ABC Fitness Gym's IT Security Report: Semester 1, 2024
VerifiedAdded on 2025/06/23
|17
|3537
|404
AI Summary
Desklib provides solved assignments and past papers to help students succeed.
ITC 596 - ASSESSMENT ITEM 3
Full name –
Student ID –
Code –
Full name –
Student ID –
Code –
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Executive Summary
In order to enhance the performance of the business, the organizations are using different
technologies that are being implemented in their business environment. But as the IT system
mostly works on the internet it is highly vulnerable to various risks associated with data loss. The
report provides an analysis of the effect of IT system over the business and for that ABC Fitness
Gym has been considered. There are various methods that have been used for assessment of the
IT systems effect on the business. The report included various threats related to data and
information loss such as man in the middle attack, denial of service attack, brute force attack and
different methods to access users’ data by malicious ways. It also includes the protection,
mechanism that can be used for the system. Risk management strategies have also been provided
in the research. The report contains a recommendation for mitigating the IT-related issues for the
business.
In order to enhance the performance of the business, the organizations are using different
technologies that are being implemented in their business environment. But as the IT system
mostly works on the internet it is highly vulnerable to various risks associated with data loss. The
report provides an analysis of the effect of IT system over the business and for that ABC Fitness
Gym has been considered. There are various methods that have been used for assessment of the
IT systems effect on the business. The report included various threats related to data and
information loss such as man in the middle attack, denial of service attack, brute force attack and
different methods to access users’ data by malicious ways. It also includes the protection,
mechanism that can be used for the system. Risk management strategies have also been provided
in the research. The report contains a recommendation for mitigating the IT-related issues for the
business.
Contents
Executive Summary.........................................................................................................................2
Introduction......................................................................................................................................4
1. Risk Assessment.......................................................................................................................5
2. Protection Mechanism..............................................................................................................9
3. Risk Analysis..........................................................................................................................12
Conclusion.....................................................................................................................................14
Reference.......................................................................................................................................15
Executive Summary.........................................................................................................................2
Introduction......................................................................................................................................4
1. Risk Assessment.......................................................................................................................5
2. Protection Mechanism..............................................................................................................9
3. Risk Analysis..........................................................................................................................12
Conclusion.....................................................................................................................................14
Reference.......................................................................................................................................15
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Introduction
As technology advances their impacts on the business of various organizations in the industry is
shown. For performance, enhancement business includes advanced technology into their
business such as Information Technology. One of the examples of IT technology being used in
almost all the business of every industry irrespective of their domains or field of working is the
integration of cloud computing as the businesses grow their data increases which they have to
save somewhere and due to lack of infrastructure they use cloud computing services for storing
their data. Although IT increases the performance of the business to a much higher level they
come with some issues as well. Similarly, IT can be used in the gym industry as well like for
better monitoring all the equipment are connected online and the data for every user using
particular equipment is saved thus making the data always available so that both the trainer and
the customer can monitor the improvement of the customers' fitness. Now the major cause of
concern is if the system by which all the equipment are connected and the data storing facility
both are subjected to failure then it will become a greater IT risk for the business. Thus, in this
report, all the risks related to IT in the business have been evaluated and a protection mechanism
has been provided for the mitigation of these types of risks.
Purpose
ABC Fitness Gym was established in 1997 with l9imited area and the working member of 20 or
less. After the business started growing the owner of the gym expanded the area of the gym and
increased number of members of the gym. There are currently 50 employees working full time
and 150 instructors who are working part-time. The services provided in the gym were also
enhanced as they included various advanced equipment as well as advanced technology in the
gym. They included a mechanism by which the users’ data gets stored online but with the system
becoming more advanced with IT systems included but there were some problems also caused
due to this. This report is focussed on the fitness and gym industry and identifies the IT risks for
the gym industry. The report also included a protection mechanism to overcome the issues
caused by IT implementation.
