IT Risk Management Assessment Item 3: A Report on ABC Fitness Gym
VerifiedAdded on 2025/08/27
|14
|3326
|133
AI Summary
Desklib provides solved assignments and past papers to help students succeed.
IT RISK MANAGEMENT
ASSESSMENT ITEM 3
Student ID –
Student Name -
ASSESSMENT ITEM 3
Student ID –
Student Name -
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Contents
INTRODUCTION...........................................................................................................................3
MAIN BODY..................................................................................................................................4
1. Be able to justify the goals and various key terms used in risk management and assess IT
risk in business terms...................................................................................................................4
2. Be able to apply both quantitative and qualitative risk management approaches and to
compare and contrast the advantages of each approach..............................................................6
3. Be able to critically analyze the various approaches for mitigating security risk, including
when to use insurance to transfer IT risk.....................................................................................8
4. Be able to critically evaluate IT security risks in terms of vulnerabilities targeted by
hackers and the benefits of using intrusion detection systems, firewalls and vulnerability
scanners to reduce risk...............................................................................................................10
CONCLUSION..............................................................................................................................11
REFERNCES.................................................................................................................................12
INTRODUCTION...........................................................................................................................3
MAIN BODY..................................................................................................................................4
1. Be able to justify the goals and various key terms used in risk management and assess IT
risk in business terms...................................................................................................................4
2. Be able to apply both quantitative and qualitative risk management approaches and to
compare and contrast the advantages of each approach..............................................................6
3. Be able to critically analyze the various approaches for mitigating security risk, including
when to use insurance to transfer IT risk.....................................................................................8
4. Be able to critically evaluate IT security risks in terms of vulnerabilities targeted by
hackers and the benefits of using intrusion detection systems, firewalls and vulnerability
scanners to reduce risk...............................................................................................................10
CONCLUSION..............................................................................................................................11
REFERNCES.................................................................................................................................12
INTRODUCTION
In today’s world, information techniques are one of the most important parts of a business. This
helps people in performing an ample number of operations in a very effective manner so that the
goals and objectives of the organization can get achieved. Also, this helps business in completing
the tasks of them in very less time, so that time of them get saved and also remaining time of
them can get invested in any other task. For competing this report, the organization which has
been chosen is a gym which is named as ABC Fitness Gym, which was established in year 1997.
Now they are using an ample number of machines in their gym that helps them in performing
huge number of exercises in an accurate manner. Now, owner of the gym has hired an expert,
that can give them detail that how use of IT in their operations will help them in completing their
tasks. The report is going to detail about goals and key terms of risk management along with
application of quantitative and qualitative risk management approaches. Also, mitigation security
risk will get analyzed for different approaches, along with security levels from attacks of
hackers.
In today’s world, information techniques are one of the most important parts of a business. This
helps people in performing an ample number of operations in a very effective manner so that the
goals and objectives of the organization can get achieved. Also, this helps business in completing
the tasks of them in very less time, so that time of them get saved and also remaining time of
them can get invested in any other task. For competing this report, the organization which has
been chosen is a gym which is named as ABC Fitness Gym, which was established in year 1997.
Now they are using an ample number of machines in their gym that helps them in performing
huge number of exercises in an accurate manner. Now, owner of the gym has hired an expert,
that can give them detail that how use of IT in their operations will help them in completing their
tasks. The report is going to detail about goals and key terms of risk management along with
application of quantitative and qualitative risk management approaches. Also, mitigation security
risk will get analyzed for different approaches, along with security levels from attacks of
hackers.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
MAIN BODY
1. Be able to justify the goals and various key terms used in risk management and assess IT risk
in business terms.
