Our Cyber Security Services

Amethyst have developed a reputation for delivering to time and budget, on difficult projects where others have failed, without compromising on quality. We will take ownership of the task throughout its life and proactively manage the key relationships to ensure the transparency of all decisions and the delivery of a quality product or service. With our expertise and comprehensive range of consulting and training, Amethyst helps clients identify and understand cyber risk so it can be reduced and successfully managed.


MOD Case Officer Expertise: Ensuring the timely achievement of Technical Assurance throughout the life of the project capability. Reviewing and influencing project requirements to ensure alignment with the broader Defence approach and guiding projects through their delivery life cycle. Determining the risks associated with releasing capabilities onto Defence’s ICT networks and conducting assessments against JSP 604 (and other artefacts).

 ISO/IEC 27001 Certification Support – Support to achieve ISO/IEC 27001 certification, including development of the business case and project plan, risk assessment, development of information security policies and procedures, management procedures and liaison with external auditors

Cyber Risk Assessment – Risk assessment of the information system including threat analysis, asset identification, business impact assessment, vulnerability identification and prioritisation of risks

General Data Protection Regulation (GDPR) preparation and compliance - Amethyst can help organisations prepare for compliance with the GDPR by assessing organisational readiness, identifying areas of non-compliance, recommending technical and organisational measures to ensure compliance, training, development and delivery of employee awareness campaigns

Architecture Design and Review – Design and review of security architectures at the enterprise and system level

Gap Analysis – Analysis of the business information security management system against industry standards including but not limited to ISO/IEC 27001, Cyber Essentials, SANS Top 20, 10 Steps to Cyber Security and COBIT. The gap analysis report will include recommendations and a remediation plan

Strategy Development – Development of a comprehensive cyber security strategy that is achievable and aligned to the wider business strategy and organisational objectives

Policy Development – Development of cyber security policies, processes and procedures, including but not limited to remote and home, access control, incident management, business continuity and protective monitoring

Supplier Assurance – Review and risk assess the business supply chain in order to identify and minimise business risk

Penetration Testing and Vulnerability Assessment - Penetration testing and vulnerability assessment of IT infrastructure and applications by certified testers. The assessment will identify technical vulnerabilities, determine the business risks and make cost effective recommendations to treat them

Cyber Essentials Certification Support – Support to achieve Cyber Essentials and Cyber Essentials Plus certification

Interim Security Specialists – Provision of specialist resource to fill vacant positions 

Security Requirements Definition – Support to define project and programme security requirements

HMG Security Accreditation - Management of all aspects of the accreditation process by NCSC Certified Professionals

Public Sector Network Compliance – Support to comply with public sector network security requirements, including but not limited to MOD RLI, PSN and NHS N3

NCSC IT Health Check - Security testing of IT infrastructure and applications by NCSC CHECK-certified testers.

HMG List X Support – Support with navigating and complying with List X security requirements

Forensic Readiness Planning – Provision of support and advice to implement the HMG and industry best practice forensic readiness requirements

Information Assurance Maturity Assessment – Assessment against the HMG Information Assurance Maturity Model.