Mitigating IT Risks in ABC Fitness Gym: A Comprehensive Analysis
VerifiedAdded on 2025/06/23
|17
|3337
|196
AI Summary
Desklib provides solved assignments and past papers to help students succeed.
ITC 596 - ASSESSMENT ITEM 3
Full name –
Student ID –
Code –
1
Full name –
Student ID –
Code –
1
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Executive summary
The research has been conducted so that the IT risks can be introduced and mitigated so that the
data loss damage and malware attacks can be prevented. Some threats are experienced over the
assets which are vulnerable to the systems so these threats are to be overcome with the help of
risk management approaches. In this report, the approaches are defined on the basis of qualitative
and quantitative analysis so that the risks can be mitigated from the machines of ABC gym. This
analysis helps in the consideration of risks assessment for the overall network service provided to
the clients of ABC gym. Further, the analysis and protection mechanism are being implemented
so that the strong encryption and additional layer are added to the system to protect them.
2
The research has been conducted so that the IT risks can be introduced and mitigated so that the
data loss damage and malware attacks can be prevented. Some threats are experienced over the
assets which are vulnerable to the systems so these threats are to be overcome with the help of
risk management approaches. In this report, the approaches are defined on the basis of qualitative
and quantitative analysis so that the risks can be mitigated from the machines of ABC gym. This
analysis helps in the consideration of risks assessment for the overall network service provided to
the clients of ABC gym. Further, the analysis and protection mechanism are being implemented
so that the strong encryption and additional layer are added to the system to protect them.
2
Contents
Executive summary........................................................................................................................................2
Introduction....................................................................................................................................................4
1. Risk Assessment........................................................................................................................................5
a) Assets of ABC gym...............................................................................................................................5
b) Threats over these assets........................................................................................................................6
c) Vulnerabilities and consequences derived from IT control framework................................................6
d) Recommendations.................................................................................................................................6
e) Mitigation of the threats.........................................................................................................................7
2. Protection mechanism (Technology).........................................................................................................8
3. IT risks analysis.......................................................................................................................................13
Conclusion...................................................................................................................................................15
References....................................................................................................................................................16
3
Executive summary........................................................................................................................................2
Introduction....................................................................................................................................................4
1. Risk Assessment........................................................................................................................................5
a) Assets of ABC gym...............................................................................................................................5
b) Threats over these assets........................................................................................................................6
c) Vulnerabilities and consequences derived from IT control framework................................................6
d) Recommendations.................................................................................................................................6
e) Mitigation of the threats.........................................................................................................................7
2. Protection mechanism (Technology).........................................................................................................8
3. IT risks analysis.......................................................................................................................................13
Conclusion...................................................................................................................................................15
References....................................................................................................................................................16
3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Introduction
ABC fitness Gym is started in 1997 over a small premise with a capacity of 20 members only.
Later the owner extended the premise when the business went into profitability. Now, it has 50
full-time staff and 150 part-time instructors. It uses wearable fitness tracker technology for the
members who are health conscious. This technology infiltrates the fitness industry by collecting
the fitness data of them online with the help of cloud management. However, it had a limitation
that the trackers are quite expensive and come up with a disappointing battery life. The gym has
a lot of IT risks which are first identified in this report followed by the examining of particular
risks experiencing by the system. So, that the risk management approaches can be used to
mitigate those IT risks. So, it is being overcome by decreasing the sensor deployed in the tracker
and merging them so that the battery can be enhanced and trackers become less costly.
4
ABC fitness Gym is started in 1997 over a small premise with a capacity of 20 members only.
Later the owner extended the premise when the business went into profitability. Now, it has 50
full-time staff and 150 part-time instructors. It uses wearable fitness tracker technology for the
members who are health conscious. This technology infiltrates the fitness industry by collecting
the fitness data of them online with the help of cloud management. However, it had a limitation
that the trackers are quite expensive and come up with a disappointing battery life. The gym has
a lot of IT risks which are first identified in this report followed by the examining of particular
risks experiencing by the system. So, that the risk management approaches can be used to
mitigate those IT risks. So, it is being overcome by decreasing the sensor deployed in the tracker
and merging them so that the battery can be enhanced and trackers become less costly.
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1. Risk Assessment
The ABC fitness gym contains some of the risks and threats which are related to the equipment
used in the gym. Threats can also be occurred due to the members or employees of the gym. The
risk assessment helps to identify and analyse the risk factors so that the adverse effects can be
measured and threats can be prevented. Further, the evaluation and analysis is done on the basis
of risks associated with the particular systems of ABC gym.
