Читать книгу IT Security Risk Assessment A Complete Guide - 2020 Edition - Gerardus Blokdyk - Страница 7
ОглавлениеCRITERION #1: RECOGNIZE
INTENT: Be aware of the need for change. Recognize that there is an unfavorable variation, problem or symptom.
In my belief, the answer to this question is clearly defined:
5 Strongly Agree
4 Agree
3 Neutral
2 Disagree
1 Strongly Disagree
1. Why is this needed?
<--- Score
2. Did you miss any major IT security risk assessment issues?
<--- Score
3. What do you need to start doing?
<--- Score
4. What are your needs in relation to IT security risk assessment skills, labor, equipment, and markets?
<--- Score
5. Who needs what information?
<--- Score
6. Do you need to avoid or amend any IT security risk assessment activities?
<--- Score
7. Do you need different information or graphics?
<--- Score
8. Are you dealing with any of the same issues today as yesterday? What can you do about this?
<--- Score
9. What prevents you from making the changes you know will make you a more effective IT security risk assessment leader?
<--- Score
10. Who should resolve the IT security risk assessment issues?
<--- Score
11. What IT security risk assessment capabilities do you need?
<--- Score
12. How do you identify the kinds of information that you will need?
<--- Score
13. What resources or support might you need?
<--- Score
14. For your IT security risk assessment project, identify and describe the business environment, is there more than one layer to the business environment?
<--- Score
15. What information do users need?
<--- Score
16. Will new equipment/products be required to facilitate IT security risk assessment delivery, for example is new software needed?
<--- Score
17. How do you recognize an objection?
<--- Score
18. Are there IT security risk assessment problems defined?
<--- Score
19. What are the minority interests and what amount of minority interests can be recognized?
<--- Score
20. What situation(s) led to this IT security risk assessment Self Assessment?
<--- Score
21. Do you know what you need to know about IT security risk assessment?
<--- Score
22. Does the problem have ethical dimensions?
<--- Score
23. What do employees need in the short term?
<--- Score
24. What is the problem and/or vulnerability?
<--- Score
25. Are there regulatory / compliance issues?
<--- Score
26. What would happen if IT security risk assessment weren’t done?
<--- Score
27. Would you recognize a threat from the inside?
<--- Score
28. How can auditing be a preventative security measure?
<--- Score
29. How are the IT security risk assessment’s objectives aligned to the group’s overall stakeholder strategy?
<--- Score
30. What activities does the governance board need to consider?
<--- Score
31. Which information does the IT security risk assessment business case need to include?
<--- Score
32. What is the problem or issue?
<--- Score
33. What are the stakeholder objectives to be achieved with IT security risk assessment?
<--- Score
34. As a sponsor, customer or management, how important is it to meet goals, objectives?
<--- Score
35. Who needs budgets?
<--- Score
36. How do you identify subcontractor relationships?
<--- Score
37. Which issues are too important to ignore?
<--- Score
38. What should be considered when identifying available resources, constraints, and deadlines?
<--- Score
39. What extra resources will you need?
<--- Score
40. Where do you need to exercise leadership?
<--- Score
41. What IT security risk assessment coordination do you need?
<--- Score
42. To what extent does each concerned units management team recognize IT security risk assessment as an effective investment?
<--- Score
43. What IT security risk assessment problem should be solved?
<--- Score
44. Is it needed?
<--- Score
45. Which needs are not included or involved?
<--- Score
46. How does it fit into your organizational needs and tasks?
<--- Score
47. What training and capacity building actions are needed to implement proposed reforms?
<--- Score
48. Are employees recognized or rewarded for performance that demonstrates the highest levels of integrity?
<--- Score
49. What IT security risk assessment events should you attend?
<--- Score
50. To what extent would your organization benefit from being recognized as a award recipient?
<--- Score
51. Who needs to know about IT security risk assessment?
<--- Score
52. What is the smallest subset of the problem you can usefully solve?
<--- Score
53. Does your organization need more IT security risk assessment education?
<--- Score
54. Can management personnel recognize the monetary benefit of IT security risk assessment?
<--- Score
55. What does IT security risk assessment success mean to the stakeholders?
<--- Score
56. Are there any specific expectations or concerns about the IT security risk assessment team, IT security risk assessment itself?
<--- Score
57. What are the expected benefits of IT security risk assessment to the stakeholder?
<--- Score
58. How do you assess your IT security risk assessment workforce capability and capacity needs, including skills, competencies, and staffing levels?
<--- Score
59. What are the IT security risk assessment resources needed?
<--- Score
60. Who are your key stakeholders who need to sign off?
<--- Score
61. Consider your own IT security risk assessment project, what types of organizational problems do you think might be causing or affecting your problem, based on the work done so far?
<--- Score
62. Will a response program recognize when a crisis occurs and provide some level of response?
<--- Score
63. How do you take a forward-looking perspective in identifying IT security risk assessment research related to market response and models?
<--- Score
64. Does IT security risk assessment create potential expectations in other areas that need to be recognized and considered?
<--- Score
65. Think about the people you identified for your IT security risk assessment project and the project responsibilities you would assign to them, what kind of training do you think they would need to perform these responsibilities effectively?
<--- Score
66. Whom do you really need or want to serve?
<--- Score
67. What needs to be done?
<--- Score
68. Are losses recognized in a timely manner?
<--- Score
69. What else needs to be measured?
<--- Score
70. Are there recognized IT security risk assessment problems?
<--- Score
71. Who needs to know?
<--- Score
72. Is it clear when you think of the day ahead of you what activities and tasks you need to complete?
<--- Score
73. What vendors make products that address the IT security risk assessment needs?
<--- Score
74. Are problem definition and motivation clearly presented?
<--- Score
75. How many trainings, in total, are needed?
<--- Score
76. What is the IT security risk assessment problem definition? What do you need to resolve?
<--- Score
77. Are employees recognized for desired behaviors?
<--- Score
78. What are the timeframes required to resolve each of the issues/problems?
<--- Score
79. What needs to stay?
<--- Score
80. Who defines the rules in relation to any given issue?
<--- Score
81. Are there any revenue recognition issues?
<--- Score
82. What are the clients issues and concerns?
<--- Score
83. Will IT security risk assessment deliverables need to be tested and, if so, by whom?
<--- Score
84. When a IT security risk assessment manager recognizes a problem, what options are available?
<--- Score
85. Are your goals realistic? Do you need to redefine your problem? Perhaps the problem has changed or maybe you have reached your goal and need to set a new one?
<--- Score
86. What problems are you facing and how do you consider IT security risk assessment will circumvent those obstacles?
<--- Score
87. Looking at each person individually – does every one have the qualities which are needed to work in this group?
<--- Score
88. Who else hopes to benefit from it?
<--- Score
89. How much are sponsors, customers, partners, stakeholders involved in IT security risk assessment? In other words, what are the risks, if IT security risk assessment does not deliver successfully?
<--- Score
90. How are training requirements identified?
<--- Score
91. How are you going to measure success?
<--- Score
92. What is the extent or complexity of the IT security risk assessment problem?
<--- Score
Add up total points for this section: _____ = Total points for this section
Divided by: ______ (number of statements answered) = ______ Average score for this section
Transfer your score to the IT security risk assessment Index at the beginning of the Self-Assessment.
