Prepare a customised information security framework

In this assessment, you are required to propose a new customised information security framework for the use case you selected in Assignment 01. The new framework must be based on well-known national and/or international standards, e.g., NIST. Your proposed framework needs to address the risks you identified and discussed in Assignment 02. Reasonable assumptions can be made regarding the selected scenario if they are properly documented and justified. The length of the report should not be more than 15 pages and excluding title page, table of contents, and references.

While designing the new framework, you can recommend any tool(s) available in the market that would be beneficial to achieve your goals. You need to provide a proper justification why you have selected and recommended that specific tool. The costs related to the purchase of the selected tool, licensing, and technical support should also be included in this report.

This report will be presented to the board members including personels from finance department. You need to prepare the report by including the following details.

1. Executive Summary
2. Introduction
3. Details of the new design
   • Support for existing functionalities
   • Addressing the identified risks
   • Performance evaluation
   • Cost justification
4. Conclusion
5. References

Report Organization

In this report, you will target three types of audiences, i.e., board members or executives, Cyber security personnel, and finance personnel of client organisation. While preparing your report on the new design, you need to ensure the contents of each section are customized properly. Board members will expect to have a clear analysis with a focus on business interests of the organization so they could make appropriate decisions. The cyber security personnel will require a detailed technical review to guide them implementing relevant cyber security controls of the new design. The finance personnel will require the cost details associated in implementing your proposed design.

The presentation of the report is an important aspect and will have sufficient marks allocated for the presentation and organisation of the report which includes the use of appropriate headings and sub-headings, appropriate use of bullet points, tables, images, etc. Appropriate use of English language is also important with a focus on the use of grammar, spelling, writing style, and correct referencing.

1. Executive Summary

This section should highlight the focus of the report and its importance for the intended audience. You also need to provide a very brief overview of what you have included in the report.

2. Introduction

In this section, you need to define the background of your proposed design. You need to provide justifications for why your proposed design is important with reference to the flaws of the previous design and business objectives. You can mention relevant legal compliance constraints if any. You need to explain and justify the tool(s) you will use to evaluate the performance of your proposed design.

3. Details of the new design

In this section, you need to provide a detailed description of your proposed design, highlight, and explain its promising features, and evaluate their potential impacts (technical and business) based on the calculations of the selected tool(s) (the one you chose in Assignment 02 and the one you choose in this assignment for the justification of the choices/recommendations you make). While explaining your proposed design, make sure your discussion is limited to its promising features that will cover the critical vulnerabilities or faults in the clients system and threats that may be initiated by malicious adversaries along with future possible attacks. You can add relevant calculations to support your arguments. When explaining your new design, make sure it aligns with the privacy and data storage laws and regulations of your client organisation. Your proposed design should outline the people, process and technology attributes needed to create a secure environment for your client organisation. For this task, you need to read the security and privacy policy of your client organisation in detail and link its relevant points in your justifications. You also need to categorise and classify various controls that you are going to use in your proposed new framework and highlight the vulnerabilities and risks your controls will be addressing. This section should contain enough details on the four main points, i.e., support for existing functionalities, addressing the identified risks, performance evaluation of your proposed design, and cost justification.