IT Risk Management Assignment Sample

ITC 596 Risk Management Assignment Sample

Executive Summary

In this report, the technical risk analysis for ABC Fitness Gym was done. The report detailed out the assets of the organisation, the potential threats, possible vulnerabilities, and their likely consequences on the organisation. Here, it was mentioned that major assets of the Gym are its employees, members, and property.The report also talked about the risk mitigating measures and recommendations. The first recommendation is that the management should keep a regular check and monitoring. Also, the response plan can also help the organisation in mitigating the risk. In addition to this, the organisation is also required to prepare a Risk Appetite Statement (RAS) that would provide ABC Fitness a better articulation for the tolerance level for risks. At last, the gaps in the newly implemented system were also determined for better organisation.

Introduction

In today’s day and age, information technology has penetrated almost every business domain. It is assisting the organisations to resolve the issues they face and to simplify the operations they carry out. It not only saves the time of the firm but also minimises the cost of operations. However, there are certain risks associated with the use of IT solutions in the business. In the following report, the risks associated with the use of IT systems in ABC Fitness Gym are discussed and their likely impacts on the organisation are analysed. ABC Fitness gym has certain objectives that it wants to achieve through incorporating IT systems. The following report details out the summary of the risk mitigation and protection mechanism that the company may employ with technology, culture, and people. It also details out the gaps in the current operation and provide a rationale to them.

Risk Assessment

The risk assessment and management framework is all about ensuring that there is an efficient process for managing risks across the Gym. Risk management is integrated to almost all the operations of the organisation. The risk assessment culture focuses on analysis and management of business and IT risks (Vlachos, 2018). The assessment would require identification of the key assets, threats, vulnerabilities, and their likely consequences as per newly implemented IT framework. These are elaborated below:

Key Assets

The assets of a business entity includes the property and resources that it wants to safeguard. The primary or key assets of ABC Fitness Gym are the members and human resource including nutritionist, trainers, and guides along with the gym equipment and other property (Armstrong, et.al, 2018). There are IT assets installed in the gym, such as communication devices, laptops, desktops, and data management servers. These can also be seen as the equipment that are associated with network, data storage or reception of information and data, printers, etc. The organisation is required to keep a record of all the assets it owns and protect them from any IT-related attack or any other inaction (Alrawais, et.al, 2017). The ABC Fitness Gym is required to take care of its most crucial business asset which is members’ personal information. It is mandatory for the firm to protect this asset from getting illicitly used by the competitor or hackers.

Major Threats

The major threats from the newly implemented IT solutions in the ABC Fitness Gymcomprises both ongoing advancements and daily operations. These are:-

• Technology Change Management:No doubt that the information technology will bring immense opportunities for the organisation, but there are many setbacks too. The Gym has little appetite for using IT-based systems and equipment which may cause problems in the initial stage due to organisation’s poor change management policies (Armstrong, et.al, 2018).
• Cyber Attack: The Gym management has a moderate internal process and a low knowledgefor cyber-attack protection. This may result in mismanagement of information and data theft (Armstrong, et.al, 2018).
• Technology Service Availability: The Gym lacks the special infrastructure that can be integrated to the newly updated IT systems. Due to this, the general operations, financial operations, etc., may get hampered (Alrawais, et.al, 2017).

Vulnerabilities

Talking about the vulnerabilities associated with the current operations and IT management systems of the ABC Fitness Gym, it can be a major gap or defect in the system that makes the organisation vulnerable to attack. It could be associated with the systems, software, procedures, and other things related to information security. One such vulnerability is related to software update (Gritzalis, et.al, 2018). In order to provide better protection to the data and information, firewall and security features of IT systems are required to be updated on regular basis. In addition to this, any bug may also put the organisation into jeopardy. As it is given in the case that the Gym management has decided to store the data on the network, the missing data encryption can be another vulnerability for the organisation (Pradabwong, et.al,2017). Furthermore, weak passwords may also result in data theft and this cannot be considered a wise move from the Gym management. Hence, a strong password and limited access to the data of the members and employees should be there across the organisation.

