Скачать книгу

Is there regularly 100% attendance at the team meetings? If not, have appointed substitutes attended to preserve cross-functionality and full representation?

      <--- Score

      67. Is the scope of IT security risk assessment defined?

      <--- Score

      68. Are required metrics defined, what are they?

      <--- Score

      69. What are the boundaries of the scope? What is in bounds and what is not? What is the start point? What is the stop point?

      <--- Score

      70. Does the team have regular meetings?

      <--- Score

      71. What defines best in class?

      <--- Score

      72. What is out of scope?

      <--- Score

      73. What gets examined?

      <--- Score

      74. Where can you gather more information?

      <--- Score

      75. What is the definition of success?

      <--- Score

      76. How would you define the culture at your organization, how susceptible is it to IT security risk assessment changes?

      <--- Score

      77. What information should you gather?

      <--- Score

      78. How was the ‘as is’ process map developed, reviewed, verified and validated?

      <--- Score

      79. When is/was the IT security risk assessment start date?

      <--- Score

      80. How do you keep key subject matter experts in the loop?

      <--- Score

      81. Why are you doing IT security risk assessment and what is the scope?

      <--- Score

      82. Has/have the customer(s) been identified?

      <--- Score

      83. What critical content must be communicated – who, what, when, where, and how?

      <--- Score

      84. Who is gathering IT security risk assessment information?

      <--- Score

      85. What IT security risk assessment requirements should be gathered?

      <--- Score

      86. What intelligence can you gather?

      <--- Score

      87. How do you manage unclear IT security risk assessment requirements?

      <--- Score

      88. Are roles and responsibilities formally defined?

      <--- Score

      89. What is the scope of the IT security risk assessment effort?

      <--- Score

      90. Who approved the IT security risk assessment scope?

      <--- Score

      91. Has anyone else (internal or external to the group) attempted to solve this problem or a similar one before? If so, what knowledge can be leveraged from these previous efforts?

      <--- Score

      92. Have all basic functions of IT security risk assessment been defined?

      <--- Score

      93. In what way can you redefine the criteria of choice clients have in your category in your favor?

      <--- Score

      94. How will the IT security risk assessment team and the group measure complete success of IT security risk assessment?

      <--- Score

      95. Scope of sensitive information?

      <--- Score

      96. What sources do you use to gather information for a IT security risk assessment study?

      <--- Score

      97. What specifically is the problem? Where does it occur? When does it occur? What is its extent?

      <--- Score

      98. Are accountability and ownership for IT security risk assessment clearly defined?

      <--- Score

      99. If substitutes have been appointed, have they been briefed on the IT security risk assessment goals and received regular communications as to the progress to date?

      <--- Score

      100. What are the dynamics of the communication plan?

      <--- Score

      101. What are the core elements of the IT security risk assessment business case?

      <--- Score

      102. How and when will the baselines be defined?

      <--- Score

      103. What is the scope of the IT security risk assessment work?

      <--- Score

      104. What are the rough order estimates on cost savings/opportunities that IT security risk assessment brings?

      <--- Score

      105. What are the IT security risk assessment use cases?

      <--- Score

      106. How is the team tracking and documenting its work?

      <--- Score

      107. How do you hand over IT security risk assessment context?

      <--- Score

      108. Has your scope been defined?

      <--- Score

      109. What IT security risk assessment services do you require?

      <--- Score

      110. What are the Roles and Responsibilities for each team member and its leadership? Where is this documented?

      <--- Score

      111. What would be the goal or target for a IT security risk assessment’s improvement team?

      <--- Score

      112. Has a high-level ‘as is’ process map been completed, verified and validated?

      <--- Score

      113. The political context: who holds power?

      <--- Score

      114. What is the definition of IT security risk assessment excellence?

      <--- Score

      115. How do you gather requirements?

      <--- Score

      116. How did the IT security risk assessment manager receive input to the development of a IT security risk assessment improvement plan and the estimated completion dates/times of each activity?

      <--- Score

      117. Will a IT security risk assessment production readiness review be required?

      <--- Score

      118. Have the customer needs been translated into specific, measurable requirements? How?

      <--- Score

      119. Is the current ‘as is’ process being followed? If not, what are the discrepancies?

      <--- Score

      120. Do you all define IT security risk assessment

Скачать книгу