<--- Score
56. Are there any specific expectations or concerns about the IT security risk assessment team, IT security risk assessment itself?
<--- Score
57. What are the expected benefits of IT security risk assessment to the stakeholder?
<--- Score
58. How do you assess your IT security risk assessment workforce capability and capacity needs, including skills, competencies, and staffing levels?
<--- Score
59. What are the IT security risk assessment resources needed?
<--- Score
60. Who are your key stakeholders who need to sign off?
<--- Score
61. Consider your own IT security risk assessment project, what types of organizational problems do you think might be causing or affecting your problem, based on the work done so far?
<--- Score
62. Will a response program recognize when a crisis occurs and provide some level of response?
<--- Score
63. How do you take a forward-looking perspective in identifying IT security risk assessment research related to market response and models?
<--- Score
64. Does IT security risk assessment create potential expectations in other areas that need to be recognized and considered?
<--- Score
65. Think about the people you identified for your IT security risk assessment project and the project responsibilities you would assign to them, what kind of training do you think they would need to perform these responsibilities effectively?
<--- Score
66. Whom do you really need or want to serve?
<--- Score
67. What needs to be done?
<--- Score
68. Are losses recognized in a timely manner?
<--- Score
69. What else needs to be measured?
<--- Score
70. Are there recognized IT security risk assessment problems?
<--- Score
71. Who needs to know?
<--- Score
72. Is it clear when you think of the day ahead of you what activities and tasks you need to complete?
<--- Score
73. What vendors make products that address the IT security risk assessment needs?
<--- Score
74. Are problem definition and motivation clearly presented?
<--- Score
75. How many trainings, in total, are needed?
<--- Score
76. What is the IT security risk assessment problem definition? What do you need to resolve?
<--- Score
77. Are employees recognized for desired behaviors?
<--- Score
78. What are the timeframes required to resolve each of the issues/problems?
<--- Score
79. What needs to stay?
<--- Score
80. Who defines the rules in relation to any given issue?
<--- Score
81. Are there any revenue recognition issues?
<--- Score
82. What are the clients issues and concerns?
<--- Score
83. Will IT security risk assessment deliverables need to be tested and, if so, by whom?
<--- Score
84. When a IT security risk assessment manager recognizes a problem, what options are available?
<--- Score
85. Are your goals realistic? Do you need to redefine your problem? Perhaps the problem has changed or maybe you have reached your goal and need to set a new one?
<--- Score
86. What problems are you facing and how do you consider IT security risk assessment will circumvent those obstacles?
<--- Score
87. Looking at each person individually – does every one have the qualities which are needed to work in this group?
<--- Score
88. Who else hopes to benefit from it?
<--- Score
89. How much are sponsors, customers, partners, stakeholders involved in IT security risk assessment? In other words, what are the risks, if IT security risk assessment does not deliver successfully?
<--- Score
90. How are training requirements identified?
<--- Score
91. How are you going to measure success?
<--- Score
92. What is the extent or complexity of the IT security risk assessment problem?
<--- Score
Add up total points for this section: _____ = Total points for this section
Divided by: ______ (number of statements answered) = ______ Average score for this section
Transfer your score to the IT security risk assessment Index at the beginning of the Self-Assessment.
CRITERION #2: DEFINE:
INTENT: Formulate the stakeholder problem. Define the problem, needs and objectives.
In my belief, the answer to this question is clearly defined:
5 Strongly Agree
4 Agree
3 Neutral
2 Disagree
1 Strongly Disagree
1. Have all of the relationships been defined properly?
<--- Score
2. What is the worst case scenario?
<--- Score
3. Are audit criteria, scope, frequency and methods defined?
<--- Score
4. How would you define IT security risk assessment leadership?
<--- Score
5. Is the improvement team aware of the different versions of a process: what they think it is vs. what it actually is vs. what it should be vs. what it could be?
<--- Score
6. What knowledge or experience is required?
<--- Score
7. What customer feedback methods were used to solicit their input?
<--- Score
8. Do you have organizational privacy requirements?
<--- Score
9. Do the problem and goal statements meet the SMART criteria (specific, measurable, attainable, relevant, and time-bound)?
<---