Major Consequences

There can be some serious consequences of compromised security and system failures. The Gym management has decided to make use of IT based systems for all of its major operations, such as processing membership renewal and storing and processing new membership, maintaining high standards in equipment, timely data backup, and much more. Any discrepancies in the system can cause major issue with the convenience of the members, employees, and management. In addition to this, ABC Fitness Gym may end up losing its reputation in case of data breach or theft. There are certain legal consequences that might also hit the organisation and affect the profitability (Gritzalis, et.al, 2018). Furthermore, the current expansion rate of the Gym may get affected and it might halt the operation in order to make up for the data theft or vulnerabilities. New potential customers may not want to join the ABC fitness gym due to its poor reputation. Overall, these vulnerabilities and threats can be fatal for the organisation. Therefore, these are required to be handled at the earliest and with utmost care (Alrawais, et.al, 2017).

Existing risk recommendation for the project

• It is required from the ABC Fitness Gym that it should gain an understanding of potential IT threats and vulnerabilities and take a proactive approach to address the known potential threats that may affect the organisation in near future (Pradabwong, et.al, 2017).
• In addition to this, it is also required to continuously monitor and keep a regular check to address the human errors (Gritzalis, et.al, 2018).
• It is required from the management to work on strengthening the internal processes of the gym and develop a continuous improvement plan for the IT-based infrastructure. In addition to this, it is required to choose the robust software and technology for better security control for data and information of the client (Lopezand Rubio,2018)
• The organisation is also required to prepare a Risk Appetite Statement (RAS) that would provide ABC Fitness a better articulation for the tolerance level for risks. This would help in many ways. For instance, it would only undertake the permitted activities. Also, it would ensure that the risks are linked to the ABC fitness gym by guiding, informing, and empowering the organisation in implementing the IT framework across the organisation (Gritzalis, et.al, 2018).
• It is essential for the business to maintain internal communication within the organisation. This is necessary to determine theft and take required actions to control the vulnerabilities. In addition to this, the organisation should acquire certain high-level defensive technical measures to protect network and servers. For that purpose, any external agency can be hired that would keep the server protected and upgraded (Lopezand Rubio, 2018).
• As the members’ data and dietary plans are to be maintained by the proposed IT-based systems, it is required from the management to prioritise members’ data. Furthermore, the gym management is required to assess cyber-security and physical security.
• At last, it is required from the gym management to monitor the IT system framework in order to discard any risk. The business is required to prepare a risk response plan also in case of crisis.

Risk Mitigation and Impact Analysis

The risk mitigation can be better done with the help of risk register. This would help in understanding the level of risk impact on the business and the associated people. In addition to this, the description of the consequences of risk can be identified by the risk register (Vlachos, 2018). Furthermore, the risk register also provide certain risk management strategies for the gym. With the help of the risk register, the ABC Fitness gym can be able to prepare the employees to combat the potential risks and take necessary actions.

Measure Taken for Risk Mitigation

1. Proper management and monitoring of the risks associated with the gym operations. This can be done by involvement of an external agency to take care of the security issues.
2. Use of Insurance for transferring the IT risks. The organisation can be able to deal with the financial risks brought by the system failure.
3. Use of firewalls, intrusion detection systems, and vulnerability scanners would help the gym management to carry out a proactive action against any illicit activity from the internal as well as external environment.

Summary of the Protection Mechanisms

This part would cover the protection mechanism for people, culture, and technology which is illustrated below:-

People:These include employees and members. As the employees are directly dealing with the data of members. Therefore, the organisation should create an environment where employees are trained to make better use of IT-based applications and system. They should be provided enough training for identifying the potential IT related risks and manage them at their own level. In addition to this, the members should also be provided information about how their data will be made confidential and protected by the best IT systems (Gritzalis, et.al, 2018). The regular update will help in providing an improvised security system. Also, the management is required to work on changing the attitude and behaviour of employees towards the technological change that may take place in the near future (Linand Liao,2017).

