LITMIR.BIZ

Скачать книгу

done so far?

      <--- Score

      96. What vendors make products that address the Information technology security risk assessment needs?

      <--- Score

      97. Will new equipment/products be required to facilitate Information technology security risk assessment delivery, for example is new software needed?

      <--- Score

      98. What is the extent or complexity of the Information technology security risk assessment problem?

      <--- Score

      99. Looking at each person individually – does every one have the qualities which are needed to work in this group?

      <--- Score

      100. Is it clear when you think of the day ahead of you what activities and tasks you need to complete?

      <--- Score

      101. Who defines the rules in relation to any given issue?

      <--- Score

      Add up total points for this section: _____ = Total points for this section

      Divided by: ______ (number of statements answered) = ______ Average score for this section

      Transfer your score to the Information technology security risk assessment Index at the beginning of the Self-Assessment.

      CRITERION #2: DEFINE:

      INTENT: Formulate the stakeholder problem. Define the problem, needs and objectives.

      In my belief, the answer to this question is clearly defined:

      5 Strongly Agree

      4 Agree

      3 Neutral

      2 Disagree

      1 Strongly Disagree

      1. How will variation in the actual durations of each activity be dealt with to ensure that the expected Information technology security risk assessment results are met?

      <--- Score

      2. The political context: who holds power?

      <--- Score

      3. What knowledge or experience is required?

      <--- Score

      4. Are audit criteria, scope, frequency and methods defined?

      <--- Score

      5. What is the scope?

      <--- Score

      6. Are there different segments of customers?

      <--- Score

      7. What is in scope?

      <--- Score

      8. What information do you gather?

      <--- Score

      9. Is the Information technology security risk assessment scope complete and appropriately sized?

      <--- Score

      10. What system do you use for gathering Information technology security risk assessment information?

      <--- Score

      11. How do you catch Information technology security risk assessment definition inconsistencies?

      <--- Score

      12. Are resources adequate for the scope?

      <--- Score

      13. What would be the goal or target for a Information technology security risk assessment’s improvement team?

      <--- Score

      14. What scope to assess?

      <--- Score

      15. What is the definition of Information technology security risk assessment excellence?

      <--- Score

      16. How often are the team meetings?

      <--- Score

      17. Are the Information technology security risk assessment requirements complete?

      <--- Score

      18. What constraints exist that might impact the team?

      <--- Score

      19. What customer feedback methods were used to solicit their input?

      <--- Score

      20. Are task requirements clearly defined?

      <--- Score

      21. How was the ‘as is’ process map developed, reviewed, verified and validated?

      <--- Score

      22. What is out-of-scope initially?

      <--- Score

      23. Are the Information technology security risk assessment requirements testable?

      <--- Score

      24. Are all requirements met?

      <--- Score

      25. What is the scope of the Information technology security risk assessment work?

      <--- Score

      26. How does the Information technology security risk assessment manager ensure against scope creep?

      <--- Score

      27. What are the rough order estimates on cost savings/opportunities that Information technology security risk assessment brings?

      <--- Score

      28. Has/have the customer(s) been identified?

      <--- Score

      29. Scope of sensitive information?

      <--- Score

      30. When is the estimated completion date?

      <--- Score

      31. Do you all define Information technology security risk assessment in the same way?

      <--- Score

      32. Is the current ‘as is’ process being followed? If not, what are the discrepancies?

      <--- Score

      33. Why are you doing Information technology security risk assessment and what is the scope?

      <--- Score

      34. In what way can you redefine the criteria of choice clients have in your category in your favor?

      <--- Score

      35. What is in the scope and what is not in scope?

      <--- Score

      36. Has a Information technology security risk assessment requirement not been met?

      <--- Score

      37. Has your scope been defined?

      <--- Score

      38. What is the context?

      <--- Score

      39. How is the team tracking and documenting its work?

      <--- Score

      40. Is there regularly 100% attendance at the team meetings? If not, have appointed substitutes attended to preserve cross-functionality and full representation?

      <--- Score

      41. Is the Information technology security risk assessment scope manageable?

      <--- Score

      42. When are meeting minutes sent out? Who is on the distribution list?

      <--- Score

      43. What gets examined?

      <--- Score

Скачать книгу