Risk due to equipment of the gym
The members of ABC gym are experiencing threats to themselves when they are using weight
machines and it is not set up according to their weights. This is because the machines are facing
the issues of data breaching in which whatever the proper data contained by machine is being
deleted or corrupted and taken by some intruder. So, this exercise can cause harm to anaerobic
practice.
Risk due to employees/instructors of gym
The instructors in ABC gym are not properly providing the instruction to their gym members,
because they are not highly qualified. Some of the instructors of the gym are unqualified and this
is a threat because they are unable to operate the machines.
a) Assets of ABC gym
The assets of ABC gym are the things which are provided to the members of the gym listed
below:
a) Facility – The facility is provided in ABC gym in the form of providing a better location
so that the members can be fit into the environment. One of the facilities provided by the
ABC gym is internet connection via Wi-Fi.
b) Equipment – The equipment provided to the customers of ABC gym depends on the
technology adopted by the gym so that customer experience can be enhanced. The most
used equipment of ABC gym is Treadmill (Hansson, 2018).
5
The ABC fitness gym contains some of the risks and threats which are related to the equipment
used in the gym. Threats can also be occurred due to the members or employees of the gym. The
risk assessment helps to identify and analyse the risk factors so that the adverse effects can be
measured and threats can be prevented. Further, the evaluation and analysis is done on the basis
of risks associated with the particular systems of ABC gym.
Risk due to equipment of the gym
The members of ABC gym are experiencing threats to themselves when they are using weight
machines and it is not set up according to their weights. This is because the machines are facing
the issues of data breaching in which whatever the proper data contained by machine is being
deleted or corrupted and taken by some intruder. So, this exercise can cause harm to anaerobic
practice.
Risk due to employees/instructors of gym
The instructors in ABC gym are not properly providing the instruction to their gym members,
because they are not highly qualified. Some of the instructors of the gym are unqualified and this
is a threat because they are unable to operate the machines.
a) Assets of ABC gym
The assets of ABC gym are the things which are provided to the members of the gym listed
below:
a) Facility – The facility is provided in ABC gym in the form of providing a better location
so that the members can be fit into the environment. One of the facilities provided by the
ABC gym is internet connection via Wi-Fi.
b) Equipment – The equipment provided to the customers of ABC gym depends on the
technology adopted by the gym so that customer experience can be enhanced. The most
used equipment of ABC gym is Treadmill (Hansson, 2018).
5
c) Staff – The trainers of ABC gym showing how the managers and staff members can
work together and make strategies so that the engagement of customers can be enhanced.
But, the staff of ABC gym is not aware to function the systems of the gym as they are
unqualified.
b) Threats over these assets
The Wi-Fi connection which is providing to the members of the gym is having the denial-of-
service issue over the networks of the gym because the authorized users of the gym are not
getting the services and unauthorized users are accessing the network. So, the facility asset in the
gym is experiencing the denial-of-service attack. Further, the treadmill in ABC gym is having an
accuracy issue due to the data manipulation. So, it will adversely affect the member of a gym
during his/her practice over the treadmill (Andrade, et. al., 2018). Also, some of the staff of ABC
gym are not qualified so that they are not able to operate the machines hence, incorrect data is
being fed which can cause the malware activities on the system.
c) Vulnerabilities and consequences derived from IT control framework
If ABC gym will install a firewall on its router, then the internet connection provided to the
members can be secured. The Distributed Denial-of-Service (DDoS) attack over the network of
routers in the gym can be prevented with the help of firewall implementation.
The Treadmill in a gym is providing the data manipulation error during the practicing of the
customer so it can be overcome with the help of installing the trackers inside treadmill systems.
These trackers will help to track the activities of the members who are exercising on a treadmill.
The ABC gym must have to hire the qualified staff for the enhancement of customer and
decrement and prevention of malware activities. So, it can be done with the help of installing
some anti-malware software in gym machines (Bennie, et. al., 2018).
d) Recommendations
The weight machines must be properly set up and secured with the help of enforcing strong
passwords over it. So that proper reading must be taken by it. ABC gym must have to take care
that they should pick the qualified employees so that they can function all the machines. The
6
work together and make strategies so that the engagement of customers can be enhanced.
