Application Security Testing – An application security test is a method of assessing the security of an application (Web, compiled, mobile, etc.) and evaluating the effectiveness of controls that are implemented to protect the application and organization from risks posed by application-based flaws. Specifically, application security testing assesses application vulnerabilities that may jeopardize the confidentiality, integrity and availability of critical or sensitive data and establishes the priority to eliminate vulnerabilities or mitigate their potential impact to the organization. GLI application security testing helps an organization identify and remediate application-related vulnerabilities and flaws before hackers can exploit those vulnerabilities and flaws and gain access to the organization’s systems, resources and confidential information. This service is flexible and can be tailored to meet specific client requirements. Our overall methodology is modeled after the Open Web Application Security Project (OWASP), an established guideline for comprehensive application security testing. OWASP is a worldwide free and open community focused on improving the security of applications. OWASP’s mission is to make application security “visible,” so that people and organizations can make informed decisions about application security risks.
Cloud Computing Security Audit – Cloud computing is revolutionizing the information technology industry and the way that security is implemented. GLI is at the forefront of cloud computing security evaluating and consulting on cloud solutions security implementation.
Continuity of Operations and Disaster Recovery Audit – To ensure the availability of an organization’s mission critical functions, GLI evaluates and consults on contingency plans and procedures, incident response plans, disaster recovery plans, and business impact assessments for major information systems, data centers, and worldwide telecommunication networks. The focus of these plans and procedures is to ensure continuity of operations and secure backup/recovery. We also evaluate specialized Continuity of Operations Plans (COOP) in accordance with specific agency guidelines and worldwide recognized Information Security standards.
Customized Casino Solutions (CCS) – are intended to determine the integrity and certification status of hardware and so‑ware components at your gaming properties. CCS is authorized by regulatory agencies and ordered by gaming facilities.
Daily Fantasy Sports (DFS) Sports Betting – DFS are an accelerated variant of traditional fantasy sports games where players compete against each other by building a team of professional athletes from a particular league or competition while remaining under a specified salary cap. Players earn points based on the actual statistical performance of the players in real-world competitions. Wagering is typically structured in the form of paid competitions usually referred to as a “contest”; where winners receive a share of a pre-determined pot funded by their entry fees. A portion of entry fee payments goes to the provider as rake revenue.
Disaster Recovery Consultation – GLI leverages its many years of experience in providing disaster recovery auditing and assessment services. GLI’s experts can advise on disaster recovery strategies and assist in the planning and execution of disaster recovery testing.
Esports – Esports (also known as electronic sports, competitive (video) gaming, professional (video) gaming, or pro gaming) is a form of competition facilitated by electronic systems, particularly video games; the input of players and teams as well as the output of the esports system are mediated by human-computer interfaces.
External Audit – An external audit is conducted by a qualified, independent third party to determine if the organization’s information security framework is compliant with a specific standard. Depending on the standard chosen and the auditing body, an external audit can lead to certification to a third-party information security standard.
External Infrastructure Testing – External infrastructure assessments aim to answer the question, “Could an attacker compromise our Internet-facing resources?” External infrastructure testing explores the consequences of a hacker carrying out malicious activities from across the Internet. It involves surveying available network services, interrogating them for weaknesses, and trying to exploit them to extract information or compromise the network. GLI’s methodology can be tailored to meet the requirements of PCI, ISO 27001 and gaming jurisdiction specifications. An external infrastructure assessment provides assurance that a network is safe from external threats.
Forensic Investigations – GLI offers a full investigative services team to provide a forensic evaluation. This evaluation is a detailed, objective examination of a gaming machine and/or critical components for the purpose of determining the cause of an abnormal malfunction and/or settling a player dispute.
GLI University Training – From Slot Basics to Advanced iGaming, GLI University® provides training and best practices in a myriad of classes for your casino personnel.
