LITMIR.BIZ

Скачать книгу

Score

      10. Are there any constraints known that bear on the ability to perform IT security risk assessment work? How is the team addressing them?

      <--- Score

      11. Is IT security risk assessment currently on schedule according to the plan?

      <--- Score

      12. Has a team charter been developed and communicated?

      <--- Score

      13. Are approval levels defined for contracts and supplements to contracts?

      <--- Score

      14. Is scope creep really all bad news?

      <--- Score

      15. Are the IT security risk assessment requirements testable?

      <--- Score

      16. Do you have a IT security risk assessment success story or case study ready to tell and share?

      <--- Score

      17. Is IT security risk assessment linked to key stakeholder goals and objectives?

      <--- Score

      18. Is IT security risk assessment required?

      <--- Score

      19. What are (control) requirements for IT security risk assessment Information?

      <--- Score

      20. What was the context?

      <--- Score

      21. Are resources adequate for the scope?

      <--- Score

      22. What are the requirements for audit information?

      <--- Score

      23. Is there a clear IT security risk assessment case definition?

      <--- Score

      24. Is there a completed, verified, and validated high-level ‘as is’ (not ‘should be’ or ‘could be’) stakeholder process map?

      <--- Score

      25. Who are the IT security risk assessment improvement team members, including Management Leads and Coaches?

      <--- Score

      26. How does the IT security risk assessment manager ensure against scope creep?

      <--- Score

      27. Is the IT security risk assessment scope manageable?

      <--- Score

      28. What scope do you want your strategy to cover?

      <--- Score

      29. What key stakeholder process output measure(s) does IT security risk assessment leverage and how?

      <--- Score

      30. How have you defined all IT security risk assessment requirements first?

      <--- Score

      31. Is special IT security risk assessment user knowledge required?

      <--- Score

      32. What constraints exist that might impact the team?

      <--- Score

      33. Are customer(s) identified and segmented according to their different needs and requirements?

      <--- Score

      34. What sort of initial information to gather?

      <--- Score

      35. Are different versions of process maps needed to account for the different types of inputs?

      <--- Score

      36. How are consistent IT security risk assessment definitions important?

      <--- Score

      37. Has everyone on the team, including the team leaders, been properly trained?

      <--- Score

      38. Are the IT security risk assessment requirements complete?

      <--- Score

      39. How can the value of IT security risk assessment be defined?

      <--- Score

      40. What is in scope?

      <--- Score

      41. How do you think the partners involved in IT security risk assessment would have defined success?

      <--- Score

      42. Is the team equipped with available and reliable resources?

      <--- Score

      43. Who defines (or who defined) the rules and roles?

      <--- Score

      44. What are the compelling stakeholder reasons for embarking on IT security risk assessment?

      <--- Score

      45. What are the IT security risk assessment tasks and definitions?

      <--- Score

      46. Is the work to date meeting requirements?

      <--- Score

      47. Is the IT security risk assessment scope complete and appropriately sized?

      <--- Score

      48. What is out-of-scope initially?

      <--- Score

      49. How often are the team meetings?

      <--- Score

      50. Is there a completed SIPOC representation, describing the Suppliers, Inputs, Process, Outputs, and Customers?

      <--- Score

      51. What information do you gather?

      <--- Score

      52. How do you build the right business case?

      <--- Score

      53. Has a IT security risk assessment requirement not been met?

      <--- Score

      54. Have specific policy objectives been defined?

      <--- Score

      55. Are all requirements met?

      <--- Score

      56. What are the tasks and definitions?

      <--- Score

      57. Is there a IT security risk assessment management charter, including stakeholder case, problem and goal statements, scope, milestones, roles and responsibilities, communication plan?

      <--- Score

      58. Is data collected and displayed to better understand customer(s) critical needs and requirements.

      <--- Score

      59. When is the estimated completion date?

      <--- Score

      60. What is the context?

      <--- Score

      61. What is the scope of IT security risk assessment?

      <--- Score

      62. Is there any additional IT security risk assessment definition of success?

      <--- Score

      63. How do you catch IT security risk assessment definition inconsistencies?

      <--- Score

      64. Has a project plan, Gantt chart, or similar been developed/completed?

      <--- Score

      65. What are the record-keeping requirements of IT security risk assessment activities?

      <--- Score

Скачать книгу