But, the staff of ABC gym is not aware to function the systems of the gym as they are
unqualified.
b) Threats over these assets
The Wi-Fi connection which is providing to the members of the gym is having the denial-of-
service issue over the networks of the gym because the authorized users of the gym are not
getting the services and unauthorized users are accessing the network. So, the facility asset in the
gym is experiencing the denial-of-service attack. Further, the treadmill in ABC gym is having an
accuracy issue due to the data manipulation. So, it will adversely affect the member of a gym
during his/her practice over the treadmill (Andrade, et. al., 2018). Also, some of the staff of ABC
gym are not qualified so that they are not able to operate the machines hence, incorrect data is
being fed which can cause the malware activities on the system.
c) Vulnerabilities and consequences derived from IT control framework
If ABC gym will install a firewall on its router, then the internet connection provided to the
members can be secured. The Distributed Denial-of-Service (DDoS) attack over the network of
routers in the gym can be prevented with the help of firewall implementation.
The Treadmill in a gym is providing the data manipulation error during the practicing of the
customer so it can be overcome with the help of installing the trackers inside treadmill systems.
These trackers will help to track the activities of the members who are exercising on a treadmill.
The ABC gym must have to hire the qualified staff for the enhancement of customer and
decrement and prevention of malware activities. So, it can be done with the help of installing
some anti-malware software in gym machines (Bennie, et. al., 2018).
d) Recommendations
The weight machines must be properly set up and secured with the help of enforcing strong
passwords over it. So that proper reading must be taken by it. ABC gym must have to take care
that they should pick the qualified employees so that they can function all the machines. The
6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Avast free antivirus firewall must be introduced to the routers so that the DDOS attack can be
prevented.
Further, for the prevention of data manipulation errors, the LogicGate has to be deployed into
machines and for the prevention of malware activities, anti-malware software must be
introduced. So, for the overall risk prevention, these IT threats have to be overcome.
e) Mitigation of the threats
The threats can be mitigated with the help of two methods:
1) Risk transfer – The DOS attack can be transferred to the third-party so that whenever the
networks of ABC gym face the denial-of-attack, it can be resolved by the third-party with their
specific applications. The insurance approach is used to transfer the risks to some third party so
that they can handle the DDoS attack (Dehghani, et. al., 2019). So, the DOS attack or the risk
identified during the practices in the gym can be overcome by transferring it.
2) Risk mitigation – The risk of DOS attack can be mitigated in the ABC gym by them itself. It
can be mitigated with the help of installing the firewalls on the system which are experiencing
the DOS attack. So, the threat can also be mitigated with the help of a firewall.
These threats are adversely affecting the ABC gym in the form of attacking their software and
the data contained by them. So, these risk mitigation methods help the gym to be secured in
terms of software and trackers data (Gale, et. al., 2019).
7
prevented.
Further, for the prevention of data manipulation errors, the LogicGate has to be deployed into
machines and for the prevention of malware activities, anti-malware software must be
introduced. So, for the overall risk prevention, these IT threats have to be overcome.
e) Mitigation of the threats
The threats can be mitigated with the help of two methods:
1) Risk transfer – The DOS attack can be transferred to the third-party so that whenever the
networks of ABC gym face the denial-of-attack, it can be resolved by the third-party with their
specific applications. The insurance approach is used to transfer the risks to some third party so
that they can handle the DDoS attack (Dehghani, et. al., 2019). So, the DOS attack or the risk
identified during the practices in the gym can be overcome by transferring it.
2) Risk mitigation – The risk of DOS attack can be mitigated in the ABC gym by them itself. It
can be mitigated with the help of installing the firewalls on the system which are experiencing
the DOS attack. So, the threat can also be mitigated with the help of a firewall.
These threats are adversely affecting the ABC gym in the form of attacking their software and
the data contained by them. So, these risk mitigation methods help the gym to be secured in
terms of software and trackers data (Gale, et. al., 2019).
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
2. Protection mechanism (Technology)
In this research, there are some of the protection mechanism techniques which use to prevent the
IT risks so that the machines or system can be prevented. The flow of understanding the
implementation of firewalls and use the intrusion detection system for the protection of data is
being shown below:
Figure 1: Flow diagram of protection mechanism
The above figure stating that there are three stages for the implementation of a protection
mechanism in the machines of ABC gym so that the privacy and authenticity must be
maintained. The steps are followed:
a) Enemy identification – The first stage of protection mechanism implementation is to identify
the risks, examine them and then the level of threat is to be accessed. First, the malware activities
are identifying and validated by authenticating the machines of ABC gym. The password by
which machines are authenticated comprises of some secret words (Monteuuis, et. al., 2018).