As technology advances their impacts on the business of various organizations in the industry is
shown. For performance, enhancement business includes advanced technology into their
business such as Information Technology. One of the examples of IT technology being used in
almost all the business of every industry irrespective of their domains or field of working is the
integration of cloud computing as the businesses grow their data increases which they have to
save somewhere and due to lack of infrastructure they use cloud computing services for storing
their data. Although IT increases the performance of the business to a much higher level they
come with some issues as well. Similarly, IT can be used in the gym industry as well like for
better monitoring all the equipment are connected online and the data for every user using
particular equipment is saved thus making the data always available so that both the trainer and
the customer can monitor the improvement of the customers' fitness. Now the major cause of
concern is if the system by which all the equipment are connected and the data storing facility
both are subjected to failure then it will become a greater IT risk for the business. Thus, in this
report, all the risks related to IT in the business have been evaluated and a protection mechanism
has been provided for the mitigation of these types of risks.
Purpose
ABC Fitness Gym was established in 1997 with l9imited area and the working member of 20 or
less. After the business started growing the owner of the gym expanded the area of the gym and
increased number of members of the gym. There are currently 50 employees working full time
and 150 instructors who are working part-time. The services provided in the gym were also
enhanced as they included various advanced equipment as well as advanced technology in the
gym. They included a mechanism by which the users’ data gets stored online but with the system
becoming more advanced with IT systems included but there were some problems also caused
due to this. This report is focussed on the fitness and gym industry and identifies the IT risks for
the gym industry. The report also included a protection mechanism to overcome the issues
caused by IT implementation.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1. Risk Assessment
Risk assessment is the process of identifying the risks and threats that can affect the ability of
any organization for performing its business operations. Risk assessment helps not only in
identifying the risks but in finding out the possible methods and processes for resolving those
risks and threats. The risk assessment will help ABC Fitness Gym in identifying all the factors,
processes and methods available in the environment of the firm which reduces the performance
of the firm in a negative manner as well as in determining controlling and protection methods.
These factors can be any person, technology or culture, etc depending on the nature of the
industry (Bertino, & Ferrari, 2018).
The risk assessment process includes the following steps:
Risks and threat identification
Risks and threat analysis
Risks and threat evaluation
Risks and threat control
Risk identification will help the ABC Fitness Gym in finding and characterizing the risks
associated with the IT industry. Risk analysis will help the ABC Fitness Gym in analyzing the
level of risk for identifying the risk elimination methods. Risk evaluation will help the Fitness
Gym in determining the comparison of the significance of risk in context to the firm. Risk
control will help the firm in controlling and monitoring of risk. Risk assessment method helps
the organizations in creating a safety and control framework in the environment of the firm
which will provide a secure and protected environment in the workplace (Jouini & Rabai, 2019).
Today every industry is connected to the technical environment in any manner so IT risks and
threats affect these industry’s business operations. Technical risks which have been occurred in
the environment of ABC Fitness Gym can be classified in many categories:
System-related risks and threats
Security risks related to individuals
Risks related to network error and failure
Risks related to data security and theft
Risks occurred due to external intrusions
Risk assessment is the process of identifying the risks and threats that can affect the ability of
any organization for performing its business operations. Risk assessment helps not only in
identifying the risks but in finding out the possible methods and processes for resolving those
risks and threats. The risk assessment will help ABC Fitness Gym in identifying all the factors,
processes and methods available in the environment of the firm which reduces the performance
of the firm in a negative manner as well as in determining controlling and protection methods.
These factors can be any person, technology or culture, etc depending on the nature of the
industry (Bertino, & Ferrari, 2018).
The risk assessment process includes the following steps:
Risks and threat identification
Risks and threat analysis
Risks and threat evaluation
Risks and threat control
Risk identification will help the ABC Fitness Gym in finding and characterizing the risks
associated with the IT industry. Risk analysis will help the ABC Fitness Gym in analyzing the
level of risk for identifying the risk elimination methods. Risk evaluation will help the Fitness
Gym in determining the comparison of the significance of risk in context to the firm. Risk
control will help the firm in controlling and monitoring of risk. Risk assessment method helps
the organizations in creating a safety and control framework in the environment of the firm
which will provide a secure and protected environment in the workplace (Jouini & Rabai, 2019).
