In this report, the technical risk analysis for ABC Fitness Gym was done. The report detailed out the assets of the organisation, the potential threats, possible vulnerabilities, and their likely consequences on the organisation. Here, it was mentioned that major assets of the Gym are its employees, members, and property.The report also talked about the risk mitigating measures and recommendations. The first recommendation is that the management should keep a regular check and monitoring. Also, the response plan can also help the organisation in mitigating the risk. In addition to this, the organisation is also required to prepare a Risk Appetite Statement (RAS) that would provide ABC Fitness a better articulation for the tolerance level for risks. At last, the gaps in the newly implemented system were also determined for better organisation.
In today’s day and age, information technology has penetrated almost every business domain. It is assisting the organisations to resolve the issues they face and to simplify the operations they carry out. It not only saves the time of the firm but also minimises the cost of operations. However, there are certain risks associated with the use of IT solutions in the business. In the following report, the risks associated with the use of IT systems in ABC Fitness Gym are discussed and their likely impacts on the organisation are analysed. ABC Fitness gym has certain objectives that it wants to achieve through incorporating IT systems. The following report details out the summary of the risk mitigation and protection mechanism that the company may employ with technology, culture, and people. It also details out the gaps in the current operation and provide a rationale to them.
The risk assessment and management framework is all about ensuring that there is an efficient process for managing risks across the Gym. Risk management is integrated to almost all the operations of the organisation. The risk assessment culture focuses on analysis and management of business and IT risks (Vlachos, 2018). The assessment would require identification of the key assets, threats, vulnerabilities, and their likely consequences as per newly implemented IT framework. These are elaborated below:
The assets of a business entity includes the property and resources that it wants to safeguard. The primary or key assets of ABC Fitness Gym are the members and human resource including nutritionist, trainers, and guides along with the gym equipment and other property (Armstrong, et.al, 2018). There are IT assets installed in the gym, such as communication devices, laptops, desktops, and data management servers. These can also be seen as the equipment that are associated with network, data storage or reception of information and data, printers, etc. The organisation is required to keep a record of all the assets it owns and protect them from any IT-related attack or any other inaction (Alrawais, et.al, 2017). The ABC Fitness Gym is required to take care of its most crucial business asset which is members’ personal information. It is mandatory for the firm to protect this asset from getting illicitly used by the competitor or hackers.
The major threats from the newly implemented IT solutions in the ABC Fitness Gymcomprises both ongoing advancements and daily operations. These are:-
Talking about the vulnerabilities associated with the current operations and IT management systems of the ABC Fitness Gym, it can be a major gap or defect in the system that makes the organisation vulnerable to attack. It could be associated with the systems, software, procedures, and other things related to information security. One such vulnerability is related to software update (Gritzalis, et.al, 2018). In order to provide better protection to the data and information, firewall and security features of IT systems are required to be updated on regular basis. In addition to this, any bug may also put the organisation into jeopardy. As it is given in the case that the Gym management has decided to store the data on the network, the missing data encryption can be another vulnerability for the organisation (Pradabwong, et.al,2017). Furthermore, weak passwords may also result in data theft and this cannot be considered a wise move from the Gym management. Hence, a strong password and limited access to the data of the members and employees should be there across the organisation.
There can be some serious consequences of compromised security and system failures. The Gym management has decided to make use of IT based systems for all of its major operations, such as processing membership renewal and storing and processing new membership, maintaining high standards in equipment, timely data backup, and much more. Any discrepancies in the system can cause major issue with the convenience of the members, employees, and management. In addition to this, ABC Fitness Gym may end up losing its reputation in case of data breach or theft. There are certain legal consequences that might also hit the organisation and affect the profitability (Gritzalis, et.al, 2018). Furthermore, the current expansion rate of the Gym may get affected and it might halt the operation in order to make up for the data theft or vulnerabilities. New potential customers may not want to join the ABC fitness gym due to its poor reputation. Overall, these vulnerabilities and threats can be fatal for the organisation. Therefore, these are required to be handled at the earliest and with utmost care (Alrawais, et.al, 2017).
