1. Process dimension
1. Process dimension
1.1 Which aspects do you consider relevant for assessing process maturity?
1.1 Which aspects do you consider relevant for assessing process maturity?
1.2 Is the proposed model for assessing process maurity comprehensible and easy to understand?
1.2 Is the proposed model for assessing process maurity comprehensible and easy to understand?
2. Artifact dimension
2. Artifact dimension
2.1 Which aspects do you consider relevant for quality of an artifact?
2.1 Which aspects do you consider relevant for quality of an artifact?
2.2 Is the proposed model for assessing artifact quality comprehensible and easy to understand?
2.2 Is the proposed model for assessing artifact quality comprehensible and easy to understand?
3. Compliance Matrix
3. Compliance Matrix
3.1 Which other apects besides process maturity and artifact quality do you consider relevant for assessing compliance?
3.1 Which other apects besides process maturity and artifact quality do you consider relevant for assessing compliance?
3.2 Due to assess compliance, is the proposed compliance matrix comprehensible and easy to understand?
3.2 Due to assess compliance, is the proposed compliance matrix comprehensible and easy to understand?
4. Business centric
4. Business centric
4.1 From management perspective, does the model deliver the information managers demand for?
4.1 From management perspective, does the model deliver the information managers demand for?
4.2 Is a structure, which is based on common frameworks like COBIT 5 and the Balanced Scorecard sensible?
4.2 Is a structure, which is based on common frameworks like COBIT 5 and the Balanced Scorecard sensible?
4.3 Which other frameworks and standards are beeing utilized in your company?
4.3 Which other frameworks and standards are beeing utilized in your company?
5. Pracitcal useage
5. Pracitcal useage
5.1 Would you like to apply S²C-AM in practice?
5.1 Would you like to apply S²C-AM in practice?
5.2 Which challenges exist when assessing security-standard compliance in this way?
5.2 Which challenges exist when assessing security-standard compliance in this way?