Today every industry is connected to the technical environment in any manner so IT risks and
threats affect these industry’s business operations. Technical risks which have been occurred in
the environment of ABC Fitness Gym can be classified in many categories:
System-related risks and threats
Security risks related to individuals
Risks related to network error and failure
Risks related to data security and theft
Risks occurred due to external intrusions
Security risks occurred due to environmental errors
Assets
Assets include all the material including different devices, machinery, equipment, workforce,
place, etc that are required for the business operations of the firm. Assets also include data,
software, and policies available in the environment of ABC Fitness Gym (Baillette, et al., 2018).
Threats
Threats include all the risks and hazards which impacts the business operations of ABC Fitness
Gym negatively. IT risks involves all the risks related to technical environment and data security
including data theft, system failure, unauthorized data access, system hacking, software and
hardware damage, brute force attack, the man in the middle attack and denial of service, etc.
These threats can affect the business operations of the Fitness Gym (Jouini, & Raba, 2019).
Vulnerabilities
The vulnerability can be defined as the weakness of the environment and the systems of ABC
Fitness Gym which makes the systems available to get affected from the external factors
including lack of security policies and parameters, lack of knowledge and skills in the person
handling the IT systems.
Consequences
IT risks and threats like Denial of service, unauthorized data access, system failure, data theft,
and software damage, etc can cause serious damage to the technical environment of ABC Fitness
Gym. These can harm the website and data of the firm which will directly impact the business of
the firm.
Recommendations
There are various risks persist by implementing the IT environment in the gym such as data theft
and IT risk. As the integration of IT enhances the performance of the business but the risks
caused by them are also high in terms of users’ data security. To reduce the risk factors
associated with the implementation of IT the ABC Fitness Gym has to use different protection
and security systems. Starting from the basics ABC should check the employee’s status and
Assets
Assets include all the material including different devices, machinery, equipment, workforce,
place, etc that are required for the business operations of the firm. Assets also include data,
software, and policies available in the environment of ABC Fitness Gym (Baillette, et al., 2018).
Threats
Threats include all the risks and hazards which impacts the business operations of ABC Fitness
Gym negatively. IT risks involves all the risks related to technical environment and data security
including data theft, system failure, unauthorized data access, system hacking, software and
hardware damage, brute force attack, the man in the middle attack and denial of service, etc.
These threats can affect the business operations of the Fitness Gym (Jouini, & Raba, 2019).
Vulnerabilities
The vulnerability can be defined as the weakness of the environment and the systems of ABC
Fitness Gym which makes the systems available to get affected from the external factors
including lack of security policies and parameters, lack of knowledge and skills in the person
handling the IT systems.
Consequences
IT risks and threats like Denial of service, unauthorized data access, system failure, data theft,
and software damage, etc can cause serious damage to the technical environment of ABC Fitness
Gym. These can harm the website and data of the firm which will directly impact the business of
the firm.
Recommendations
There are various risks persist by implementing the IT environment in the gym such as data theft
and IT risk. As the integration of IT enhances the performance of the business but the risks
caused by them are also high in terms of users’ data security. To reduce the risk factors
associated with the implementation of IT the ABC Fitness Gym has to use different protection
and security systems. Starting from the basics ABC should check the employee’s status and
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
previous working records so that any threat caused by their malicious intention can be reduced
(Kumar, & Jelciana, 2018). They need to integrate an advanced system of security for the data
protection of users. For the online system of data transfer, they needed to implement more secure
and advanced security protocols such as advanced encryption system to protect the data from any
sort of attack on the system. Also, the IT system that has been used in the gym should have
firewall setting along with that the users should be advised to use a more strong password so that
no one other than the user can get access to their data. Network security is also a major cause of
concern for the gym as they are more vulnerable to attacks (Shakeel, et al., 2018).
