In this assessment, you are required to propose a new customised information security

framework for the use case you selected in Costa Rica Government Data Breach. The new framework must be based on well$-$known national and$/$or international standards, e$.$g$.,$ NIST. Your proposed framework needs to address the risks you identified and discussed in Assignment $02.$ Reasonable

assumptions can be made regarding the selected scenario if they are properly documented and

justified. The length of the report should not be more than $15$ pages and excluding title page,

table of contents, and references.

While designing the new framework, you can recommend any tool$($s$)$ available in the market

that would be beneficial to achieve your goals. You need to provide a proper justification why

you have selected and recommended that specific tool. The costs related to the purchase of the

selected tool, licensing, and technical support should also be included in this report.

This report will be presented to the board members including personnels from finance

department. You need to prepare the report by including the following details.

$1.$ Executive Summary

$2.$ Introduction

$3.$ Details of the new design

a$.$ Support for existing functionalities

b$.$ Addressing the identified risks

c$.$ Performance evaluation

d$.$ Cost justification

$4.$ Conclusion

$5.$ References

Report Organisation

In this report, you will target three types of audiences, i$.$e$.,$ board members or executives,

cybersecurity personnel, and finance personnel of client organisation. While preparing your

report on the new design, you need to ensure the contents of each section are customised

properly. Board members will expect to have a clear analysis with a focus on business interests

of the organisation so they could make appropriate decisions. The cybersecurity personnel will

require a detailed technical review to guide them implementing relevant cybersecurity controls

of the new design. The finance personnel will require the cost details associated in

implementing your proposed design.

The presentation of the report is an important aspect and will have sufficient marks allocated

for the presentation and organisation of the report which includes the use of appropriate

headings and sub$-$headings, appropriate use of bullet points, tables, images, etc. Appropriate

use of English language is also important with a focus on the use of grammar, spelling, writing

style, and correct referencing.

$1.$ Executive Summary

This section should highlight the focus of the report and its importance for the intended

audience. You also need to provide a very brief overview of what you have included in the

report.

$2.$ Introduction

In this section, you need to define the background of your proposed design. You need to provide

justifications for why your proposed design is important with reference to the flaws of the

previous design and business objectives. You can mention relevant legal compliance

constraints if any. You need to explain and justify the tool$($s$)$ you will use to evaluate the

performance of your proposed design.

$3.$ Details of the new design

In this section, you need to provide a detailed description of your proposed design, highlight,

and explain its promising features, and evaluate their potential impacts $($technical and business$)$

based on the calculations of the selected tool$($s$)($the one you chose in Assignment $02$ and the

one you choose in this assignment for the justification of the choices$/$recommendations you

make$).$ While explaining your proposed design, make sure your discussion is limited to its

promising features that will cover the critical vulnerabilities or faults in the client$$s system and

threats that may be initiated by malicious adversaries along with future possible attacks. You

can add relevant calculations to support your arguments. When explaining your new design,

make sure it aligns with the privacy and data storage laws and regulations of your client

organisation. Your proposed design should outline the people, process and technology

attributes needed to create a secure environment for your client organisation. For this task, you

need to read the security and privacy policy of your client organisation in detail and link its

relevant points in your justifications. You also need to categorise and classify various controls

that you are going to use in your proposed new framework and highlight the vulnerabilities and

risks your controls will be addressing. This section should contain enough details on the four

main points, i$.$e$.,$ support for existing functionalities, addressing the identified risks,

performance evaluation of your proposed design, and cost justification.