My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
2025-05-27-minutes-it-study-session
>
Meetings
>
2025
>
10. October
>
2025-10-07 10:00 AM - Commissioners' Agenda
>
2025-05-27-minutes-it-study-session
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
10/2/2025 3:46:32 PM
Creation date
10/2/2025 3:44:53 PM
Metadata
Fields
Template:
Meeting
Date
10/7/2025
Meeting title
Commissioners' Agenda
Location
Commissioners' Auditorium
Address
205 West 5th Room 109 - Ellensburg
Meeting type
Regular
Meeting document type
Supporting documentation
Supplemental fields
Item
Approve Minutes
Order
1
Placement
Consent Agenda
Row ID
136417
Type
Minutes
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
90
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
<br />©2025 Lumifi Cyber, Inc. All rights reserved. <br />PRIVATE - Controlled by Lumifi Cyber <br /> <br />23/25 <br />PRIVATE - Controlled by Lumifi Cyber <br />• How do you assess the controls expected on classified systems or <br />systems and networks handling regulated or classified data? <br />• Do you apply role-based access to applications and systems using <br />regulated or classified data? <br />• Do you follow the Principle of Least Privilege when creating Windows, <br />applications and SaaS access roles for regulated or classified data? <br />• DBAs and Application Administrators: <br />• Cloud SaaS or on premises? <br />• How do you provide access based on the principle of least privilege? <br />• Is all access to the application for users entirely role -based access <br />control (RBAC) and what are those roles based on? <br />• Is access reviewed periodically and how often? <br />• How is access approved? <br />• Do you use multifactor authentication for access whether by users or by <br />administrators? <br />• How are users decommissioned? <br />• How are connections made to the DB, stored procedures or direct DB <br />calls? <br />• Is data encryption enforced at the application layer or the DB layer and <br />how and what ciphers? <br />• What authentication methods are used for the application and where can <br />the application be accessed from, i.e. the Internet or internal only? <br />• Is the application using a fat client, thin client, Citrix/RDP or VPN? <br />• Facilities and Plant Interview Session: People whose responsibilities include building <br />and facility access control, employee and visitor badging and escorting, video <br />monitoring, card key and physical key systems, datacenter controls such as back -up <br />power, temperature sensors, water sensors, fire suppression, paper and media <br />management and disposal (shredding), up to 1 hour <br />• Describe physical security controls <br />• Card keys <br />• Duplicates allowed? <br />• Temp card keys issued to employees when left ‘at home’?
The URL can be used to link to this page
Your browser does not support the video tag.