Draft page for developing an evaluation instrument for the Cohortium

Develop our questions here. We may want two sets of questions, one set for the Cohortium participants, and then a set of questions for a broader set of institutions/audiences (beyond the Cohortium), to see the current level of their awareness of the MFA Cohortium and thoughts on whether our work will be useful to them also.

Questions for Cohortium Participants

We are fine with responses from multiple individuals who are participating from the member institutions, and/or a "coordinated institution response" if you'd prefer.

  • If your institution did not have an MFA deployment 6 months ago:
    • Agree/Disagree.  My institution is closer to deploying MFA than it was six months ago.
  • If your institution already had at least a minimal MFA deployment 6 months ago:
    • Agree/Disagree.  My institution has made progress on expanding the deployment and use of MFA over these last 6 months.
  • Agree/Disagree.  Through participating in the Cohortium, I've learned more about MFA in the following areas:
    • Business drivers
    • Authentication risks
    • Deployment and integration options
    • Work required for deployment
    • Technology options
    • Technical work required
    • Support skill set needed and support costs
    • Marketing to application managers and users
  • Examining the set of whitepapers & diagrams produced by the Cohortium to date, do you think these have been/will:
    • Agree/Disagree.  _ be valuable to your institution in discussing, planning for, deploying and supporting MFA?
    • Agree/Disagree.  _ help you make the case for and explain MFA within your institution?
  • How many years do you predict before your campus will protect sensitive assets with more than just passwords alone?
    • Currently do not protect sensitive assets with passwords alone.
    • 1 year
    • 3 years
    • 5 years or more
  • What are your institution's primary roadblocks to deploying MFA? Please choose one or two of the most significant:
    • Not a management priority
    • Lack of funding
    • Lack of people
    • Lack of expertise
    • Not warranted in our environment
    • Other, please specify: _________________________
  • Amongst what audiences on your campus is the conversation about MFA taking place? Choose all that apply:
    • Security/IdM group
    • Central IT
    • Campus-wide technologists
    • Campus-wide governance
    • CIO
    • Executive management
  • Have your campus's conversations about MFA been translated into an action plan?   Yes/No
    • If so, has that action plan received funding?   Yes/No
  • Thinking about what the Cohortium can focus on in the next 6 months, what do you think would be of most value to your institution in advancing the deployment and use of MFA?
  • Feel free to add any other comments, suggestions, or even questions we should be asking but haven't yet.

Questions for a broader audience:

  • Have you heard about the MFA Cohortium?
    • If so, have you checked out its work at all?
      • detail some things on the wiki, so they can check things they've looked at?
  • Extracted set of the above questions for the membership, with a more generalized focus

Questions from IAM Online session on MFA Cohortium, some may be applicable.

  • How many years before your campus will no longer protect something sensitive with passwords alone?
  • Current deployment status of MFA?
  • Which deliverables are of most interest (choose all that apply)?
  • Areas of greatest interest (choose all that apply)
  • No labels