in a timely manner?
<--- Score
69. What else needs to be measured?
<--- Score
70. Are there recognized IT security risk assessment problems?
<--- Score
71. Who needs to know?
<--- Score
72. Is it clear when you think of the day ahead of you what activities and tasks you need to complete?
<--- Score
73. What vendors make products that address the IT security risk assessment needs?
<--- Score
74. Are problem definition and motivation clearly presented?
<--- Score
75. How many trainings, in total, are needed?
<--- Score
76. What is the IT security risk assessment problem definition? What do you need to resolve?
<--- Score
77. Are employees recognized for desired behaviors?
<--- Score
78. What are the timeframes required to resolve each of the issues/problems?
<--- Score
79. What needs to stay?
<--- Score
80. Who defines the rules in relation to any given issue?
<--- Score
81. Are there any revenue recognition issues?
<--- Score
82. What are the clients issues and concerns?
<--- Score
83. Will IT security risk assessment deliverables need to be tested and, if so, by whom?
<--- Score
84. When a IT security risk assessment manager recognizes a problem, what options are available?
<--- Score
85. Are your goals realistic? Do you need to redefine your problem? Perhaps the problem has changed or maybe you have reached your goal and need to set a new one?
<--- Score
86. What problems are you facing and how do you consider IT security risk assessment will circumvent those obstacles?
<--- Score
87. Looking at each person individually – does every one have the qualities which are needed to work in this group?
<--- Score
88. Who else hopes to benefit from it?
<--- Score
89. How much are sponsors, customers, partners, stakeholders involved in IT security risk assessment? In other words, what are the risks, if IT security risk assessment does not deliver successfully?
<--- Score
90. How are training requirements identified?
<--- Score
91. How are you going to measure success?
<--- Score
92. What is the extent or complexity of the IT security risk assessment problem?
<--- Score
Add up total points for this section: _____ = Total points for this section
Divided by: ______ (number of statements answered) = ______ Average score for this section
Transfer your score to the IT security risk assessment Index at the beginning of the Self-Assessment.
CRITERION #2: DEFINE:
INTENT: Formulate the stakeholder problem. Define the problem, needs and objectives.
In my belief, the answer to this question is clearly defined:
5 Strongly Agree
4 Agree
3 Neutral
2 Disagree
1 Strongly Disagree
1. Have all of the relationships been defined properly?
<--- Score
2. What is the worst case scenario?
<--- Score
3. Are audit criteria, scope, frequency and methods defined?
<--- Score
4. How would you define IT security risk assessment leadership?
<--- Score
5. Is the improvement team aware of the different versions of a process: what they think it is vs. what it actually is vs. what it should be vs. what it could be?
<--- Score
6. What knowledge or experience is required?
<--- Score
7. What customer feedback methods were used to solicit their input?
<--- Score
8. Do you have organizational privacy requirements?
<--- Score
9. Do the problem and goal statements meet the SMART criteria (specific, measurable, attainable, relevant, and time-bound)?
<--- Score
10. Are there any constraints known that bear on the ability to perform IT security risk assessment work? How is the team addressing them?
<--- Score
11. Is IT security risk assessment currently on schedule according to the plan?
<--- Score
12. Has a team charter been developed and communicated?
<--- Score
13. Are approval levels defined for contracts and supplements to contracts?
<---