Information technology is a part of a computer that uses different functions and algorithms so
that the assigned task to them can get completed in effective manner. Also, this helps different
branches of the business in completing the work of them is a very effective and accurate manner,
so that aims and objectives of the organization can get achieved in effective manner. ABC fitness
gym use to provide an ample number of machinery and equipment that help members of the gym
in performing work out in different manner (Enshassi, et. al., 2019). Here, they are trying to
adopt information technology in their working, so that the functioning of them can get performed
in effective manner. But, there is an ample number of risks associated with Information
technology in terms of business (Wiengarten, et. al., 2016). Beneath is detail about some of these
risks and issues –
Data privacy – One of the biggest risks which are associated with the use of information
technology in business is data privacy. For a business it is very much essential to keep
their data private from any type of outer person so that any person is not able to breach
the data of them. The major aim of this risk management is to increase the level of
security of the system, so that data saved over system may not get breached or stolen by
an unauthenticated person. This is a type of risk management related to information
technology which is used by business. In this, business use to perform an ample number
of activities that help them in increasing the level of security of the system of them, so
that data not get lost or any unauthenticated person is not able to access that data. For
this, it required by the business to invest and buy some software that can help them in
making a firewall in their system. Also, they have to hire some person that can help them
in increasing the security of the system, so that no other person who does not have
credentials for it can access the data. Along with all these, owner of the system also can
increase the privacy of their system by applying user name and password to the
documents and to complete system. This will help the organization in making their
system secure in which no other person can enter (Etges, et. al., 2019). This is a type of
1. Be able to justify the goals and various key terms used in risk management and assess IT risk
in business terms.
Information technology is a part of a computer that uses different functions and algorithms so
that the assigned task to them can get completed in effective manner. Also, this helps different
branches of the business in completing the work of them is a very effective and accurate manner,
so that aims and objectives of the organization can get achieved in effective manner. ABC fitness
gym use to provide an ample number of machinery and equipment that help members of the gym
in performing work out in different manner (Enshassi, et. al., 2019). Here, they are trying to
adopt information technology in their working, so that the functioning of them can get performed
in effective manner. But, there is an ample number of risks associated with Information
technology in terms of business (Wiengarten, et. al., 2016). Beneath is detail about some of these
risks and issues –
Data privacy – One of the biggest risks which are associated with the use of information
technology in business is data privacy. For a business it is very much essential to keep
their data private from any type of outer person so that any person is not able to breach
the data of them. The major aim of this risk management is to increase the level of
security of the system, so that data saved over system may not get breached or stolen by
an unauthenticated person. This is a type of risk management related to information
technology which is used by business. In this, business use to perform an ample number
of activities that help them in increasing the level of security of the system of them, so
that data not get lost or any unauthenticated person is not able to access that data. For
this, it required by the business to invest and buy some software that can help them in
making a firewall in their system. Also, they have to hire some person that can help them
in increasing the security of the system, so that no other person who does not have
credentials for it can access the data. Along with all these, owner of the system also can
increase the privacy of their system by applying user name and password to the
documents and to complete system. This will help the organization in making their
system secure in which no other person can enter (Etges, et. al., 2019). This is a type of
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
security which is cost-saving but also in this level of security is not very high, due to
which breaking of this security is very easy.
Data redundancy – Another issue and problem which is said as one of the risks for an
organization which uses information technology in their operations in data redundancy. in
this, the data stored over system may get saved or get copied in different locations of the
system, due to which it becomes very difficult for the system to manage to work with
them and also it is very much difficult for the system to keep copies of the file secure
from outer attack. The main goal of this risk management is to increase the level of the
security of the system and also to keep the file safe and secure from any type of breach.
Along with this, it has the aim to save complete data in one place only, so that complexity
of the system can get reduced in very effective manner (Fowler & Quigley, 2019). This
all will help the organization and software owner in getting high security of the system so
that data saved over system cannot get breach by any person that does not have access to
that and also this all helps the owner by reducing the total complexity of the system.
Along with this, it helps the owner in getting all of the files in one place, which helps
them in completing the work of them in very effective manner and also helps them in
reducing the time which is required for finding out the files.
which breaking of this security is very easy.
