to better understand customer(s) critical needs and requirements.
<--- Score
59. When is the estimated completion date?
<--- Score
60. What is the context?
<--- Score
61. What is the scope of IT security risk assessment?
<--- Score
62. Is there any additional IT security risk assessment definition of success?
<--- Score
63. How do you catch IT security risk assessment definition inconsistencies?
<--- Score
64. Has a project plan, Gantt chart, or similar been developed/completed?
<--- Score
65. What are the record-keeping requirements of IT security risk assessment activities?
<--- Score
66. Is there regularly 100% attendance at the team meetings? If not, have appointed substitutes attended to preserve cross-functionality and full representation?
<--- Score
67. Is the scope of IT security risk assessment defined?
<--- Score
68. Are required metrics defined, what are they?
<--- Score
69. What are the boundaries of the scope? What is in bounds and what is not? What is the start point? What is the stop point?
<--- Score
70. Does the team have regular meetings?
<--- Score
71. What defines best in class?
<--- Score
72. What is out of scope?
<--- Score
73. What gets examined?
<--- Score
74. Where can you gather more information?
<--- Score
75. What is the definition of success?
<--- Score
76. How would you define the culture at your organization, how susceptible is it to IT security risk assessment changes?
<--- Score
77. What information should you gather?
<--- Score
78. How was the ‘as is’ process map developed, reviewed, verified and validated?
<--- Score
79. When is/was the IT security risk assessment start date?
<--- Score
80. How do you keep key subject matter experts in the loop?
<--- Score
81. Why are you doing IT security risk assessment and what is the scope?
<--- Score
82. Has/have the customer(s) been identified?
<--- Score
83. What critical content must be communicated – who, what, when, where, and how?
<--- Score
84. Who is gathering IT security risk assessment information?
<--- Score
85. What IT security risk assessment requirements should be gathered?
<--- Score
86. What intelligence can you gather?
<--- Score
87. How do you manage unclear IT security risk assessment requirements?
<--- Score
88. Are roles and responsibilities formally defined?
<--- Score
89. What is the scope of the IT security risk assessment effort?
<--- Score
90. Who approved the IT security risk assessment scope?
<--- Score
91. Has anyone else (internal or external to the group) attempted to solve this problem or a similar one before? If so, what knowledge can be leveraged from these previous efforts?
<--- Score
92. Have all basic functions of IT security risk assessment been defined?
<--- Score
93. In what way can you redefine the criteria of choice clients have in your category in your favor?
<--- Score
94. How will the IT security risk assessment team and the group measure complete success of IT security risk assessment?
<--- Score
95. Scope of sensitive information?
<--- Score
96. What sources do you use to gather information for a IT security risk assessment study?
<--- Score
97. What specifically is the problem? Where does it occur? When does it occur? What is its extent?
<--- Score
98. Are accountability and ownership for IT security risk assessment clearly defined?
<--- Score
99. If substitutes have been appointed, have they been briefed on the IT security risk assessment goals and received regular communications as to the progress to date?
<--- Score
100. What are the dynamics of the communication plan?
<--- Score
101. What are the core elements of the IT security risk assessment business case?
<--- Score
102.
