LITMIR.BIZ

Скачать книгу

How do you build the right business case?

      <--- Score

      95. Has the Information technology security risk assessment work been fairly and/or equitably divided and delegated among team members who are qualified and capable to perform the work? Has everyone contributed?

      <--- Score

      96. How do you manage changes in Information technology security risk assessment requirements?

      <--- Score

      97. Have specific policy objectives been defined?

      <--- Score

      98. Is there any additional Information technology security risk assessment definition of success?

      <--- Score

      99. What are the Information technology security risk assessment use cases?

      <--- Score

      100. Is there a clear Information technology security risk assessment case definition?

      <--- Score

      101. How and when will the baselines be defined?

      <--- Score

      102. Is there a critical path to deliver Information technology security risk assessment results?

      <--- Score

      103. Is scope creep really all bad news?

      <--- Score

      104. How do you manage scope?

      <--- Score

      105. Will a Information technology security risk assessment production readiness review be required?

      <--- Score

      106. What defines best in class?

      <--- Score

      107. Is Information technology security risk assessment currently on schedule according to the plan?

      <--- Score

      108. Has everyone on the team, including the team leaders, been properly trained?

      <--- Score

      109. Has a team charter been developed and communicated?

      <--- Score

      110. How did the Information technology security risk assessment manager receive input to the development of a Information technology security risk assessment improvement plan and the estimated completion dates/times of each activity?

      <--- Score

      111. Who is gathering Information technology security risk assessment information?

      <--- Score

      112. What Information technology security risk assessment services do you require?

      <--- Score

      113. How will the Information technology security risk assessment team and the group measure complete success of Information technology security risk assessment?

      <--- Score

      114. What was the context?

      <--- Score

      115. Who defines (or who defined) the rules and roles?

      <--- Score

      116. How are consistent Information technology security risk assessment definitions important?

      <--- Score

      117. Are different versions of process maps needed to account for the different types of inputs?

      <--- Score

      118. What are the boundaries of the scope? What is in bounds and what is not? What is the start point? What is the stop point?

      <--- Score

      119. How do you hand over Information technology security risk assessment context?

      <--- Score

      120. Is the scope of Information technology security risk assessment defined?

      <--- Score

      121. How would you define the culture at your organization, how susceptible is it to Information technology security risk assessment changes?

      <--- Score

      122. How do you manage unclear Information technology security risk assessment requirements?

      <--- Score

      123. What key stakeholder process output measure(s) does Information technology security risk assessment leverage and how?

      <--- Score

      124. What happens if Information technology security risk assessment’s scope changes?

      <--- Score

      125. Are roles and responsibilities formally defined?

      <--- Score

      126. What information should you gather?

      <--- Score

      127. What scope do you want your strategy to cover?

      <--- Score

      128. When is/was the Information technology security risk assessment start date?

      <--- Score

      129. Where can you gather more information?

      <--- Score

      130. How do you gather Information technology security risk assessment requirements?

      <--- Score

      131. Is the work to date meeting requirements?

      <--- Score

      132. What is a worst-case scenario for losses?

      <--- Score

      133. What baselines are required to be defined and managed?

      <--- Score

      134. Are required metrics defined, what are they?

      <--- Score

      Add up total points for this section: _____ = Total points for this section

      Divided by: ______ (number of statements answered) = ______ Average score for this section

      Transfer your score to the Information technology security risk assessment Index at the beginning of the Self-Assessment.

      CRITERION #3: MEASURE:

      INTENT: Gather the correct data. Measure the current performance and evolution of the situation.

      In my belief, the answer to this question is clearly defined:

      5 Strongly Agree

      4 Agree

      3 Neutral

      2 Disagree

      1 Strongly Disagree

      1. Has a cost center been established?

      <--- Score

      2. What is the total fixed cost?

      <--- Score

      3. Are the Information technology security risk assessment benefits worth its costs?

      <--- Score

      4. What potential environmental factors impact the Information technology security risk assessment effort?

      <--- Score

      5. How are costs allocated?

      <--- Score

      6. What are the uncertainties surrounding estimates of impact?

      <--- Score

      7. Are the measurements objective?

      <--- Score

      8.

Скачать книгу