Threat Mitigation
For the mitigation of the IT, the threat persists in the system of ABC Fitness Gym they needed to
use different approaches of threat mitigation which is different for IT sector as their threats are
rather unknown and unpredictable. The strategies that can be implemented for threat mitigation
are:
Administrative Strategies
Networking strategies
Risk Transfer
Administrative Strategies: In this strategy measures for physical security are considered
along with educating and training users about the system. It includes the policies needs to be
used and understood for the everyday use of the system. The policy in terms of IT for the
users imply that they need to report the case where the data is lost in some manner and the
company has the right to perform the audit on the system periodically for user compliance
assurance (Sinnema, 2018).
Networking strategies: In this strategy application of technical implementation is
considered for hardware and system architecture. The example of networking strategies is
evaluating network activity logbook. As there are some operating system that has the higher
level of vulnerability for the attacks needs to be excluded and only the OS that is less
vulnerable should be used, in the networking strategy the data traffic over the network is
monitored and is provided security from any threat related to the network (Sujan, 2018).
Risk Transfer: It is a method of risk mitigation in which the insurance policies are used to
transfer the threat that cannot be mitigated by the system of ABC Fitness Gym, which is the
(Kumar, & Jelciana, 2018). They need to integrate an advanced system of security for the data
protection of users. For the online system of data transfer, they needed to implement more secure
and advanced security protocols such as advanced encryption system to protect the data from any
sort of attack on the system. Also, the IT system that has been used in the gym should have
firewall setting along with that the users should be advised to use a more strong password so that
no one other than the user can get access to their data. Network security is also a major cause of
concern for the gym as they are more vulnerable to attacks (Shakeel, et al., 2018).
Threat Mitigation
For the mitigation of the IT, the threat persists in the system of ABC Fitness Gym they needed to
use different approaches of threat mitigation which is different for IT sector as their threats are
rather unknown and unpredictable. The strategies that can be implemented for threat mitigation
are:
Administrative Strategies
Networking strategies
Risk Transfer
Administrative Strategies: In this strategy measures for physical security are considered
along with educating and training users about the system. It includes the policies needs to be
used and understood for the everyday use of the system. The policy in terms of IT for the
users imply that they need to report the case where the data is lost in some manner and the
company has the right to perform the audit on the system periodically for user compliance
assurance (Sinnema, 2018).
Networking strategies: In this strategy application of technical implementation is
considered for hardware and system architecture. The example of networking strategies is
evaluating network activity logbook. As there are some operating system that has the higher
level of vulnerability for the attacks needs to be excluded and only the OS that is less
vulnerable should be used, in the networking strategy the data traffic over the network is
monitored and is provided security from any threat related to the network (Sujan, 2018).
Risk Transfer: It is a method of risk mitigation in which the insurance policies are used to
transfer the threat that cannot be mitigated by the system of ABC Fitness Gym, which is the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
denial of service attack in which the system refuses to respond or provide the exact outcome
that the user is expecting, thus in that case they should transfer the risk that cannot be
resolved by their system to some third party service who have the technology to overcome
the issue of DOS.
Risk Management
The risks to the valuable assets of ABC Fitness Gym can be specified using a framework or
approach for risk management. The details of the risk management approach will be majorly
based on the type of business and their activity. For risk management, there are two major
approaches used that are a qualitative and quantitative method of risk management (Walker-
Roberts, et al., 2018).
Qualitative method of risk management Quantitative method of risk management
A defined scale of rating is used for the
evaluation and analysis of project risks.
It considered the risks of the highest priority
for analysis of the project by probability
approach.
Here probability of risk is considered as a
score for the occurrence of risk on the project.
Decision making is also provided in the time
of uncertainty.
Risk categorization is done appropriately
based on source and effect.
The cost and time estimation is done on the
basis of the probabilistic approach.
The analysis is of risk level and can be easily
performed without any tool or software.
The analysis is a time-consuming process and
also require specialized software.
Qualitative method of risk management: In this approach of risk management ABC Fitness
Gym defines the level of risk of the threat on the basis of the scale. For defining the priority of
risk their occurrence and effect are considered. It is a simple process that does not require any
specific tool for the analysis. The risk management can be effectively done using this approach
of analysis uncertainty of events for ABC gym, as it conducts the analysis on every equipment of
the gym and provides a score for them based on their vulnerability for risks (Khan, & Al-Yasiri,
2018).
