<--- Score
96. What vendors make products that address the Information technology security risk assessment needs?
<--- Score
97. Will new equipment/products be required to facilitate Information technology security risk assessment delivery, for example is new software needed?
<--- Score
98. What is the extent or complexity of the Information technology security risk assessment problem?
<--- Score
99. Looking at each person individually – does every one have the qualities which are needed to work in this group?
<--- Score
100. Is it clear when you think of the day ahead of you what activities and tasks you need to complete?
<--- Score
101. Who defines the rules in relation to any given issue?
<--- Score
Add up total points for this section: _____ = Total points for this section
Divided by: ______ (number of statements answered) = ______ Average score for this section
Transfer your score to the Information technology security risk assessment Index at the beginning of the Self-Assessment.
CRITERION #2: DEFINE:
INTENT: Formulate the stakeholder problem. Define the problem, needs and objectives.
In my belief, the answer to this question is clearly defined:
5 Strongly Agree
4 Agree
3 Neutral
2 Disagree
1 Strongly Disagree
1. How will variation in the actual durations of each activity be dealt with to ensure that the expected Information technology security risk assessment results are met?
<--- Score
2. The political context: who holds power?
<--- Score
3. What knowledge or experience is required?
<--- Score
4. Are audit criteria, scope, frequency and methods defined?
<--- Score
5. What is the scope?
<--- Score
6. Are there different segments of customers?
<--- Score
7. What is in scope?
<--- Score
8. What information do you gather?
<--- Score
9. Is the Information technology security risk assessment scope complete and appropriately sized?
<--- Score
10. What system do you use for gathering Information technology security risk assessment information?
<--- Score
11. How do you catch Information technology security risk assessment definition inconsistencies?
<--- Score
12. Are resources adequate for the scope?
<--- Score
13. What would be the goal or target for a Information technology security risk assessment’s improvement team?
<--- Score
14. What scope to assess?
<--- Score
15. What is the definition of Information technology security risk assessment excellence?
<--- Score
16. How often are the team meetings?
<--- Score
17. Are the Information technology security risk assessment requirements complete?
<--- Score
18. What constraints exist that might impact the team?
<--- Score
19. What customer feedback methods were used to solicit their input?
<--- Score
20. Are task requirements clearly defined?
<--- Score
21. How was the ‘as is’ process map developed, reviewed, verified and validated?
<--- Score
22. What is out-of-scope initially?
<--- Score
23. Are the Information technology security risk assessment requirements testable?
<--- Score
24. Are all requirements met?
<--- Score
25. What is the scope of the Information technology security risk assessment work?
<--- Score
26. How does the Information technology security risk assessment manager ensure against scope creep?
<--- Score
27. What are the rough order estimates on cost savings/opportunities that Information technology security risk assessment brings?
<--- Score
28. Has/have the customer(s) been identified?
<--- Score
29. Scope of sensitive information?
<--- Score
30. When is the estimated completion date?
<--- Score
31. Do you all define Information technology security risk assessment in the same way?
<--- Score
32. Is the current ‘as is’ process being followed? If not, what are the discrepancies?
<--- Score
33. Why are you doing Information technology security risk assessment and what is the scope?
<--- Score
34. In what way can you redefine the criteria of choice clients have in your category in your favor?
<--- Score
35. What is in the scope and what is not in scope?
<--- Score
36. Has a Information technology security risk assessment requirement not been met?
<--- Score
37. Has your scope been defined?
<--- Score
38. What is the context?
<--- Score
39. How is the team tracking and documenting its work?
<--- Score
40. Is there regularly 100% attendance at the team meetings? If not, have appointed substitutes attended to preserve cross-functionality and full representation?
<--- Score
41. Is the Information technology security risk assessment scope manageable?
<--- Score
42. When are meeting minutes sent out? Who is on the distribution list?
<--- Score
43. What gets examined?
<--- Score