<--- Score
95. Has the Information technology security risk assessment work been fairly and/or equitably divided and delegated among team members who are qualified and capable to perform the work? Has everyone contributed?
<--- Score
96. How do you manage changes in Information technology security risk assessment requirements?
<--- Score
97. Have specific policy objectives been defined?
<--- Score
98. Is there any additional Information technology security risk assessment definition of success?
<--- Score
99. What are the Information technology security risk assessment use cases?
<--- Score
100. Is there a clear Information technology security risk assessment case definition?
<--- Score
101. How and when will the baselines be defined?
<--- Score
102. Is there a critical path to deliver Information technology security risk assessment results?
<--- Score
103. Is scope creep really all bad news?
<--- Score
104. How do you manage scope?
<--- Score
105. Will a Information technology security risk assessment production readiness review be required?
<--- Score
106. What defines best in class?
<--- Score
107. Is Information technology security risk assessment currently on schedule according to the plan?
<--- Score
108. Has everyone on the team, including the team leaders, been properly trained?
<--- Score
109. Has a team charter been developed and communicated?
<--- Score
110. How did the Information technology security risk assessment manager receive input to the development of a Information technology security risk assessment improvement plan and the estimated completion dates/times of each activity?
<--- Score
111. Who is gathering Information technology security risk assessment information?
<--- Score
112. What Information technology security risk assessment services do you require?
<--- Score
113. How will the Information technology security risk assessment team and the group measure complete success of Information technology security risk assessment?
<--- Score
114. What was the context?
<--- Score
115. Who defines (or who defined) the rules and roles?
<--- Score
116. How are consistent Information technology security risk assessment definitions important?
<--- Score
117. Are different versions of process maps needed to account for the different types of inputs?
<--- Score
118. What are the boundaries of the scope? What is in bounds and what is not? What is the start point? What is the stop point?
<--- Score
119. How do you hand over Information technology security risk assessment context?
<--- Score
120. Is the scope of Information technology security risk assessment defined?
<--- Score
121. How would you define the culture at your organization, how susceptible is it to Information technology security risk assessment changes?
<--- Score
122. How do you manage unclear Information technology security risk assessment requirements?
<--- Score
123. What key stakeholder process output measure(s) does Information technology security risk assessment leverage and how?
<--- Score
124. What happens if Information technology security risk assessment’s scope changes?
<--- Score
125. Are roles and responsibilities formally defined?
<--- Score
126. What information should you gather?
<--- Score
127. What scope do you want your strategy to cover?
<--- Score
128. When is/was the Information technology security risk assessment start date?
<--- Score
129. Where can you gather more information?
<--- Score
130. How do you gather Information technology security risk assessment requirements?
<--- Score
131. Is the work to date meeting requirements?
<--- Score
132. What is a worst-case scenario for losses?
<--- Score
133. What baselines are required to be defined and managed?
<--- Score
134. Are required metrics defined, what are they?
<--- Score
Add up total points for this section: _____ = Total points for this section
Divided by: ______ (number of statements answered) = ______ Average score for this section
Transfer your score to the Information technology security risk assessment Index at the beginning of the Self-Assessment.
CRITERION #3: MEASURE:
INTENT: Gather the correct data. Measure the current performance and evolution of the situation.
In my belief, the answer to this question is clearly defined:
5 Strongly Agree
4 Agree
3 Neutral
2 Disagree
1 Strongly Disagree
1. Has a cost center been established?
<--- Score
2. What is the total fixed cost?
<--- Score
3. Are the Information technology security risk assessment benefits worth its costs?
<--- Score
4. What potential environmental factors impact the Information technology security risk assessment effort?
<--- Score
5. How are costs allocated?
<--- Score
6. What are the uncertainties surrounding estimates of impact?
<--- Score
7. Are the measurements objective?
<--- Score
8.