Data redundancy – Another issue and problem which is said as one of the risks for an
organization which uses information technology in their operations in data redundancy. in
this, the data stored over system may get saved or get copied in different locations of the
system, due to which it becomes very difficult for the system to manage to work with
them and also it is very much difficult for the system to keep copies of the file secure
from outer attack. The main goal of this risk management is to increase the level of the
security of the system and also to keep the file safe and secure from any type of breach.
Along with this, it has the aim to save complete data in one place only, so that complexity
of the system can get reduced in very effective manner (Fowler & Quigley, 2019). This
all will help the organization and software owner in getting high security of the system so
that data saved over system cannot get breach by any person that does not have access to
that and also this all helps the owner by reducing the total complexity of the system.
Along with this, it helps the owner in getting all of the files in one place, which helps
them in completing the work of them in very effective manner and also helps them in
reducing the time which is required for finding out the files.
2. Be able to apply both quantitative and qualitative risk management approaches and to
compare and contrast the advantages of each approach.
Risk management is one of the most important processes of the organization. This helps the
organization in making an idea about the risk which they are going to face in their organization
so that they can make plans and strategies so that risk which organization is going to face can get
reduced (Kasemsap, 2018). For this, different approaches have been by the organizations that can
help them in making analysis of the risk and also helps them in managing the risk according to
its occurrence. Beneath is the description of these approaches that will help ABC fitness gym in
managing risk related to their business –
Qualitative risk analysis – This is a technique of risk analysis, in which risk that is
associated with some specific hazard has been analyzed. This is very much helpful for an
organization, as this details them about the risk which they can face different functions of
them. This also will help them in getting detail about the part and function of their
operations in which they have to make planning and strategies so that the risk will get
managed in effective manner (Susanto, 2018). Beneath is the detail about advantages of
this risk analysis –
o Easy presentation – The major benefit of this risk analysis is, in this is very much
easy to present risk in front of every person. also, this helps in making the
detailing process very easy and clear, due to which person likes subordinates and
employees can easily make understanding about the risk which has been detailed
in this method
o Simple assessment method – Another advantage of this analysis is a simple
method of assessment. In this method, it is very much easy to make clear
assessment of the conditions which has been detailed in documentation of this.
Quantitative risk analysis – This is the technique of risk analysis which is used by a
different organization so that they can make analysis of the risks of higher priorities. This
is very much helpful for an organization, as this helps them get detailed idea of the risk
which their organization is going to face in the future. This helps in making plans and
strategies that an organization like ABC fitness gym can use for managing the risk, and
also can reduce the effect of that risk on different operations which organizations use to
compare and contrast the advantages of each approach.
Risk management is one of the most important processes of the organization. This helps the
organization in making an idea about the risk which they are going to face in their organization
so that they can make plans and strategies so that risk which organization is going to face can get
reduced (Kasemsap, 2018). For this, different approaches have been by the organizations that can
help them in making analysis of the risk and also helps them in managing the risk according to
its occurrence. Beneath is the description of these approaches that will help ABC fitness gym in
managing risk related to their business –
Qualitative risk analysis – This is a technique of risk analysis, in which risk that is
associated with some specific hazard has been analyzed. This is very much helpful for an
organization, as this details them about the risk which they can face different functions of
them. This also will help them in getting detail about the part and function of their
operations in which they have to make planning and strategies so that the risk will get
managed in effective manner (Susanto, 2018). Beneath is the detail about advantages of
this risk analysis –
o Easy presentation – The major benefit of this risk analysis is, in this is very much
easy to present risk in front of every person. also, this helps in making the
detailing process very easy and clear, due to which person likes subordinates and
employees can easily make understanding about the risk which has been detailed
in this method
o Simple assessment method – Another advantage of this analysis is a simple
method of assessment. In this method, it is very much easy to make clear
assessment of the conditions which has been detailed in documentation of this.
