University Risk Management Report: ABC Fitness Gym - Assessment 2

Verified

Added on 2022/12/19

AI Summary

This report provides a comprehensive risk assessment for ABC Fitness Gym, addressing various potential threats and vulnerabilities. It begins with an executive summary outlining key risks related to inexperienced instructors, insufficient maintenance, and IT security. The report then details an IT control framework to manage IT processes effectively, followed by an identification of key threats and their corresponding mitigation strategies, such as encryption and application firewalls to address information security risks. The report also emphasizes the need for periodic maintenance programs and market analysis for competitive advantages. It concludes with a summary of protection mechanisms, focusing on securing customer and financial data, and identifies future gaps such as membership subscriptions and equipment maintenance. References to relevant literature are also included, providing a foundation for the analysis and recommendations.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: RISK MANAGEMENT
Assessment 2: Risk management
Name of the Student:
Name of the University:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Part 3
Comprehensive risk report for ABC fitness gym
Executive summary
Risk assessment based on asset, threat, vulnerabilities and consequences
Initially, the gym has limited facilities for their employees and customer but with
changing time additional offer are added. The gym operations and functions are all operated by
IT infrastructures. The risks that can bring consequence for ABC fitness gym are as follows:
Lack of experienced trainer/instructors: If inexperienced instructors are hired by gym
owner to train the clients then it will fail to retain their existing customers.
Insufficient maintenance program: The gym provides equipment based services to their
customers in terms of weight machine, power jiggers, exercise bikes, cardiovascular machines
etc. Maintenance of these equipments is necessary. If periodic maintenance program is not taken
then it will cause risks.
Lack of IT security: If proper IT infrastructure or security is not given to then the owner
will fail to retain existing customers because lack of security can disclose personnel and even
financial data from the server.

2RISK MANAGEMENT
IT control framework
Figure 1: IT control framework for ABC Fitness Gym
(Source: Created by Author)
After analyzing the technical operations and functions it is identified that, the control
process should be used to control the IT processes and make sure that the operation is running
towards accurate direction. IT control framework deals with logical factors such as software,
applications etc. IT control will be capable to process newly joined members in a timely manner
and can also keep the information updated. It cal also secure the computers, database, web
server, operating system etc. The work stations will be secured from unauthorized access.
Identification of key threats and mitigation strategies

Threats Mitigation strategies
Lack of information security and safety
mechanism
In order to mitigate this risk encryption and
application firewall is needed to be
incorporated by the gym operator to prevent
unwanted access.
Lack of maintenance program Periodic maintenance program should be
incorporated
Lack of competitive advantages In order to gain commercial success and
competitive advantages the surrounding market
has to be analyzed and based on that needful
marketing strategies are needed to be
incorporated
Summary on protection mechanism
In order to balance the trust factor between the customers and gym service providers the
operator needs to ensure that all their confidential data are secured from unauthorized users and
the financial data are also not accessible to all users. For protecting customer data the Gym must
use encryption mechanism and firewall.
Possible future gaps
There are some gaps which require further analysis include:
 Membership subscriptions
 Gym equipments maintenance program

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4RISK MANAGEMENT
 Proper electronic control over the IT operations

References
Barafort, B., Mesquida, A. L., & Mas, A. (2017). Integrating risk management in IT settings
from ISO standards and management systems perspectives. Computer Standards &
Interfaces, 54, 176-185.
Bellini, F., & Di Bernardino, E. (2017). Risk management with expectiles. The European
Journal of Finance, 23(6), 487-506.
Bromiley, P., McShane, M., Nair, A., & Rustambekov, E. (2015). Enterprise risk management:
Review, critique, and research directions. Long range planning, 48(4), 265-276.
McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative Risk Management: Concepts,
Techniques and Tools-revised edition. Princeton university press.
Rampini, A. A., Viswanathan, S., & Vuillemey, G. (2019). Risk management in financial
institutions.
Teixeira, A., Sou, K. C., Sandberg, H., & Johansson, K. H. (2015). Secure control systems: A
quantitative risk management approach. IEEE Control Systems Magazine, 35(1), 24-45.