My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
2025-05-27-minutes-it-study-session
>
Meetings
>
2025
>
10. October
>
2025-10-07 10:00 AM - Commissioners' Agenda
>
2025-05-27-minutes-it-study-session
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
10/2/2025 3:46:32 PM
Creation date
10/2/2025 3:44:53 PM
Metadata
Fields
Template:
Meeting
Date
10/7/2025
Meeting title
Commissioners' Agenda
Location
Commissioners' Auditorium
Address
205 West 5th Room 109 - Ellensburg
Meeting type
Regular
Meeting document type
Supporting documentation
Supplemental fields
Item
Approve Minutes
Order
1
Placement
Consent Agenda
Row ID
136417
Type
Minutes
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
90
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
<br />©2025 Lumifi Cyber, Inc. All rights reserved. <br />PRIVATE - Controlled by Lumifi Cyber <br /> <br />22/25 <br />PRIVATE - Controlled by Lumifi Cyber <br />• Do you have a process to determine security requirements prior to <br />evaluating products, vendors and services and are security or regulatory <br />requirements made a part of the procurement evaluation process? <br />• Are specific statements required to be in contracts that cover security of <br />CCL assets and data? <br />• Do you have regulated data or operations that requires singing of data <br />sharing agreements or business associate agreements? <br />• Is there a process to monitor vendor compliance and are there measures <br />taken if a vendor is found to not be in compliance? <br />• Development Teams and Managers and Applications/Database Interview <br />Session: In-house development staff and managers and staff who are knowledgeable <br />about the team's practices, methods of operation, use of encryption in apps and <br />databases and the development process, up to 1 -1 1/2 hours <br />• Dev Team and Dev Managers: <br />• Describe the SDLC? <br />• Waterfall, Agile, DevSecOps methods used? <br />• What coding standards are being used and are they documented? <br />• Are developers required to take OWASP security training? <br />• When and how often is testing performed and what kind of testing is <br />performed? Security code reviews? Web application penetration <br />tests? Testing based on OWASP? <br />• Is there logical separation of Dev, Test, and Prod environments? <br />• Who is allowed to promote code and how is it approved? <br />• Is there segregation of duties between developers and production <br />administrators? <br />• Is live data every used in Dev or Prod? <br />• Describe developer training. <br />• Describe the results of the last or typical security code review. <br />• Describe the last or typical web application security assessment. <br />• What is the process for incorporating lessons learned back into the <br />coding standards and practices?
The URL can be used to link to this page
Your browser does not support the video tag.