In this assessment, you are required to identify risks and perform an analysis on the use case Costa Rica Government Data Breach Reasonable assumptions can be made regarding the selected scenario if they are properly documented and justified. The length of the report should not be more than $15$ pages excluding title page, table of contents, and references.

To perform the risk identification and analysis, you can choose either tool or a combination of

these tools.

$$ Factors Analysis in Information Risk $($FAIR$)$

$$ NIST Privacy Risk Assessment Methodology $($PRAM$)$

$$ NIST CyberSecurity Framework $($CSF$)$

Assume that you have been hired as a cybersecurity specialist for client organisation $($the use

case you selected$).$ You need to undertake a security risk assessment and prepare this report for

the board members. In most organisations, the computer literacy and risk related knowledge of

board members are generally quite low. You need to prepare the report by including the

following details.

$1.$ Executive Summary

$2.$ Introduction$/$Context Establishment

$3.$ Risk Assessment

a$.$ Risk Identification

b$.$ Risk Analysis

c$.$ Risk Evaluation

$4.$ Conclusion

$5.$ References