8
Enemy
identification
Risk identifcation
Risk examining
Threat
understanding
Firewall
implementation Architectures
Management
Data security Packet filtering
Proxy access
Protection
In this research, there are some of the protection mechanism techniques which use to prevent the
IT risks so that the machines or system can be prevented. The flow of understanding the
implementation of firewalls and use the intrusion detection system for the protection of data is
being shown below:
Figure 1: Flow diagram of protection mechanism
The above figure stating that there are three stages for the implementation of a protection
mechanism in the machines of ABC gym so that the privacy and authenticity must be
maintained. The steps are followed:
a) Enemy identification – The first stage of protection mechanism implementation is to identify
the risks, examine them and then the level of threat is to be accessed. First, the malware activities
are identifying and validated by authenticating the machines of ABC gym. The password by
which machines are authenticated comprises of some secret words (Monteuuis, et. al., 2018).
8
Enemy
identification
Risk identifcation
Risk examining
Threat
understanding
Firewall
implementation Architectures
Management
Data security Packet filtering
Proxy access
Protection
It can be authenticated using fingerprint, facial recognition, etc. by the members of the gym. So,
that only authorized users can get into the machines of gym hence, the health data can be
secured.
b) Firewall implementation – Further, the firewall is being implemented inside the system by
ABC gym so that the data transfer between untrusted and trusted network could prevent. It can
be implemented using different computer system which runs on the existing router in ABC gym.
These firewalls over the machines are implemented using some architectures:
Packet filtering router
Screened host firewalls
Screened subnet firewalls
c) Data security – Finally, the fitness data of ABC gym is being secured by the help of intrusion
detection system so that the network errors could be found out and the firewall can be
implemented on the particular network. It helps in securing the data, providing protection to the
machines and giving proxy access. So, the filtering helps to lower the external threats (Zwart and
Young, 2018).
The protection mechanism on the IT risks introduced to fitness activities in the gym with the
following:
Avast free antivirus – It is an internet security application which majorly developed for various
operating systems like Microsoft, Windows, etc. The antivirus is used to prevent the malware
activities and used to apply or install the firewall on routers of the gym. So, this provides the
protection against the routers in ABC gym (Mattarozzi, et. al., 2019).
BitLocker encryption – This is one of the most used encryption which is using in ABC gym for
the security of fitness data tracker. It protects the file system by encrypting the drives of
machines where the data is being stored.
Advanced Encryption Standard (AES) – The physical fitness data in ABC gym is not secured
and adversely affected by the malware activities so that it is being protected or encrypted by
9
that only authorized users can get into the machines of gym hence, the health data can be
secured.
b) Firewall implementation – Further, the firewall is being implemented inside the system by
ABC gym so that the data transfer between untrusted and trusted network could prevent. It can
be implemented using different computer system which runs on the existing router in ABC gym.
These firewalls over the machines are implemented using some architectures:
Packet filtering router
Screened host firewalls
Screened subnet firewalls
c) Data security – Finally, the fitness data of ABC gym is being secured by the help of intrusion
detection system so that the network errors could be found out and the firewall can be
implemented on the particular network. It helps in securing the data, providing protection to the
machines and giving proxy access. So, the filtering helps to lower the external threats (Zwart and
Young, 2018).
The protection mechanism on the IT risks introduced to fitness activities in the gym with the
following:
Avast free antivirus – It is an internet security application which majorly developed for various
operating systems like Microsoft, Windows, etc. The antivirus is used to prevent the malware
activities and used to apply or install the firewall on routers of the gym. So, this provides the
protection against the routers in ABC gym (Mattarozzi, et. al., 2019).
BitLocker encryption – This is one of the most used encryption which is using in ABC gym for
the security of fitness data tracker. It protects the file system by encrypting the drives of
machines where the data is being stored.
Advanced Encryption Standard (AES) – The physical fitness data in ABC gym is not secured
and adversely affected by the malware activities so that it is being protected or encrypted by
9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
using advanced encryption standard. It helps to prevent the IT risks came from malware
activities and also the manipulation of data by unauthorized users (Sherman, et. al., 2019).
McAfee anti-malware – The malware activities present in ABC gym that cause the data
manipulation, can be prevented by the help of anti-malware software installation in the machines
of the gym.
Bitdefender Antivirus – This is also malware protection from the unauthorized access of data
which secures the fitness data of members in ABC gym so that the customer involvement can be
enhanced and the IT risks can be reduced.
The intrusion detection systems are implemented so that the traffic over the network could be
monitored and suspicious activities can be detected. The intrusion detection system helps to
constantly monitor the attacks over devices so that the inner and outer threats of the system can
be identified. It helps in the prevention of damage to the machines (Kalech, 2019). Mainly, the
inner threats of system are being captured and on the basis of clients’ requirement is gets
updated. This system helps to protect all the machines in which it is installed so that the damage
can be prevented.
