Скачать книгу

What does IT security risk assessment success mean to the stakeholders?

      <--- Score

      56. Are there any specific expectations or concerns about the IT security risk assessment team, IT security risk assessment itself?

      <--- Score

      57. What are the expected benefits of IT security risk assessment to the stakeholder?

      <--- Score

      58. How do you assess your IT security risk assessment workforce capability and capacity needs, including skills, competencies, and staffing levels?

      <--- Score

      59. What are the IT security risk assessment resources needed?

      <--- Score

      60. Who are your key stakeholders who need to sign off?

      <--- Score

      61. Consider your own IT security risk assessment project, what types of organizational problems do you think might be causing or affecting your problem, based on the work done so far?

      <--- Score

      62. Will a response program recognize when a crisis occurs and provide some level of response?

      <--- Score

      63. How do you take a forward-looking perspective in identifying IT security risk assessment research related to market response and models?

      <--- Score

      64. Does IT security risk assessment create potential expectations in other areas that need to be recognized and considered?

      <--- Score

      65. Think about the people you identified for your IT security risk assessment project and the project responsibilities you would assign to them, what kind of training do you think they would need to perform these responsibilities effectively?

      <--- Score

      66. Whom do you really need or want to serve?

      <--- Score

      67. What needs to be done?

      <--- Score

      68. Are losses recognized in a timely manner?

      <--- Score

      69. What else needs to be measured?

      <--- Score

      70. Are there recognized IT security risk assessment problems?

      <--- Score

      71. Who needs to know?

      <--- Score

      72. Is it clear when you think of the day ahead of you what activities and tasks you need to complete?

      <--- Score

      73. What vendors make products that address the IT security risk assessment needs?

      <--- Score

      74. Are problem definition and motivation clearly presented?

      <--- Score

      75. How many trainings, in total, are needed?

      <--- Score

      76. What is the IT security risk assessment problem definition? What do you need to resolve?

      <--- Score

      77. Are employees recognized for desired behaviors?

      <--- Score

      78. What are the timeframes required to resolve each of the issues/problems?

      <--- Score

      79. What needs to stay?

      <--- Score

      80. Who defines the rules in relation to any given issue?

      <--- Score

      81. Are there any revenue recognition issues?

      <--- Score

      82. What are the clients issues and concerns?

      <--- Score

      83. Will IT security risk assessment deliverables need to be tested and, if so, by whom?

      <--- Score

      84. When a IT security risk assessment manager recognizes a problem, what options are available?

      <--- Score

      85. Are your goals realistic? Do you need to redefine your problem? Perhaps the problem has changed or maybe you have reached your goal and need to set a new one?

      <--- Score

      86. What problems are you facing and how do you consider IT security risk assessment will circumvent those obstacles?

      <--- Score

      87. Looking at each person individually – does every one have the qualities which are needed to work in this group?

      <--- Score

      88. Who else hopes to benefit from it?

      <--- Score

      89. How much are sponsors, customers, partners, stakeholders involved in IT security risk assessment? In other words, what are the risks, if IT security risk assessment does not deliver successfully?

      <--- Score

      90. How are training requirements identified?

      <--- Score

      91. How are you going to measure success?

      <--- Score

      92. What is the extent or complexity of the IT security risk assessment problem?

      <--- Score

      Add up total points for this section: _____ = Total points for this section

      Divided by: ______ (number of statements answered) = ______ Average score for this section

      Transfer your score to the IT security risk assessment Index at the beginning of the Self-Assessment.

      CRITERION #2: DEFINE:

      INTENT: Formulate the stakeholder problem. Define the problem, needs and objectives.

      In my belief, the answer to this question is clearly defined:

      5 Strongly Agree

      4 Agree

      3 Neutral

      2 Disagree

      1 Strongly Disagree

      1. Have all of the relationships been defined properly?

      <--- Score

      2. What is the worst case scenario?

      <--- Score

      3. Are audit criteria, scope, frequency and methods defined?

      <--- Score

      4. How would you define IT security risk assessment leadership?

      <--- Score

      5. Is the improvement team aware of the different versions of a process: what they think it is vs. what it actually is vs. what it should be vs. what it could be?

      <--- Score

      6. What knowledge or experience is required?

      <--- Score

      7. What customer feedback methods were used to solicit their input?

      <--- Score

      8. Do you have organizational privacy requirements?

      <--- Score

      9. Do the problem and goal statements meet the SMART criteria (specific, measurable, attainable, relevant, and time-bound)?

      <---

Скачать книгу