Скачать книгу

What is out of scope?

      <--- Score

      45. Is the team adequately staffed with the desired cross-functionality? If not, what additional resources are available to the team?

      <--- Score

      46. What are the requirements for audit information?

      <--- Score

      47. Does the scope remain the same?

      <--- Score

      48. Has the direction changed at all during the course of Information technology security risk assessment? If so, when did it change and why?

      <--- Score

      49. Is special Information technology security risk assessment user knowledge required?

      <--- Score

      50. How would you define Information technology security risk assessment leadership?

      <--- Score

      51. Have the customer needs been translated into specific, measurable requirements? How?

      <--- Score

      52. Have all of the relationships been defined properly?

      <--- Score

      53. How do you keep key subject matter experts in the loop?

      <--- Score

      54. If substitutes have been appointed, have they been briefed on the Information technology security risk assessment goals and received regular communications as to the progress to date?

      <--- Score

      55. Who are the Information technology security risk assessment improvement team members, including Management Leads and Coaches?

      <--- Score

      56. What are the Roles and Responsibilities for each team member and its leadership? Where is this documented?

      <--- Score

      57. Has the improvement team collected the ‘voice of the customer’ (obtained feedback – qualitative and quantitative)?

      <--- Score

      58. What critical content must be communicated – who, what, when, where, and how?

      <--- Score

      59. What sort of initial information to gather?

      <--- Score

      60. Do you have a Information technology security risk assessment success story or case study ready to tell and share?

      <--- Score

      61. What are the compelling stakeholder reasons for embarking on Information technology security risk assessment?

      <--- Score

      62. How have you defined all Information technology security risk assessment requirements first?

      <--- Score

      63. Are accountability and ownership for Information technology security risk assessment clearly defined?

      <--- Score

      64. What are the Information technology security risk assessment tasks and definitions?

      <--- Score

      65. Is it clearly defined in and to your organization what you do?

      <--- Score

      66. What specifically is the problem? Where does it occur? When does it occur? What is its extent?

      <--- Score

      67. How do you think the partners involved in Information technology security risk assessment would have defined success?

      <--- Score

      68. What are the record-keeping requirements of Information technology security risk assessment activities?

      <--- Score

      69. Does the team have regular meetings?

      <--- Score

      70. Is there a completed, verified, and validated high-level ‘as is’ (not ‘should be’ or ‘could be’) stakeholder process map?

      <--- Score

      71. What are the dynamics of the communication plan?

      <--- Score

      72. What is the scope of the Information technology security risk assessment effort?

      <--- Score

      73. What are the core elements of the Information technology security risk assessment business case?

      <--- Score

      74. Do the problem and goal statements meet the SMART criteria (specific, measurable, attainable, relevant, and time-bound)?

      <--- Score

      75. Have all basic functions of Information technology security risk assessment been defined?

      <--- Score

      76. Is the improvement team aware of the different versions of a process: what they think it is vs. what it actually is vs. what it should be vs. what it could be?

      <--- Score

      77. Has anyone else (internal or external to the group) attempted to solve this problem or a similar one before? If so, what knowledge can be leveraged from these previous efforts?

      <--- Score

      78. Do you have organizational privacy requirements?

      <--- Score

      79. Who approved the Information technology security risk assessment scope?

      <--- Score

      80. Has a project plan, Gantt chart, or similar been developed/completed?

      <--- Score

      81. Has a high-level ‘as is’ process map been completed, verified and validated?

      <--- Score

      82. How do you gather the stories?

      <--- Score

      83. What is the scope of Information technology security risk assessment?

      <--- Score

      84. Are there any constraints known that bear on the ability to perform Information technology security risk assessment work? How is the team addressing them?

      <--- Score

      85. What are (control) requirements for Information technology security risk assessment Information?

      <--- Score

      86. What sources do you use to gather information for a Information technology security risk assessment study?

      <--- Score

      87. What intelligence can you gather?

      <--- Score

      88. What is the worst case scenario?

      <--- Score

      89. How do you gather requirements?

      <--- Score

      90. Is there a completed SIPOC representation, describing the Suppliers, Inputs, Process, Outputs, and Customers?

      <--- Score

      91. Who is gathering information?

      <--- Score

      92. Is Information technology security risk assessment required?

      <--- Score

      93. Is Information technology security risk assessment linked to key stakeholder goals and objectives?

      <--- Score

      94.

Скачать книгу