So, these are some of the protection mechanism which helps to protect the fitness data from the
unauthorized access of data. The goal of this protection mechanism is to maintain confidentiality
and privacy in the details of clients or the members of ABC gym so that the risks can be avoided.
This can be done with the help of AES encryption so that the data of clients can be kept secured.
The services of the gym can be improved and secured by filter out the weakness of another gym
in terms of risks and then provide a proper and fast service to the clients of ABC gym.
Risk management approaches
The IT risks in ABC gym are managed or mitigate in order to provide a secure and free
environment for the members of the gym. The assessment of risks and its management can be
done with the help of analyzing the risk management by two approaches i.e. qualitative and
quantitative.
10
activities and also the manipulation of data by unauthorized users (Sherman, et. al., 2019).
McAfee anti-malware – The malware activities present in ABC gym that cause the data
manipulation, can be prevented by the help of anti-malware software installation in the machines
of the gym.
Bitdefender Antivirus – This is also malware protection from the unauthorized access of data
which secures the fitness data of members in ABC gym so that the customer involvement can be
enhanced and the IT risks can be reduced.
The intrusion detection systems are implemented so that the traffic over the network could be
monitored and suspicious activities can be detected. The intrusion detection system helps to
constantly monitor the attacks over devices so that the inner and outer threats of the system can
be identified. It helps in the prevention of damage to the machines (Kalech, 2019). Mainly, the
inner threats of system are being captured and on the basis of clients’ requirement is gets
updated. This system helps to protect all the machines in which it is installed so that the damage
can be prevented.
So, these are some of the protection mechanism which helps to protect the fitness data from the
unauthorized access of data. The goal of this protection mechanism is to maintain confidentiality
and privacy in the details of clients or the members of ABC gym so that the risks can be avoided.
This can be done with the help of AES encryption so that the data of clients can be kept secured.
The services of the gym can be improved and secured by filter out the weakness of another gym
in terms of risks and then provide a proper and fast service to the clients of ABC gym.
Risk management approaches
The IT risks in ABC gym are managed or mitigate in order to provide a secure and free
environment for the members of the gym. The assessment of risks and its management can be
done with the help of analyzing the risk management by two approaches i.e. qualitative and
quantitative.
10
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Qualitative risk management – It is a technique by which the risk associated with the hazard in
ABC gym is being captured and quantify. It could be captured on uncertain events happen inside
the gym which provides the outcome with many consequences. So, the screen level assessment
of the treadmill and other machines is done under a qualitative approach.
Quantitative risk management – It shows the ability to sustain the business in risk factors and
the level of management of the particular risk. In ABC gym, the malware activities are
experienced inside the network by which the data is being circulated. So, these activities are
measured in dealing with risk management.
Qualitative risk analysis Quantitative risk analysis
A proper and justified scale rating has been
used to analyze and evaluate the IT risks of ABC
gym.
The proper analysis based on the priority has
been done by using the probability approach.
The hazard quantification and capturing
techniques has been considered.
The ability to sustain with the risk factors
has been reflected.
Less time consumed because of direct and
justified ratings.
The probabilistic approach is responsible for
the cost and time factors.
Analysis of IT risks can be done with the
help of any software or hardware functionalities.
Specialized software is required to analyze
the risk factors.
So, these approaches provide a risk analysis matrix so that the probability of happening the event
and its impact can be shown:
11
ABC gym is being captured and quantify. It could be captured on uncertain events happen inside
the gym which provides the outcome with many consequences. So, the screen level assessment
of the treadmill and other machines is done under a qualitative approach.
Quantitative risk management – It shows the ability to sustain the business in risk factors and
the level of management of the particular risk. In ABC gym, the malware activities are
experienced inside the network by which the data is being circulated. So, these activities are
measured in dealing with risk management.
Qualitative risk analysis Quantitative risk analysis
A proper and justified scale rating has been
used to analyze and evaluate the IT risks of ABC
gym.
The proper analysis based on the priority has
been done by using the probability approach.
The hazard quantification and capturing
techniques has been considered.
The ability to sustain with the risk factors
has been reflected.
Less time consumed because of direct and
justified ratings.
The probabilistic approach is responsible for
the cost and time factors.
Analysis of IT risks can be done with the
help of any software or hardware functionalities.
Specialized software is required to analyze
the risk factors.
So, these approaches provide a risk analysis matrix so that the probability of happening the event
and its impact can be shown:
11
Figure 2: Qualitative and Quantitative risk analysis
Source: (Shuttleworth, 2017)
12
Source: (Shuttleworth, 2017)
12
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 17
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.