Quantitative method of risk management: In this method of risk management the numerical
data is used for analysis the system for risk vulnerability. The effects of the risks are provided
that the user is expecting, thus in that case they should transfer the risk that cannot be
resolved by their system to some third party service who have the technology to overcome
the issue of DOS.
Risk Management
The risks to the valuable assets of ABC Fitness Gym can be specified using a framework or
approach for risk management. The details of the risk management approach will be majorly
based on the type of business and their activity. For risk management, there are two major
approaches used that are a qualitative and quantitative method of risk management (Walker-
Roberts, et al., 2018).
Qualitative method of risk management Quantitative method of risk management
A defined scale of rating is used for the
evaluation and analysis of project risks.
It considered the risks of the highest priority
for analysis of the project by probability
approach.
Here probability of risk is considered as a
score for the occurrence of risk on the project.
Decision making is also provided in the time
of uncertainty.
Risk categorization is done appropriately
based on source and effect.
The cost and time estimation is done on the
basis of the probabilistic approach.
The analysis is of risk level and can be easily
performed without any tool or software.
The analysis is a time-consuming process and
also require specialized software.
Qualitative method of risk management: In this approach of risk management ABC Fitness
Gym defines the level of risk of the threat on the basis of the scale. For defining the priority of
risk their occurrence and effect are considered. It is a simple process that does not require any
specific tool for the analysis. The risk management can be effectively done using this approach
of analysis uncertainty of events for ABC gym, as it conducts the analysis on every equipment of
the gym and provides a score for them based on their vulnerability for risks (Khan, & Al-Yasiri,
2018).
Quantitative method of risk management: In this method of risk management the numerical
data is used for analysis the system for risk vulnerability. The effects of the risks are provided
and are effectively managed by this approach. It is a more structured form of management which
uses a sequential approach for analyzing the risk and threats in the system.
uses a sequential approach for analyzing the risk and threats in the system.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
2. Protection Mechanism
As the use of IT services in ABC Fitness Gym has made them vulnerable to several types of
attacks on their system thus they need to implement some method of protection from these
attacks. In the protection mechanism, the importance of firewalls has been considered and has
been implemented in the system and also an intrusion detection system has been used effectively
for securing user data (Cagnazzo, et al., 2018).
The IT risks include the manipulation of data present on the website of ABC Fitness Gym thus
for that they needed to use more secure protocols such as HTTPS and DNS protocols. The users
are advised to use a stronger password which cannot be easily decoded.
Figure 1: Protection Mechanism flow diagram
There are various methods that can be used for research such as:
Encryption Technique
For the enhanced security the encryption technique needs to be used for the system. There are
some data encryption systems available such as RSA, AES (Advanced Encryption Standard) and
DES (Data Encryption Standard) (Al Mazari, et al., 2018).
DNS Server Protection
The DNS server needs to be protected from the denial of service attack and man in the middle
attack, as they affect the websites directly and the web servers are also at fault due to these
attacks as it denies the retrieval of any information requested from the client. Also, the Man-in-
Raw Malware Data
Data transfer monitoring
Website Security
As the use of IT services in ABC Fitness Gym has made them vulnerable to several types of
attacks on their system thus they need to implement some method of protection from these
attacks. In the protection mechanism, the importance of firewalls has been considered and has
been implemented in the system and also an intrusion detection system has been used effectively
for securing user data (Cagnazzo, et al., 2018).
The IT risks include the manipulation of data present on the website of ABC Fitness Gym thus
for that they needed to use more secure protocols such as HTTPS and DNS protocols. The users
are advised to use a stronger password which cannot be easily decoded.
Figure 1: Protection Mechanism flow diagram
There are various methods that can be used for research such as:
Encryption Technique
For the enhanced security the encryption technique needs to be used for the system. There are
some data encryption systems available such as RSA, AES (Advanced Encryption Standard) and
DES (Data Encryption Standard) (Al Mazari, et al., 2018).
