Risk Assessment and Risk Management

Amethyst provides information, cyber and privacy security risk assessment and management advice based upon Cabinet Office, National Cyber Security Centre (NCSC) and international best practice guidance (ISO/IEC 27005), covering a range of both component and system -based analysis methods.

Amethyst promotes integrated rather than siloed approaches to risk management to ensure that customer security teams and delivery partners work within overall business and programme objectives while providing a high degree of confidence that all risks are managed.

Amethyst can also provide help to organisations in providing risk control reviews against various baseline security standards, including in specialist areas such as records management, cloud security and mobile telecommunications.

This can be provided in both gap analysis fashion or continuously improving over time assessments against several specialist maturity frameworks.

  • Cyber Risk Assessment
  • Cyber Risk Management
  • Gap Analysis
  • Supply Chain Security.

Accreditation and Compliance

Amethyst supports businesses and government departments to work within the variety of governance and compliance disciplines and structures.

This includes providing security assurance experts to be embedded in major programmes in several sectors, including central government and defence contracts.

In also helps commercial customers to comply with legal and regulatory requirements such as the Data Protection Act 2000 / General Data Protection Regulation and can also advise on the compliance requirement for processing personal and sensitive information offshore or in the cloud.

Within government contracts this means we provide the specialisms necessary to guide projects and programmes through the processes of formal accreditation and certification of personnel and facilities.

Amethyst also have capabilities to support commercial organisations in meeting the requirements to be part of major government programmes by providing support for vetting of staff and facilities.

  • Security Accreditation (HMG and MOD)
  • ISO 27001 Certification Support
  • GDPR Compliance
  • Cyber Essentials
  • Cyber Essentials Plus
  • List X Support
  • PSN Compliance.

Architecture & Design

Amethyst can provide expert security architects and advisors with specialisms in several key areas including government information systems, embedded military systems, telecommunications services, cloud/hybrid services and records management.

This includes individuals to work within major programme teams who are able to put forward innovative solutions to any system level vulnerabilities within architectures and solutions.

These individuals are also expert in formal frameworks such as TOGAF, MODAF and SABSA.

Amethyst architectures also advise customers on the architectural solutions put forward by suppliers and support other related due diligence activities.

This can be provided during the complete programme life cycle (from bid evaluation, implementation support, diagnosing issues with operations systems, reviewing and improving the business-as-usual solutions, assisting with mid-life upgrades, migration from old to new systems and secure decommissioning of retired architectures). 

  • Security Architecture Support
  • Security Architecture Design and Review.

Information Assurance

Amethyst consultants are expert in UK and international norms of information assurance disciplines.

This includes several consultants certified under the NCSC Certified Consultant Practitioner (CCP) schemes. Amethyst can review or provide information security management strategy, policy, documentation, processes and procedures to organisations that are required for work within formal information assurance frameworks.

This will ensure that those organisations have a fit for purpose approach and will be well positioned to received positive outcomes of audits of their policies, process and procedures.

Amethyst also has specialisms in the areas of digital forensics and forensic readiness, and can also improve organisations information security incident management processes and responses.    

  • Policies and Procedures Development
  • Strategy Development
  • Information Assurance Maturity Assessment
  • Supplier Assurance
  • Security Controls testing and assurance
  • Security Requirements Capture and Definition
  • Forensic Readiness Planning.

Security Assessment

Amethyst also assist companies in scoping, engaging with independent testers for IT health checks, penetration tests and vulnerability assessments and investigations.

This includes help with responding to test findings and planning for remediations and mitigations.

Amethyst can also arrange for testing by CHECK certified testers and can liaise with departmental test teams.

  • IT Health Check
  • Penetration Testing
  • Vulnerability Assessments
  • Cyber Vulnerability Investigations (CVIs).

Subject Matter Expertise

Amethyst can provide organisations with short-, medium- and long-term cover for important security functions within their organisation or programmes.

This includes roles such as security assurance coordinators (SACs), information / cyber security officers / managers (ISO/CISO/CISM), risk advisors / managers, security accreditors or MOD case officers.