Quantitative risk analysis – This is the technique of risk analysis which is used by a
different organization so that they can make analysis of the risks of higher priorities. This
is very much helpful for an organization, as this helps them get detailed idea of the risk
which their organization is going to face in the future. This helps in making plans and
strategies that an organization like ABC fitness gym can use for managing the risk, and
also can reduce the effect of that risk on different operations which organizations use to
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
perform (Lu, et. al., 2017). Along with this, there an ample number of advantages of this
analysis which are detailed beneath-
o Brief detailing – The main benefit of this is it provide a complete detail about
different consequences that are going to occur in organization in quantitative
manner. Also, this helps planning and strategy making department, so that they
can make strategies that can help the organization by reducing the effect of risk.
o Accuracy – Another advantage of quantitative analysis is the accuracy of the
output which it uses to give to the organization. As this is the system that helps
the organization in getting an accurate detail of the risk which organization is
going to face in future.
Use of qualitative and quantitative risk method of risk management is very much helpful for an
organization like ABV fitness gym. Use of both will help the organization in getting complete
detail about the risk, which they are going to face in the future (Marchewka, 2016). This
information is very much helpful for the organization and for their planning departments. As this
all helps them in getting idea that what issue their organization is going to face so that they can
make plans and strategies according to it and also can reduce the impact of that risk over
different operations and functions of them.
analysis which are detailed beneath-
o Brief detailing – The main benefit of this is it provide a complete detail about
different consequences that are going to occur in organization in quantitative
manner. Also, this helps planning and strategy making department, so that they
can make strategies that can help the organization by reducing the effect of risk.
o Accuracy – Another advantage of quantitative analysis is the accuracy of the
output which it uses to give to the organization. As this is the system that helps
the organization in getting an accurate detail of the risk which organization is
going to face in future.
Use of qualitative and quantitative risk method of risk management is very much helpful for an
organization like ABV fitness gym. Use of both will help the organization in getting complete
detail about the risk, which they are going to face in the future (Marchewka, 2016). This
information is very much helpful for the organization and for their planning departments. As this
all helps them in getting idea that what issue their organization is going to face so that they can
make plans and strategies according to it and also can reduce the impact of that risk over
different operations and functions of them.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
3. Be able to critically analyze the various approaches for mitigating security risk, including
when to use insurance to transfer IT risk.
Risk mitigation is a technique that is used by an organization so that it can make an analysis of
the risk in effective manner and also it is the strategy that is used by an organization for reducing
the effect of risk on specific operations and functions of them. Risk mitigation is stepwise
method that helps in reducing the effect of risk on functioning of an organization like ABC
fitness gym (Mayer, et. al., 2019). Also, this helps in controlling the disasters of risk that an
organization can face while performing their operations in continuous manner. Beneath are the
approaches which are used by an organization for risk mitigation –
Avoidance – This is a type of risk mitigation, in which organizations use to make analysis
about the risk which they are going to face in the future and also then use to avoid that
risk. For doing this, organizations use to make changes in the parameters of the project of
them on which they have analyzed the risk. This all will help the organization in reducing
the chance of risk, that organization and projects of them are going to face in future. This
is a type of risk mitigation in which quantitative technique of risk analysis has been used
so that brief detail of risk can get collected by the organization (Sirisomboonsuk, et. al.,
2018). In this, parameters of complete solution get changed in a manner, so that the result
which has been estimated from the project does not get affected. It is very much
important for the organization to make plans and strategies for making this change their
project and also to make mock of the changes which they are going to implement in their
operations and project. This will help in making sure that the change will not affect the
expected outcome of the result and also the time which is required for completing the
work also not get affected.
Acceptance – This is another type of risk mitigation, in which organizations use to accept
the risk which they are going to face in the future. As, in this, they use to make complete
analysis of the risk, so that they can design the solution of that risk (Newman, et. al.,
2018). After this, they use to install the solution designed for managing the risk in risk
management system of them. This all helps an organization in becoming ready for the
risk that lets it occur and solution for that will get fired, so that effect of that on working
and functioning of the organization can get reduced.
when to use insurance to transfer IT risk.