The risk mitigation can be better done with the help of risk register. This would help in understanding the level of risk impact on the business and the associated people. In addition to this, the description of the consequences of risk can be identified by the risk register (Vlachos, 2018). Furthermore, the risk register also provide certain risk management strategies for the gym. With the help of the risk register, the ABC Fitness gym can be able to prepare the employees to combat the potential risks and take necessary actions.
Likelihood of the risk occurring
Impact of risk occurs
Impact of risk
Technology Change Management
The Gym has little appetite for using IT-based systems and equipment which may cause problems in the initial stage due to organisation’s poor change management policies
The Gym management has a moderate internal process and a low knowledge for cyber-attack protection. This may result in mismanagement of information and data theft.
It would impact the efficiency of the system.
Technology Service Availability:
The Gym lacks the special infrastructure that can be integrated to the newly updated IT systems. Due to this, the general operations, financial operations, etc., may get hampered.
Measure Taken for Risk Mitigation
This part would cover the protection mechanism for people, culture, and technology which is illustrated below:-
People:These include employees and members. As the employees are directly dealing with the data of members. Therefore, the organisation should create an environment where employees are trained to make better use of IT-based applications and system. They should be provided enough training for identifying the potential IT related risks and manage them at their own level. In addition to this, the members should also be provided information about how their data will be made confidential and protected by the best IT systems (Gritzalis, et.al, 2018). The regular update will help in providing an improvised security system. Also, the management is required to work on changing the attitude and behaviour of employees towards the technological change that may take place in the near future (Linand Liao,2017).
Culture:Coming on to culture of the organisation, earlier, all the work related to preparation of dietary plans, record-keeping of subscription charges, equipment maintenance, membership renewal processing, staffing, etc. With the help of the newly implemented IT-based system, all the operations would not only be carried out with the same effectiveness but also with better efficiency and less errors (Linand Liao, 2017). The culture of IT-based systems and application should be encouraged throughout the organisation for better results and less faults.
Technology:The advancement of current operations of the gym with the help of technology can be a major move for the organisation to deal with its mainstream issues, such as mismanagement of data and improper dietary plan preparation, providing staffing, etc. by providing training and establishing the culture of IT-based operations, ABC Fitness can be able to deal with its issues (Saitta, et.al, 2017).
Even after implementation of IT-based systems, there can be many lacunas in the new system. These can be related to the regular update and maintenance of software and systems. Failing to this can invited unwanted threats to the organisation. Another gap that is identified is related to dependence on unreliable inputs while making security decisions. The organisation is committed to provide safe and secure working environment for the staff members (Armstrong, et.al, 2018). But, the current system and lack of understanding of the IT management and risk assessment may result in psychological and physical harm to the member. In addition to this, the data stored in the cloud based servers may not be able to detect the IP address of the host. Such discrepancy in the system may cause harm to the organisation in future. The analysis is required for further evaluation and assessment of errors and issues in the newly implemented system (Saitta, et.al, 2017).
With the help the IT system analysis, the future challenges can be determined and proper proactive measures. This would ensure a smooth functioning of the firm. In addition to this, using IT framework for keeping up the whole database can be a threat as far as security is concerned. However, it needs to proceed onward to another working framework which gives effectiveness to putting away such enormous databases in a wide system (Pradabwong, et.al, 2017).
In the following report, the IT risks assessment was carried out in which certain risks associated with the business, such as cyber-security, lack of strategies for IT systems and poor organisational infrastructure and planning. The whole discussion was done on the case study of ABC Fitness Gym. The report detailed out the potential risks, vulnerabilities, and consequences. In addition to this, the risk mitigation reduces the effect of risk on the associated individuals. The gym additionally works for the assurance instrument on individuals, innovation and the way of life of the exercise centre. The innovation utilized by the ABC fitness gym is exceptionally cutting-edge however it requires sufficient support for actualizing it and furthermore to guarantee the security of individuals and worker information.
just share your requirements and get customized solutions on time
offer valid for limited time only*
someone in is bought