<--- Score
36. Has a cost center been established?
<--- Score
37. Do you have any cost IT security risk assessment limitation requirements?
<--- Score
38. What could cause delays in the schedule?
<--- Score
39. What measurements are possible, practicable and meaningful?
<--- Score
40. How will effects be measured?
<--- Score
41. What is the IT security risk assessment business impact?
<--- Score
42. Are the IT security risk assessment benefits worth its costs?
<--- Score
43. Will IT security risk assessment have an impact on current business continuity, disaster recovery processes and/or infrastructure?
<--- Score
44. What would it cost to replace your technology?
<--- Score
45. Was a business case (cost/benefit) developed?
<--- Score
46. What users will be impacted?
<--- Score
47. How do you measure success?
<--- Score
48. How can you measure the performance?
<--- Score
49. Are there measurements based on task performance?
<--- Score
50. Are supply costs steady or fluctuating?
<--- Score
51. What details are required of the IT security risk assessment cost structure?
<--- Score
52. Where is the cost?
<--- Score
53. Do you effectively measure and reward individual and team performance?
<--- Score
54. How will you measure your IT security risk assessment effectiveness?
<--- Score
55. How can a IT security risk assessment test verify your ideas or assumptions?
<--- Score
56. How to cause the change?
<--- Score
57. Is there an opportunity to verify requirements?
<--- Score
58. What causes investor action?
<--- Score
59. What is the cost of rework?
<--- Score
60. Why do the measurements/indicators matter?
<--- Score
61. What do you measure and why?
<--- Score
62. How will measures be used to manage and adapt?
<--- Score
63. What would be a real cause for concern?
<--- Score
64. Why do you expend time and effort to implement measurement, for whom?
<--- Score
65. Is the cost worth the IT security risk assessment effort ?
<--- Score
66. How sensitive must the IT security risk assessment strategy be to cost?
<--- Score
67. What are the uncertainties surrounding estimates of impact?
<--- Score
68. Do you have an issue in getting priority?
<--- Score
69. What are the strategic priorities for this year?
<--- Score
70. What is an unallowable cost?
<--- Score
71. What is the total fixed cost?
<--- Score
72. What is your decision requirements diagram?
<--- Score
73. How do you measure efficient delivery of IT security risk assessment services?
<--- Score
74. Are indirect costs charged to the IT security risk assessment program?
<--- Score
75. Are there competing IT security risk assessment priorities?
<--- Score
76. Who should receive measurement reports?
<--- Score
77. Do you have a flow diagram of what happens?
<--- Score
78. What are the costs of delaying IT security risk assessment action?
<--- Score
79. What are the operational costs after IT security risk assessment deployment?
<--- Score
80. Are missed IT security risk assessment opportunities costing your organization money?
<--- Score
81. Have you made assumptions about the shape of the future, particularly its impact on your customers and competitors?
<--- Score
82. How are measurements made?
<--- Score
83. Does a IT security risk assessment quantification method exist?
<--- Score
84. When are costs are incurred?
<--- Score
85. Do the benefits outweigh the costs?
<--- Score
86. Which costs should be taken into account?
<--- Score
87. How much does it cost?
<--- Score
88. Have design-to-cost goals been established?
<--- Score
89. What can be used to verify compliance?
<--- Score
90. What causes mismanagement?
<--- Score
91. What are your customers expectations and measures?
<--- Score
92. When should you bother with diagrams?
<--- Score
93. How is progress measured?
<--- Score
94. What are your operating costs?
<--- Score
95. When a disaster occurs, who gets priority?
<--- Score
96. What are your key IT security risk assessment organizational performance measures, including key short and longer-term financial measures?
<---