Rate this page

ITC596 – IT Risk Management

Risk assessment

Risk assessment is a process or method through which risk and hazard and their potential influence lead to determine with hazard identification, risk analysis and risk evaluation. Every business need to perform a risk assessment so that things lead in right direction. ABC fitness gym is required to assess risk so that they can mitigate the problems in near future.

Identify the key assets, threats, vulnerabilities and consequences based on IT control framework

A control framework consists some tools and techniques which protects IT infrastructure of a company. It helps to protect fraud and theft from spectrum outside the parties like hackers and cyber criminals. The key assets in IT control framework include hardware, software, network, database web servers etc. All these are some essential assets in IT aspect. ABC fitness gym use computer, network, hardware and software to contain information of their clients. Some of the vulnerabilities which are identified in the IT attribute define as follow:

  • Missing data encryption process
  • SQL injection
  • Buffer overflow
  • Missing of authentication
  • Downloading inappropriate codes
  • Weak password

All these are some major vulnerabilities on which ABC fitness gym need to work. Thus, it is essential for the ABC to understand the vulnerabilities and underpin consequences from it. ABC fitness gym IT person anticipate the consequences of poor information technology which define as follow:

  • It can compromise with confidentiality of the customers of the company
  • Poor speed of the process
  • Inappropriate anticipation of the information

Thus, all these are IT control aspects which underpin in the ABC fitness gym. Hence, all such are major problems and risk for the ABC fitness gym and they need to focus on steps of mitigation to prevent such problems.

Existing industry risk recommendation for the project

ABC fitness gym is required to focus on existing risk recommendation aspects so that they can incorporate all activities in an effective manner. The protection of data is an integral part of ABC gym so that they can remain information confidential. Thus, following are existing industry risk recommendation to maintain things. The risk of the project include assessment of data by hackers and entering in firewalls with scanning things. ABC fitness gym has to focus on existing industry risk recommendations for company:

Risk Assessment Based on Assets in ABC Fitness Gym

Serial Number Risk Consequences Counter measures
1. Unavailability of Money Fewer amounts of equipments.

No technological up gradation.

Forced to use old technical methods.

Absence of new technologies.


The organisation should be aware about the budget. There should be a proper channel through which they could know where the money could be invested.
2. Unavailability of Infrastructure Less development.

Less space for work.

Hard to implement the technology.

Implementation of technology is directly proportional to the risk management. So due to the shortage of infrastructure less development of the organisation is there.
3. Unskilled workers Due to the shortage of skilled workers the rate of development of the organisation declines in a steady way.

Technological failure

The worker should be skilled in a proper environment so that it could fit into the organisation and can sincerely work for the growth and the development of the IT sector.
4. Less Advanced Equipments Decrease in the rate of work.

Decrease in the production.

Problem in risk detection.

The organisation should implement the advanced technology with proper advanced equipment so that the organisation could detect the risk properly.

Risk Assessment Based on the Threats in ABC Fitness Gym

Threat assessments

  The very first risk which is involved in the ABC fitness gym is the threat. In the risk management system, the first and foremost thing is the analysis and the monitoring of the threats associated with it. The threat management consists of several risks which are the natural calamities, accident, terrorist attacks, etc in the specific location or the facility. As per the ISC standards or the norms, it only focuses upon the threats which are manmade and doesn’t focus upon other kinds of threats that are present. This assessment should verify the information which is being supported to verify or to check the occurrence of every threat. In the case of the natural threats which occur and the historical threats which involve floods, the hurricane can be taken into consideration to judge the credibility of the threat. In case of the criminal threats, the rate of crime in the surrounding areas could provide a very good indicator of which type of criminal activity may take place and furthermore and it can be monitored to reduce and to overcome it. In addition to the asset and the program located it may also give rise to the attraction in the eye of the attacker. For instance, if we take an example of massive machinery industry the risk associated with the industry is very much high compared to the office buildings in the massive industry the threat to an accident is there whereas in a simple office the risk of an accident is very less. In case of the terrorist threats they first target to the attractiveness of the organization this becomes their primary goal. The type of attack of the terrorist may vary depending upon the available scenarios. For example, In a country, a terrorist is planning to shoot a facility if the security of the organization is so tight that they may be diverted to any other instance and the organization or the facility could be protected safely. If no adequate security is provided then the terrorist could win the battle. If the definition is more specific then the countermeasures are also easy to find. In the case of the terrorist attacks, it is very difficult to predict and they are generally very random (Suter, 2016).

Some Instances of Assessments are:


1-Artificial: These are known as the attackers who use a particular method to achieve who are targeting the organization. History is recorded in a particular area and the facility which is being targeted.

2-Natural: In the natural process, it occurs near or in the locality of the particular area continuously.


1-Artificial: The attacker attacks the facility that uses the tactic to attack the particular organization. There is no specific rule for the enrolment of the agency.

2-Natural: They come at least once in every ten years.

Vulnerability Assessment

Once the conceivable assessment is completed a good vulnerability test should be conducted. This assessment consists of the loss from an attack which was taken place. The impact of loss is very high while dealing with vulnerability.


The organization is damaged and working in the industry cannot proceed. Most items in the organization are damaged. The organization has reduced up to 75%.


In this case the industry is totally being destroyed which is almost equals to hundred percentages. They are not in a stage of repair. The organisation may be closed for a period of one week.


The organisation faces no impact in the operation and the shut down time is less than 4 hours a day and there is also no loss in the assets in the organisation.


In the case of noticeable vulnerability the organisation is temporarily shut down or being closed for a certain period of time. The organisation could face a loss of about 25%.

Types of Vulnerability

There are 4 types of vulnerability which are described as follows:

  1. Very High: This is the very high in ABC fitness gym which provides attractive packages and the countermeasures which are provided are inadequate.
  2. High: This is the high profile local organization that provides attractive measures and the countermeasures which are provided are also inadequate.
  3. Moderate: This is the moderate range of organization which is generally not popular in the locality.
  4. Low: This is not the high range of organization and a possible amount of target is being achieved (Crowley, C., 2019).

Risk Mitigation:

Risk mitigation is otherwise known as risk elimination. It is a plan or action which gives the opportunity and reduces the threats associated with the project. As the IT industry is growing at a faster rate the rate of risk has also increased simultaneously which is very much challenging to the organization. The database of the ABC fitness gym should be kept safe as nowadays there are many chances of hacking and data leaks now a day. If the data is leaked of some employee it is a very bad issue which could take the organization down.

Impact of Risk in ABC Fitness Gym

Adoption of proper user

It is a process in which the team members actually follow the team leader. If they don’t follow this concept the employee and the organisation is going to suffer a lot.

Unrealized Benefits

Risk involved in a project can kill the project in a night itself. If the management will not cop with the organisation then it is a bitter truth that the organisation is going to suffer a lot.

Late Running Projects

In a organisation if the project is running slowly then the we can take into account that there is a down time in the organisation and the risk. Delay in the project can lead to the risk involved in it.


Coze, J. C. L. (2005). Are organisations too complex to be integrated in technical risk assessment and current safety auditing?. Safety science43(8), 613-638.

Klein, J. H., & Cork, R. B. (1998). An approach to technical risk assessment. International Journal of Project Management16(6), 345-351.

Mohaghegh, Z., Kazemi, R., & Mosleh, A. (2009). Incorporating organizational factors into Probabilistic Risk Assessment (PRA) of complex socio-technical systems: A hybrid technique formalization. Reliability Engineering & System Safety94(5), 1000-1018.

Slovic, P. (1993). Perceived risk, trust, and democracy. Risk analysis13(6), 675-682.