Our Cyber Security Services
Amethyst have developed a reputation for delivering to time and budget, on difficult projects where others have failed, without compromising on quality. We will take ownership of the task throughout its life and proactively manage the key relationships to ensure the transparency of all decisions and the delivery of a quality product or service. With our expertise and comprehensive range of consulting and training, Amethyst helps clients identify and understand information risk so it can be reduced and successfully managed.
Ø ISO/IEC 27001 Certification Support – Support to achieve ISO/IEC 27001 certification, including development of the business case and project plan, risk assessment, development of information security policies and procedures, management procedures and liaison with external auditors
Ø Risk Assessment – Risk assessment of the information system including threat analysis, asset identification, business impact assessment, vulnerability identification and prioritisation of risks
Ø General Data Protection Regulation (GDPR) preparation and compliance - Amethyst can help organisations prepare for compliance with the GDPR by reviewing existing organisational structures, processes and procedures, to determine any no-compliances with this forthcoming legislation and, if appropriate, providing recommendations for any changes or additions necessary to achieve compliance
Ø Architecture Design and Review – Design and review of security architectures at the enterprise and system level
Ø Gap Analysis – Analysis of the business information security management system against industry standards including but not limited to ISO/IEC 27001, Cyber Essentials, SANS Top 20, 10 Steps to Cyber Security, COBIT. The gap analysis report will include recommendations and a remediation plan
Ø Strategy Development – Development of a comprehensive cyber security strategy that is achievable and aligned to the wider business strategic objectives
Ø Policy Development – Development of cyber security policies, processes and procedures, including but not limited to acceptable use policies, access control, incident management, business continuity and protective monitoring
Ø Supplier Assurance – Risk assessment and review of the business supply chain in order to identify and minimise business risk
Ø Penetration Testing and Vulnerability Assessment - Penetration testing and vulnerability assessment of IT infrastructure and applications by certified testers. The assessment will identify technical vulnerabilities, determine the business risks and make cost effective recommendations to treat them
Ø Cyber Essentials Certification Support – Support to achieve Cyber Essentials and Cyber Essentials Plus certification
Ø Interim Security Specialists – Provision of specialist resource to fill vacant positions
Ø Security Requirements Definition – Support to define project and programme security requirements
Ø HMG Security Accreditation - Management of all aspects of the accreditation process by NCSC Certified Professionals
Ø Public Sector Network Compliance – Support to comply with public sector network security requirements, including but not limited to MOD RLI, PSN and NHS N3
Ø NCSC IT Health Check - Security testing of IT infrastructure and applications by NCSC CHECK-certified testers.
Ø HMG List X Support – Support with navigating and complying with List X security requirements
Ø Forensic Readiness Planning – Provision of support and advice to implement the HMG and industry best practice forensic readiness requirements
Ø Information Assurance Maturity Assessment – Assessment against the HMG Information Assurance Maturity Model.