Читать книгу IT Security Risk Assessment A Complete Guide - 2020 Edition - Gerardus Blokdyk - Страница 9

CRITERION #3: MEASURE:

INTENT: Gather the correct data. Measure the current performance and evolution of the situation.

In my belief, the answer to this question is clearly defined:

5 Strongly Agree

4 Agree

3 Neutral

2 Disagree

1 Strongly Disagree

1. What drives O&M cost?

<--- Score

2. How do your measurements capture actionable IT security risk assessment information for use in exceeding your customers expectations and securing your customers engagement?

<--- Score

3. How do you measure variability?

<--- Score

4. Have you included everything in your IT security risk assessment cost models?

<--- Score

5. How can you manage cost down?

<--- Score

6. How are costs allocated?

<--- Score

7. What does losing customers cost your organization?

<--- Score

8. Are the units of measure consistent?

<--- Score

9. Are the measurements objective?

<--- Score

10. What do people want to verify?

<--- Score

11. Are actual costs in line with budgeted costs?

<--- Score

12. What could cause you to change course?

<--- Score

13. How will your organization measure success?

<--- Score

14. What is the cause of any IT security risk assessment gaps?

<--- Score

15. What are allowable costs?

<--- Score

16. What are hidden IT security risk assessment quality costs?

<--- Score

17. Are you able to realize any cost savings?

<--- Score

18. Who pays the cost?

<--- Score

19. What harm might be caused?

<--- Score

20. Where is it measured?

<--- Score

21. Does the IT security risk assessment task fit the client’s priorities?

<--- Score

22. What is the total cost related to deploying IT security risk assessment, including any consulting or professional services?

<--- Score

23. How will costs be allocated?

<--- Score

24. What are the costs?

<--- Score

25. How do you verify and develop ideas and innovations?

<--- Score

26. How is performance measured?

<--- Score

27. What are the costs and benefits?

<--- Score

28. How will success or failure be measured?

<--- Score

29. How long to keep data and how to manage retention costs?

<--- Score

30. Did you tackle the cause or the symptom?

<--- Score

31. How do you aggregate measures across priorities?

<--- Score

32. How frequently do you track IT security risk assessment measures?

<--- Score

33. How do you quantify and qualify impacts?

<--- Score

34. What is measured? Why?

<--- Score

35. Which measures and indicators matter?

<--- Score

36. Has a cost center been established?

<--- Score

37. Do you have any cost IT security risk assessment limitation requirements?

<--- Score

38. What could cause delays in the schedule?

<--- Score

39. What measurements are possible, practicable and meaningful?

<--- Score

40. How will effects be measured?

<--- Score

41. What is the IT security risk assessment business impact?

<--- Score

42. Are the IT security risk assessment benefits worth its costs?

<--- Score

43. Will IT security risk assessment have an impact on current business continuity, disaster recovery processes and/or infrastructure?

