LITMIR.BIZ

Скачать книгу

the same way?

      <--- Score

      121. Has the IT security risk assessment work been fairly and/or equitably divided and delegated among team members who are qualified and capable to perform the work? Has everyone contributed?

      <--- Score

      122. What scope to assess?

      <--- Score

      123. What happens if IT security risk assessment’s scope changes?

      <--- Score

      124. Who is gathering information?

      <--- Score

      125. How do you manage changes in IT security risk assessment requirements?

      <--- Score

      126. Has the direction changed at all during the course of IT security risk assessment? If so, when did it change and why?

      <--- Score

      127. Has the improvement team collected the ‘voice of the customer’ (obtained feedback – qualitative and quantitative)?

      <--- Score

      128. When are meeting minutes sent out? Who is on the distribution list?

      <--- Score

      129. Is the team adequately staffed with the desired cross-functionality? If not, what additional resources are available to the team?

      <--- Score

      130. How do you gather the stories?

      <--- Score

      131. What is in the scope and what is not in scope?

      <--- Score

      132. What baselines are required to be defined and managed?

      <--- Score

      133. Is it clearly defined in and to your organization what you do?

      <--- Score

      134. How do you manage scope?

      <--- Score

      135. Is there a critical path to deliver IT security risk assessment results?

      <--- Score

      136. What system do you use for gathering IT security risk assessment information?

      <--- Score

      137. Are there different segments of customers?

      <--- Score

      138. How will variation in the actual durations of each activity be dealt with to ensure that the expected IT security risk assessment results are met?

      <--- Score

      Add up total points for this section: _____ = Total points for this section

      Divided by: ______ (number of statements answered) = ______ Average score for this section

      Transfer your score to the IT security risk assessment Index at the beginning of the Self-Assessment.

      CRITERION #3: MEASURE:

      INTENT: Gather the correct data. Measure the current performance and evolution of the situation.

      In my belief, the answer to this question is clearly defined:

      5 Strongly Agree

      4 Agree

      3 Neutral

      2 Disagree

      1 Strongly Disagree

      1. What drives O&M cost?

      <--- Score

      2. How do your measurements capture actionable IT security risk assessment information for use in exceeding your customers expectations and securing your customers engagement?

      <--- Score

      3. How do you measure variability?

      <--- Score

      4. Have you included everything in your IT security risk assessment cost models?

      <--- Score

      5. How can you manage cost down?

      <--- Score

      6. How are costs allocated?

      <--- Score

      7. What does losing customers cost your organization?

      <--- Score

      8. Are the units of measure consistent?

      <--- Score

      9. Are the measurements objective?

      <--- Score

      10. What do people want to verify?

      <--- Score

      11. Are actual costs in line with budgeted costs?

      <--- Score

      12. What could cause you to change course?

      <--- Score

      13. How will your organization measure success?

      <--- Score

      14. What is the cause of any IT security risk assessment gaps?

      <--- Score

      15. What are allowable costs?

      <--- Score

      16. What are hidden IT security risk assessment quality costs?

      <--- Score

      17. Are you able to realize any cost savings?

      <--- Score

      18. Who pays the cost?

      <--- Score

      19. What harm might be caused?

      <--- Score

      20. Where is it measured?

      <--- Score

      21. Does the IT security risk assessment task fit the client’s priorities?

      <--- Score

      22. What is the total cost related to deploying IT security risk assessment, including any consulting or professional services?

      <--- Score

      23. How will costs be allocated?

      <--- Score

      24. What are the costs?

      <--- Score

      25. How do you verify and develop ideas and innovations?

      <--- Score

      26. How is performance measured?

      <--- Score

      27. What are the costs and benefits?

      <--- Score

      28. How will success or failure be measured?

      <--- Score

      29. How long to keep data and how to manage retention costs?

      <--- Score

      30. Did you tackle the cause or the symptom?

      <--- Score

      31. How do you aggregate measures across priorities?

      <--- Score

      32. How frequently do you track IT security risk assessment measures?

      <--- Score

      33. How do you quantify and qualify impacts?

      <--- Score

      34. What is measured? Why?

      <--- Score

      35. Which measures and indicators

Скачать книгу