Culture:Coming on to culture of the organisation, earlier, all the work related to preparation of dietary plans, record-keeping of subscription charges, equipment maintenance, membership renewal processing, staffing, etc. With the help of the newly implemented IT-based system, all the operations would not only be carried out with the same effectiveness but also with better efficiency and less errors (Linand Liao, 2017). The culture of IT-based systems and application should be encouraged throughout the organisation for better results and less faults.

Technology:The advancement of current operations of the gym with the help of technology can be a major move for the organisation to deal with its mainstream issues, such as mismanagement of data and improper dietary plan preparation, providing staffing, etc. by providing training and establishing the culture of IT-based operations, ABC Fitness can be able to deal with its issues (Saitta, et.al, 2017).

Identify Gaps

Even after implementation of IT-based systems, there can be many lacunas in the new system. These can be related to the regular update and maintenance of software and systems. Failing to this can invited unwanted threats to the organisation. Another gap that is identified is related to dependence on unreliable inputs while making security decisions. The organisation is committed to provide safe and secure working environment for the staff members (Armstrong, et.al, 2018). But, the current system and lack of understanding of the IT management and risk assessment may result in psychological and physical harm to the member. In addition to this, the data stored in the cloud based servers may not be able to detect the IP address of the host. Such discrepancy in the system may cause harm to the organisation in future. The analysis is required for further evaluation and assessment of errors and issues in the newly implemented system (Saitta, et.al, 2017).

With the help the IT system analysis, the future challenges can be determined and proper proactive measures. This would ensure a smooth functioning of the firm. In addition to this, using IT framework for keeping up the whole database can be a threat as far as security is concerned. However, it needs to proceed onward to another working framework which gives effectiveness to putting away such enormous databases in a wide system (Pradabwong, et.al, 2017).

Conclusion

In the following report, the IT risks assessment was carried out in which certain risks associated with the business, such as cyber-security, lack of strategies for IT systems and poor organisational infrastructure and planning. The whole discussion was done on the case study of ABC Fitness Gym. The report detailed out the potential risks, vulnerabilities, and consequences. In addition to this, the risk mitigation reduces the effect of risk on the associated individuals. The gym additionally works for the assurance instrument on individuals, innovation and the way of life of the exercise centre. The innovation utilized by the ABC fitness gym is exceptionally cutting-edge however it requires sufficient support for actualizing it and furthermore to guarantee the security of individuals and worker information.

References

• Alrawais, A., Alhothaily, A., Hu, C. and Cheng, X., (2017). Fog computing for the internet of things: Security and privacy issues.  IEEE Internet Computing,  21(2),34-42.
• Armstrong, M.E., Jones, K.S., Namin, A.S. and Newton, D.C., (2018), September. The Knowledge, Skills, and Abilities Used by Penetration Testers: Results of Interviews with Cybersecurity Professionals in Vulnerability Assessment and Management. In  Proceedings of the Human Factors and Ergonomics Society Annual Meeting  (Vol. 62, No. 1, 709-713. Sage CA: Los Angeles, CA: SAGE Publications.
• Gritzalis, D., Iseppi, G., Mylonas, A. and Stavrou, V., (2018). Exiting the Risk Assessment maze: A meta-survey.  ACM Computing Surveys (CSUR),  51(1), p.11.
• Lin, I.C. and Liao, T.C., (2017). A Survey of Blockchain Security Issues and Challenges.  IJ Network Security,  19(5),653-659.
• Lopez, J. and Rubio, J.E., (2018). Access control for cyber-physical systems interconnected to the cloud.  Computer Networks,  134, 46-54.
• Saitta, D., Chowdhury, A., Ferro, G., Nalis, F. and Polosa, R., (2017). A risk assessment matrix for public health principles: The case for e-cigarettes.  International journal of environmental research and public health,  14(4),363.
• Pradabwong, J., Braziotis, C., Tannock, J. D., &Pawar, K. S. (2017). Business process management and supply chain collaboration: effects on performance and competitiveness.  Supply Chain Management: An International Journal,  22(2), 107-121.
• Vlachos, T. (2018). Certifiable Risk Management & Business Continuity Approach in Mining Industry. In  Proceedings of the 4th World Congress on Mechanical, Chemical, and Material Engineering (MCM'18), DOI  (Vol. 10).