<--- Score

44. What would it cost to replace your technology?

<--- Score

45. Was a business case (cost/benefit) developed?

<--- Score

46. What users will be impacted?

<--- Score

47. How do you measure success?

<--- Score

48. How can you measure the performance?

<--- Score

49. Are there measurements based on task performance?

<--- Score

50. Are supply costs steady or fluctuating?

<--- Score

51. What details are required of the IT security risk assessment cost structure?

<--- Score

52. Where is the cost?

<--- Score

53. Do you effectively measure and reward individual and team performance?

<--- Score

54. How will you measure your IT security risk assessment effectiveness?

<--- Score

55. How can a IT security risk assessment test verify your ideas or assumptions?

<--- Score

56. How to cause the change?

<--- Score

57. Is there an opportunity to verify requirements?

<--- Score

58. What causes investor action?

<--- Score

59. What is the cost of rework?

<--- Score

60. Why do the measurements/indicators matter?

<--- Score

61. What do you measure and why?

<--- Score

62. How will measures be used to manage and adapt?

<--- Score

63. What would be a real cause for concern?

<--- Score

64. Why do you expend time and effort to implement measurement, for whom?

<--- Score

65. Is the cost worth the IT security risk assessment effort ?

<--- Score

66. How sensitive must the IT security risk assessment strategy be to cost?

<--- Score

67. What are the uncertainties surrounding estimates of impact?

<--- Score

68. Do you have an issue in getting priority?

<--- Score

69. What are the strategic priorities for this year?

<--- Score

70. What is an unallowable cost?

<--- Score

71. What is the total fixed cost?

<--- Score

72. What is your decision requirements diagram?

<--- Score

73. How do you measure efficient delivery of IT security risk assessment services?

<--- Score

74. Are indirect costs charged to the IT security risk assessment program?

<--- Score

75. Are there competing IT security risk assessment priorities?

<--- Score

76. Who should receive measurement reports?

<--- Score

77. Do you have a flow diagram of what happens?

<--- Score

78. What are the costs of delaying IT security risk assessment action?

<--- Score

79. What are the operational costs after IT security risk assessment deployment?

<--- Score

80. Are missed IT security risk assessment opportunities costing your organization money?

<--- Score

81. Have you made assumptions about the shape of the future, particularly its impact on your customers and competitors?

<--- Score

82. How are measurements made?

<--- Score

83. Does a IT security risk assessment quantification method exist?

<--- Score

84. When are costs are incurred?

<--- Score

85. Do the benefits outweigh the costs?

<--- Score

86. Which costs should be taken into account?

<--- Score

87. How much does it cost?

<--- Score

88. Have design-to-cost goals been established?

<--- Score

89. What can be used to verify compliance?

<--- Score

90. What causes mismanagement?

<--- Score

91. What are your customers expectations and measures?

<--- Score

92. When should you bother with diagrams?

<--- Score

93. How is progress measured?

<--- Score

94. What are your operating costs?

<--- Score

95. When a disaster occurs, who gets priority?

<--- Score

96. What are your key IT security risk assessment organizational performance measures, including key short and longer-term financial measures?

<--- Score

97. What are your primary costs, revenues, assets?

<--- Score

98. What disadvantage does this cause for the user?

<--- Score

99. What causes extra work or rework?

<--- Score

100. How will you measure success?

<--- Score

101. Which IT security risk assessment impacts are significant?

<--- Score

102. What potential environmental factors impact the IT security risk assessment effort?

<--- Score

103. At what cost?

<--- Score

104. Among the IT security risk assessment product and service cost to be estimated, which is considered hardest to estimate?

<--- Score

105. How can you measure IT security risk assessment in a systematic way?

<--- Score

106. What methods are feasible and acceptable to estimate the impact of reforms?

<--- Score

107. What are the costs of reform?

<--- Score

108. How do you control the overall costs of your work processes?

<--- Score

109. Are you taking your company in the direction of better and revenue or cheaper and cost?

<--- Score

110. What relevant entities could be measured?

<--- Score

111. What does your operating model cost?

<--- Score

112. Does management have the right priorities among projects?

<--- Score

113. What are the estimated costs of proposed changes?

<--- Score

114. Is it possible to estimate the impact of unanticipated complexity such as wrong or failed assumptions, feedback, etcetera on proposed reforms?

<--- Score

115. What are the IT security risk assessment investment costs?

<--- Score

116. What are the types and number of measures to use?

<--- Score

117. What is your IT security risk assessment quality cost segregation study?

<--- Score

118. What are the IT security risk assessment key cost drivers?

<--- Score

119. What is the root cause(s) of the problem?

<--- Score

120. What measurements are being captured?

<--- Score

121. How do you measure lifecycle phases?

<--- Score

122. How can you reduce costs?

<--- Score

123. How is the value delivered by IT security risk assessment being measured?

<--- Score

124. Are IT security risk assessment vulnerabilities categorized and prioritized?

<--- Score

125. Is the solution cost-effective?

<--- Score

126. How do you prevent mis-estimating cost?

<--- Score

127. What are the current costs of the IT security risk assessment process?

<--- Score

128. Do you aggressively reward and promote the people who have the biggest impact on creating excellent IT security risk assessment services/products?

<--- Score

129. Are you aware of what could cause a problem?

<--- Score

130. How can you reduce the costs of obtaining inputs?

<--- Score