My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
2025-05-27-minutes-it-study-session
>
Meetings
>
2025
>
10. October
>
2025-10-07 10:00 AM - Commissioners' Agenda
>
2025-05-27-minutes-it-study-session
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
10/2/2025 3:46:32 PM
Creation date
10/2/2025 3:44:53 PM
Metadata
Fields
Template:
Meeting
Date
10/7/2025
Meeting title
Commissioners' Agenda
Location
Commissioners' Auditorium
Address
205 West 5th Room 109 - Ellensburg
Meeting type
Regular
Meeting document type
Supporting documentation
Supplemental fields
Item
Approve Minutes
Order
1
Placement
Consent Agenda
Row ID
136417
Type
Minutes
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
90
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
<br />©2025 Lumifi Cyber, Inc. All rights reserved. <br />PRIVATE - Controlled by Lumifi Cyber <br /> <br />20/25 <br />PRIVATE - Controlled by Lumifi Cyber <br />• Do you have cyber-insurance? Does it also cover fraud (phishing, phone <br />scams, Business Email Compromise (BEC))? <br />• Is data security and ownership covered in the procurement process and in <br />vendor contracts? <br />• How is Information Security Governance conducted? Describe the decision - <br />making processes for procurement, security decision making processes for <br />projects or decision-making processes for outsourcing, change control and <br />change management, compliance, risk management and governance? <br />• How are requests for exceptions to policy handled? <br />• Are Information Security and Acceptable Use Policies and Operational <br />Security Procedures documented? Are they maintained and reapproved <br />annually? Are they well known and do employees receive training on them? <br />• Is Security Awareness training conducted and how often? <br />• Is there an IR Plan and is it tested periodically with Tabletop Exercises <br />(TTEs)? <br />• Do you incorporate security into your procurement process and if so how? <br />• Is an Enterprise Security Risk assessment conducted annually? <br />• What regulations are you required to comply with and have you achieved <br />compliance with those regulations and standards (i.e. HIPAA, PCI, HIPAA, <br />CJIS, NERC CIP etc.)? <br />• Describe Monitoring, Alerting and Incident Response technology and <br />process <br />• Describe the Vulnerability Management process <br />• Describe any security testing processes <br />• Describe Security Requirements gathering for projects and procurement <br />• Describe the nature and management of operational Security <br />• Do you run security testing and how often? Vulnerability <br />assessment? Network penetration testing? Web application pentesting and <br />security code review? Wireless assessments? Phishing <br />exercise? Password cracking to test for strong passwords? Security <br />testing for digital printers, HVAC, other operational technology (OT)? <br />• Describe the operational security controls and technologies in use such as <br />Firewalls, IDS/IPS, DLP, Encryption, email security, SIEM, etc. in use and how <br />they systems are monitored for alerts?
The URL can be used to link to this page
Your browser does not support the video tag.