Risk mitigation is a technique that is used by an organization so that it can make an analysis of
the risk in effective manner and also it is the strategy that is used by an organization for reducing
the effect of risk on specific operations and functions of them. Risk mitigation is stepwise
method that helps in reducing the effect of risk on functioning of an organization like ABC
fitness gym (Mayer, et. al., 2019). Also, this helps in controlling the disasters of risk that an
organization can face while performing their operations in continuous manner. Beneath are the
approaches which are used by an organization for risk mitigation –
Avoidance – This is a type of risk mitigation, in which organizations use to make analysis
about the risk which they are going to face in the future and also then use to avoid that
risk. For doing this, organizations use to make changes in the parameters of the project of
them on which they have analyzed the risk. This all will help the organization in reducing
the chance of risk, that organization and projects of them are going to face in future. This
is a type of risk mitigation in which quantitative technique of risk analysis has been used
so that brief detail of risk can get collected by the organization (Sirisomboonsuk, et. al.,
2018). In this, parameters of complete solution get changed in a manner, so that the result
which has been estimated from the project does not get affected. It is very much
important for the organization to make plans and strategies for making this change their
project and also to make mock of the changes which they are going to implement in their
operations and project. This will help in making sure that the change will not affect the
expected outcome of the result and also the time which is required for completing the
work also not get affected.
Acceptance – This is another type of risk mitigation, in which organizations use to accept
the risk which they are going to face in the future. As, in this, they use to make complete
analysis of the risk, so that they can design the solution of that risk (Newman, et. al.,
2018). After this, they use to install the solution designed for managing the risk in risk
management system of them. This all helps an organization in becoming ready for the
risk that lets it occur and solution for that will get fired, so that effect of that on working
and functioning of the organization can get reduced.
Transference – This is a type of risk mitigation which is not generally used by an
organization, but it is very much common in the projects which have several numbers of
parties. In this, organization use to manage the risk in the manner, so that they can
transfer the risk and solution for that risk to any project so that the project of them do not
get affected by the risk which is going to occur. Also, this is the conditions in which low
risks may get transferred by using options like buying the insurance so that the loss by the
risk can get covered in very effective manner (Öbrand, et. al., 2019). ABC fitness can buy
insurance while using IT solution in their organization, so that the risk related to it may
get transferred.
Limitation – This the most commonly used approach to risk mitigation. This organization
uses to make plans and strategies so that they can make analysis of the risk which their
organization is going to face in future. After this, plans and strategies get designed by the
organization, so that they can limit and restrict the risk from its occurrence. This is an
approach that is a combination of both risk acceptance and risk avoidance.
organization, but it is very much common in the projects which have several numbers of
parties. In this, organization use to manage the risk in the manner, so that they can
transfer the risk and solution for that risk to any project so that the project of them do not
get affected by the risk which is going to occur. Also, this is the conditions in which low
risks may get transferred by using options like buying the insurance so that the loss by the
risk can get covered in very effective manner (Öbrand, et. al., 2019). ABC fitness can buy
insurance while using IT solution in their organization, so that the risk related to it may
get transferred.
Limitation – This the most commonly used approach to risk mitigation. This organization
uses to make plans and strategies so that they can make analysis of the risk which their
organization is going to face in future. After this, plans and strategies get designed by the
organization, so that they can limit and restrict the risk from its occurrence. This is an
approach that is a combination of both risk acceptance and risk avoidance.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
4. Be able to critically evaluate IT security risks in terms of vulnerabilities targeted by hackers
and the benefits of using intrusion detection systems, firewalls and vulnerability scanners to
reduce risk.
Hackers are the person who use to enter into the system of some person, without getting
permission of them and also use to perform different operations of them, for which they have
entered into the system. The main aim of them is to find something or steal something forms the
system that can give some benefit or pose some loss to the owner of the system (Odeh, 2018).