Go Live Project Management – GLI assists in project management for new so‑ware and technology implementations. We will assist in mapping out the projected scope of work, including duration and resources required for initial and ongoing projects like audits and/or inspection activities. Project management services are performed prior to the initiation of work and in accordance with requirements specified by the client. Experts in Project Management can be brought in to ensure optimization of resources.
iGaming – Gambling or wagering via some form of computer network such as the Internet or alternate digital means. This can include not only games played on computers, but also those played through mobile devices, interactive T.V., in-venue on tablets, or other peer-to-peer networks mediums.
Incident Management Audit – Our review focuses on security incident management standards, guidelines and procedures as well as the implementation and governance of these activities. Security incident management may intersect or complement the help desk, problem management and operational incident reporting. However, this review focuses mainly on the security component.
Information Security System Audit – To determine the security posture of an organization and its information systems and data, GLI conducts Information Security (INFOSEC) and security control assessments in accordance with worldwide, recognized procedures and guidelines.
Internal Audit – An internal audit is conducted by designated staff members to determine if the organization is following the requirements laid down in its own corporate information security framework. Aside from making good business sense, the existence of an internal audit process is often a requirement for certification to a third-party information security standard.
Internal Infrastructure Testing – Internal infrastructure assessments aim to identify “What could an attacker do if they had access to an organization’s internal network?” Internal infrastructure testing is usually conducted at a client’s premises and is often scenario and risk-based. An assessment could explore the consequences of a rogue employee or contractor carrying out malicious activities. It could involve trying to break into core company services from the guest Wi-Fi in the cafeteria. It can include reviews of standard desktop or laptop security as well as assessments of virtual local area networks (VLANs), VoIP, mobile and wireless networks. GLI’s methodology can be tailored to meet the requirements of PCI, ISO 27001 and gaming jurisdiction specifications. Internal infrastructure assessments provide assurance that an internal network is safe from internal and external threats.
ISO 27001 Gap Analysis – Our experts can perform a gap analysis between the controls you currently have in place and those which would be required for compliance with ISO 27001. They will then work with you to develop a roadmap for implementing the controls which would make your governance processes compliant with ISO 27001.
ISO 27001 Information Security System Audit – We will evaluate your implemented organization information security controls against the ISO 27001 security standards to determine how accurate and effective they are.
IT Risk Assessments – GLI has cybersecurity experts to provide risk assessments for Wireless, Networks, Infrastructure, Gaming Applications, as well as IT Security Control Reviews and Social Engineering.
Jurisdictional Information Security System Audit – GLI will perform an evaluation against specific gaming jurisdiction security standards and recognized security standards to determine how accurate and effective your implemented organization information security controls are.
Kobetron – The world’s foremost provider of cutting-edge tools and systems for all your casino so‑ware compliance and verification needs.
Load Testing – Load testing is an essential stage in the development lifecycle because it ensures that your site does not buckle under heavy load. GLI’s user-friendly website load testing service allows you to control as much of the process as you wish. We offer tailored solutions based on your technical and business requirements. You can either manage your own tests with the Software as a Service (SaaS) option or opt for managed load testing and let our web performance assessors take the strain. To save time and money on unnecessary retests, it can be a good idea to carry out a pre-load test performance audit. This way, you can make sure your website is in the best possible shape to cope with extra load before you test it. Load testing is a recurring requirement. As we work with you to deliver your website load testing goals, we aim to transfer our knowledge to you so you can get the best out of our service for yourself. As we move through different projects, we can tailor our involvement to suit your requirements, ensuring that we always provide the level of support that you need.
Lottery Business Analysis – GLI’s extensive experience enables lottery teams to identify risks that could negatively impact retailers, stakeholders, and therefore lottery revenue and reputation. We partner to ensure critical projects are executed successfully and efficiently.
Lottery Project Health and Recovery – GLI has the diverse international experience to identify and analyze critical lottery projects for issues and risks. The myriad of issues we’ve addressed allow us to recommend timely and practical corrective actions to ensure your success.