DNS Server Protection
The DNS server needs to be protected from the denial of service attack and man in the middle
attack, as they affect the websites directly and the web servers are also at fault due to these
attacks as it denies the retrieval of any information requested from the client. Also, the Man-in-
Raw Malware Data
Data transfer monitoring
Website Security
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
the-middle attack causes the user to lose their critical information related to health data and
credit card information. Thus, ABC Fitness Gym needs to protect the DNS servers by using
redundancy approach. The mitigation of DoS can be done by using different data centers for the
server (Safa, et al., 2018).
Website Security
The website of ABC Fitness Gym faces three major issues related to security namely, virus,
identity theft, and hacking. In this, the major cause of concern is due to the identity theft in
which the hackers can steal users’ identity for their financial gain in which they can extract the
information related to the credit cards if the user.
As the ABC Fitness Gym has various membership programs available on their website by which
a user can choose their type of membership such as 1 month, 3 months, 6 years and Full-year
membership. The user has to buy the membership through online processes in which they have to
fill their credit card related information to gain access to the membership program. Here the
hacker can attack the website and get the information of users credit card and use them for their
benefits (Behzadi, et al., 2018).
Thus protective measures can be implemented for website security such as Firewalls, SSL
(Secure Socket Layer) and Standard Adherence. For the security of ABC Fitness Gym’s website,
they can use a firewall for security.
Data transfer monitoring
It is a method by which the data that is being transferred over the ABC system should be
monitored effectively in order to analyze the wrong use of data outside the ABC system. For this
secure network, communication needs to be implemented.
Firewall
For the webserver of the website of ABC Gym Firewall is installed that checks the
communication done over the network to check whether or not it follows all the security rules if
any data packet is found to be breaking the rules then the firewall stops it form accessing the
server. Thus, in this, no malicious spyware can gain access to the server and hence protects the
users’ data (Abdel-Basset, et al., 2019).
credit card information. Thus, ABC Fitness Gym needs to protect the DNS servers by using
redundancy approach. The mitigation of DoS can be done by using different data centers for the
server (Safa, et al., 2018).
Website Security
The website of ABC Fitness Gym faces three major issues related to security namely, virus,
identity theft, and hacking. In this, the major cause of concern is due to the identity theft in
which the hackers can steal users’ identity for their financial gain in which they can extract the
information related to the credit cards if the user.
As the ABC Fitness Gym has various membership programs available on their website by which
a user can choose their type of membership such as 1 month, 3 months, 6 years and Full-year
membership. The user has to buy the membership through online processes in which they have to
fill their credit card related information to gain access to the membership program. Here the
hacker can attack the website and get the information of users credit card and use them for their
benefits (Behzadi, et al., 2018).
Thus protective measures can be implemented for website security such as Firewalls, SSL
(Secure Socket Layer) and Standard Adherence. For the security of ABC Fitness Gym’s website,
they can use a firewall for security.
Data transfer monitoring
It is a method by which the data that is being transferred over the ABC system should be
monitored effectively in order to analyze the wrong use of data outside the ABC system. For this
secure network, communication needs to be implemented.
Firewall
For the webserver of the website of ABC Gym Firewall is installed that checks the
communication done over the network to check whether or not it follows all the security rules if
any data packet is found to be breaking the rules then the firewall stops it form accessing the
server. Thus, in this, no malicious spyware can gain access to the server and hence protects the
users’ data (Abdel-Basset, et al., 2019).
The intrusion detection system can be used for the monitoring of network traffic for any
suspicious activity. Their major function is to perform the anomaly detection and also blocks
these IP addresses that sent the malicious traffic. There is an intrusion prevention system that
prevents malicious traffic from entering the system instead of just raising an alarm for malicious
activity. With the help of intrusion detection and prevention system, the attacks like denial of
service and man in the middle can be mitigated.
suspicious activity. Their major function is to perform the anomaly detection and also blocks
these IP addresses that sent the malicious traffic. There is an intrusion prevention system that
prevents malicious traffic from entering the system instead of just raising an alarm for malicious
activity. With the help of intrusion detection and prevention system, the attacks like denial of
service and man in the middle can be mitigated.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 17
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.