  • Awareness & Training