Question

The assignment involves you producing a comprehensive risk report for ABC Fitness Gym given a particular scenario as below. You will be required to offer professional views based on a well established research.

Technical Risk Analysis

Consider you have been hired by the ABC Fitness Gym to analyse the technology environment and conduct a technical risk analysis. You are to prepare a management report applying everything you learnt in the subject. The report should include at a minimum:

• An Executive Summary at the beginning of the report which provides a clear statement of the technology project that is being assessed, and an overview of your recommendations to management as to the merits of the project based on your risk assessment.
• A risk assessment based on assets, threats, vulnerabilities and consequences derived from an IT control framework and any existing industry risk recommendations for the project. Identify and discuss the key threats. What could be done to mitigate the risks and their impact on the organisation?
• Provide a brief summary of the protection mechanisms you would employ whether they be people, culture or technology.
• Identify any gaps which you believe require further analysis and offer a rationale as to why.

Your report should be no more than 6 pages.

The ABC Fitness Gym

The ABC Fitness gym was started by its owner in 1997. When the owner opened the gym, the owner had a small premise and only had capacity for less than 20 members. Later the owner acquired new premises and expanded the gym. The owner now employs 50 full‐time members of staff and 150 part‐time instructors. The owner has also increased customer’s membership capacity and can now offer membership deals to organizations. To run and maintain the ABC business, the following detailed system specification was used and created various IT systems.

Members

The gym now has two categories of member; those who are employees of organizations that have paid a corporate fee (corporate employee members) and individual members. Members in both categories pay an annual subscription, but corporate employee members get a reduced rate. The subscription rates are revised at the beginning of January each year. The corporate fee payable by employer organizations is also revised every January.   

Employees

Each employee is employed by a particular gym department and the gym needs to know which department the employee has worked for in the past.   

Potential new members often ask to see the gym facilities before committing themselves to joining. They are booked into gym tours, each tour being conducted by a gym employee. A tour is limited to a maximum of 6 potential members and lasts approximately one hour.

Use of gym equipment

The gym equipment falls into basic categories:

1) Weights machines, which exercise specific muscle groups by requiring users to do work against weights. This type of exercise is generally anaerobic. Users aim to repeat the exercise fifteen times at a certain weight.

2) Cardiovascular machines, such as exercise bikes and power joggers. After the first few minutes, these machines give aerobic benefits. The machines are all electronically controlled and allow the user to select different programmes and standards of difficulty.   

Equipment Maintenance

The gym has one or two of each of the most popular types of weights machine. It has a row of ten jogging machines and several exercise bikes and rowing machines.   

There are a number of specialist companies who manufacture gym equipment and each company must be registered with its trade association. The gym has bought machines from several of them. A machine type is known by a manufacturer’s name and manufacturer’s model number. Spare parts also have make and model numbers. Some of the spares can be fitted to several different machine types.

The owner of the company has provided the following mission statement for the new company.

“We aim to provide an improved service through our IT Systems for our customers by:

• Being able to process membership renewal in a timely fashion
• Increase member retention
• Being able to process new members in a timely fashion
• Ensuring all health and safety requirements are met when recruiting new members
• Maintaining all equipment to a high standard
• Providing a high level of staffing with the requisite skills
• Providing state of the art equipment as it comes on the market
• Competing with other gyms by ironing out weaknesses and offering a more personal and speedy service
• Being well informed of fluctuations in the market
• The clients details must be maintained with private and confidentially
• The dietary requirements for various types of clients must be maintained with appropriate progress
• Latest hardware and software used to maintain the every data in the organization such as Network, Computers, Machines, Database, Web Servers, OS and so on
• Time to time must have back up of the data and etc.
• The systems and computer work stations are safe and secure to use

Answer 1

Executive Summary

ABC Fitness gym, which was initiated in the late '90s (1994) has seen exponential growth in recent years. They started on a small scale with very minimal employees and they could not accommodate more than 20 members. Later, as they expanded their business they moved into a new location. The gym has a good number of corporate members coming in and the best rates are offered to them. Other members are also given a good price. They provide elite training with high-quality gym equipment. Nutrition based advice and weight checking are given at most importance. A highlight for the members is that they can take a gym tour before joining to see if they are comfortable with the premises and training. Only experienced staff are taken so that customers could benefit.
This executive summary is created to focus on the new IT structure framework they are bringing up for the gym facilities. This system works on many crucial factors such as:
The best software, hardware, and OS will be used for the retention of customer data. The customer records will be highly private and confidential.
Best diet services are provided by Nutritionist and their progress will be checked from time to time.
Fine quality equipment and maintain them from time to time.
Highly skilled staff for training the customers and have a personal touch with them, unlike other gym facilities.
Well informed about the current market scenarios and give good rates for the customers.
Make a note of premium members and give them exclusive offers.
At last, also able to surf the internet and other important works by providing systems and workstations.

Activity Based Risk Assessment Form
Company	ABC Fitness Gym	Conducted by	Technical Risk Analyst
		Last Review Date   N/A              Next Review Date: -------
Process           Providing IT                             framework to                                   enhance gym                                                             services Approved By : ---

Kindly ignore the alignment and make sure to number your risk factors.

I have answered the first two questions.