Assessment Item 3
back to top
The assignment involves you producing a comprehensive risk report for ABC Fitness Gym given a particular scenario as below. You will be required to offer professional views based on a well established research.
Technical Risk Analysis (20 marks)
Consider you have been hired by the ABC Fitness Gym to analyse the technology environment and conduct a technical risk analysis. You are to prepare a management report applying everything you learnt in the subject. The report should include at a minimum:
- An Executive Summary at the beginning of the report which provides a clear statement of the technology project that is being assessed, and an overview of your recommendations to management as to the merits of the project based on your risk assessment.
- A risk assessment based on assets, threats, vulnerabilities and consequences derived from an IT control framework and any existing industry risk recommendations for the project. Identify and discuss the key threats. What could be done to mitigate the risks and their impact on the organisation?
- Provide a brief summary of the protection mechanisms you would employ whether they be people, culture or technology.
- Identify any gaps which you believe require further analysis and offer a rationale as to why.
Your report should be no more than 6 pages.
The ABC Fitness Gym
The ABC Fitness gym was started by its owner in 1997. When the owner opened the gym, the owner had a small premise and only had capacity for less than 20 members. Later the owner acquired new premises and expanded the gym. The owner now employs 50 full‐time members of staff and 150 part‐time instructors. The owner has also increased customer’s membership capacity and can now offer membership deals to organizations. To run and maintain the ABC business, the following detailed system specification was used and created various IT systems.
The gym now has two categories of member; those who are employees of organizations that have paid a corporate fee (corporate employee members) and individual members. Members in both categories pay an annual subscription, but corporate employee members get a reduced rate. The subscription rates are revised at the beginning of January each year. The corporate fee payable by employer organizations is also revised every January.
Each employee is employed by a particular gym department and the gym needs to know which department the employee has worked for in the past.
Potential new members often ask to see the gym facilities before committing themselves to joining. They are booked into gym tours, each tour being conducted by a gym employee. A tour is limited to a maximum of 6 potential members and lasts approximately one hour.
Use of gym equipment
The gym equipment falls into basic categories:
1) Weights machines, which exercise specific muscle groups by requiring users to do work against weights. This type of exercise is generally anaerobic. Users aim to repeat the exercise fifteen times at a certain weight.
2) Cardiovascular machines, such as exercise bikes and power joggers. After the first few minutes, these machines give aerobic benefits. The machines are all electronically controlled and allow the user to select different programmes and standards of difficulty.
The gym has one or two of each of the most popular types of weights machine. It has a row of ten jogging machines and several exercise bikes and rowing machines.
There are a number of specialist companies who manufacture gym equipment and each company must be registered with its trade association. The gym has bought machines from several of them. A machine type is known by a manufacturer’s name and manufacturer’s model number. Spare parts also have make and model numbers. Some of the spares can be fitted to several different machine types.
The owner of the company has provided the following mission statement for the new company.
“We aim to provide an improved service through our IT Systems for our customers by:
- Being able to process membership renewal in a timely fashion
- Increase member retention
- Being able to process new members in a timely fashion
- Ensuring all health and safety requirements are met when recruiting new members
- Maintaining all equipment to a high standard
- Providing a high level of staffing with the requisite skills
- Providing state of the art equipment as it comes on the market
- Competing with other gyms by ironing out weaknesses and offering a more personal and speedy service
- Being well informed of fluctuations in the market
- The clients details must be maintained with private and confidentially
- The dietary requirements for various types of clients must be maintained with appropriate progress
- Latest hardware and software used to maintain the every data in the organization such as Network, Computers, Machines, Database, Web Servers, OS and so on
- Time to time must have back up of the data and etc.
- The systems and computer work stations are safe and secure to use
back to top
This assessment task will assess the following learning outcome/s:
- be able to justify the goals and various key terms used in risk management and assess IT risk in business terms.
- be able to apply both quantitative and qualitative risk management approaches and to compare and contrast the advantages of each approach.
- be able to critically analyse the various approaches for mitigating security risk, including when to use insurance to transfer IT risk.
- be able to critically evaluate IT security risks in terms of vulnerabilities targeted by hackers and the benefits of using intrusion detection systems, firewalls and vulnerability scanners to reduce risk.