The method which is used by hackers for hacking a system and also steeling the data is known as
vulnerability. This is a time period or can say ass time frame, where hacker uses to dismiss the
security measures of the system and use to enter into the system so that they can get the access of
the system. This helps them in allowing them to do what they want to do with the system so that
they can pose some harm to the system or can get some benefit from the activity performed by
them. There are different number of methods which are used for making system secure and they
have an ample number of benefits of that, some of those methods are given below –
Intrusion detection system – This is a device and software which is used by different
organizations and systems, so that they can monitor different activities that are performed
by a network and a system (Rodríguez, et. al., 2017). This helps in getting idea that the
system may not perform any type of harmful activity that can reduce the security of the
system and also any unauthenticated person gets access to the system. The main benefit
of this is, it helps in managing the activities performed by a system and network.
Firewall – This is wall type security of a system, which use to monitor the activities and
also use to control the traffic went over a system related to incoming and outgoing of the
network. This is very much helpful for a system, and also for an organization, as this
helps them in managing the network traffic coming in and going out of the system.
Vulnerability scanner – This is a device and software, which is used by a system so that it
can make an analysis of the weaker parts of the system (Peltier, 2016). The main benefit
of using this system is it helps in getting detail about the points from where
unauthenticated person can enter into the system. Further on by making plans and
strategies these weak points of the system get reduced, so that security of system can get
increased.
and the benefits of using intrusion detection systems, firewalls and vulnerability scanners to
reduce risk.
Hackers are the person who use to enter into the system of some person, without getting
permission of them and also use to perform different operations of them, for which they have
entered into the system. The main aim of them is to find something or steal something forms the
system that can give some benefit or pose some loss to the owner of the system (Odeh, 2018).
The method which is used by hackers for hacking a system and also steeling the data is known as
vulnerability. This is a time period or can say ass time frame, where hacker uses to dismiss the
security measures of the system and use to enter into the system so that they can get the access of
the system. This helps them in allowing them to do what they want to do with the system so that
they can pose some harm to the system or can get some benefit from the activity performed by
them. There are different number of methods which are used for making system secure and they
have an ample number of benefits of that, some of those methods are given below –
Intrusion detection system – This is a device and software which is used by different
organizations and systems, so that they can monitor different activities that are performed
by a network and a system (Rodríguez, et. al., 2017). This helps in getting idea that the
system may not perform any type of harmful activity that can reduce the security of the
system and also any unauthenticated person gets access to the system. The main benefit
of this is, it helps in managing the activities performed by a system and network.
Firewall – This is wall type security of a system, which use to monitor the activities and
also use to control the traffic went over a system related to incoming and outgoing of the
network. This is very much helpful for a system, and also for an organization, as this
helps them in managing the network traffic coming in and going out of the system.
Vulnerability scanner – This is a device and software, which is used by a system so that it
can make an analysis of the weaker parts of the system (Peltier, 2016). The main benefit
of using this system is it helps in getting detail about the points from where
unauthenticated person can enter into the system. Further on by making plans and
strategies these weak points of the system get reduced, so that security of system can get
increased.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
CONCLUSION
From the above discussion, it has been concluded that information technology is very much
helpful for an organization, as this helps them in completing an ample number of operations of
them in effective manner. Also, there is an ample number of risks which are associated with the
use of information technology in business. In this, major risks are related to privacy of data, for
which it is required for business to use appropriate solution that can increase the security of
complete system. Also, the organization can use different methods and techniques of risk
management that can help them in making analysis of the risk inaccurate manner.
From the above discussion, it has been concluded that information technology is very much
helpful for an organization, as this helps them in completing an ample number of operations of
them in effective manner. Also, there is an ample number of risks which are associated with the
use of information technology in business. In this, major risks are related to privacy of data, for
which it is required for business to use appropriate solution that can increase the security of
complete system. Also, the organization can use different methods and techniques of risk
management that can help them in making analysis of the risk inaccurate manner.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 14
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.