Lottery Project Management – GLI’s Project Management Office (PMO) uses best-of-breed methodologies aligned to lottery industry standards to address IT project delays, new system or hardware implementations, functionality issues or problems found in the field. Cutover Services A system cutover may take only a day, but implementation planning may take weeks or even months to ensure a successful cutover. GLI can assist with configuration and change management processes required for success and post-implementation sustainability.
Organizational Key Processes Evaluation – GLI provides an in-depth consultancy service in relation to key organizational processes, such as System Development Life Cycle (SDLC), change management, IT governance, project management, etc., aiming to advise organizations on how to streamline those processes while eliminating the waste and adopting effective solutions.
PCI Approved Scanning Vendors quarterly scan – An ASV is an organization with a set of security services and tools (“ASV scan solution”) to conduct external vulnerability scanning services to validate adherence with the external scanning requirements of PCI DSS Requirement 11.2.2. The scanning vendor’s ASV scan solution is tested and approved by PCI SSC before an ASV is added to PCI SSC’s list of approved scanning vendors.
PCI Qualified Security Audit – Qualified Security Assessor (QSA) companies are independent security organizations that have been qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI DSS. QSA employees are individuals who are employed by a QSA company and have satisfied, and continue to satisfy, all QSA requirements.
Penetration Testing – GLI’s penetration testing service will help companies determine weaknesses in their network, computer systems and applications. A standard penetration test might contain a vulnerability assessment through conventional system and software testing or network security scanning alone. Unlike other penetration testing companies who focus on assembly line assessments and automatic tools output, we take a different approach. GLI delivers a quality product tailored to your needs. We work with our customers to build an accurate profile of your primary business function, where threats come from, and your security assessment goals. This is done to ensure that the work conducted meets your exact needs and not just easily productized. We focus on long[1]term relationships with our clients to ensure they get the best penetration test possible, offering them high-end, professional security audit services developed for their needs.
Performance Monitoring – GLI can give you valuable insight into the speed and availability of your site and how it performs for your visitors. Core to GLI’s website performance monitoring is our unique testing methodology and accurate, targeted alerting. As a result, we deliver the most reliable and consistent data on website performance available. The test is performed from outside your firewall, gaining a real user’s view of your website’s performance. Testing is consistent and repeatable – each test is throttled to simulate the end user connection speed. This means a realistic and consistent view of website speed without the interference of ISP connectivity.
Personnel Security Audit – Obtaining trustworthy personnel to operate and maintain critical information systems is of vital importance to the security posture of an organization. GLI evaluates and consults customers on personnel security programs that address security screening policies, personnel identification procedures, industrial security requirements, and security awareness training programs.
Physical Security Audit – GLI performs extensive analysis and design of physical security control systems including: automated and manual entry control systems; facility monitoring equipment; intrusion detection systems; access control procedures; and other mechanisms designed to protect physical infrastructures. GLI has conducted physical security inspections for data centers, network operations centers (NOC), and security operations centers (SOC) throughout the world.
Progressive Auditing – GLI will conduct an inspection that will include verification of the progressive controller so‑ware, configuration, and meter incrementation testing.
Promotional/Bonus Feature Testing – Verification of proper communication of AFT transactions, including Non-Cashable Electronic Promotion (NCEP), Cashable Electronic Points (CEP), and Wagering Account Transfer.
Redemption and Promotional Kiosk Audit – Verification of critical files installed on the kiosk, evaluating approval status as well as proper operation and functionality of the product.
Responsible Gaming – To help ensure land-based, lottery, and online operations are equipped to implement best practices, GLI offers Responsible Gaming Program Audits (RGPA) that are customized to meet your specific needs.
Security Awareness and Training – Security awareness and training is a vital component of any personnel security program. GLI develops a wide variety of security awareness and training curriculum, including general awareness training, information system specific training and security training for technical and developer personnel. GLI has authored numerous security awareness papers covering topics, such as the electronic intrusion threat, intrusion detection and response, security of Internet gaming IT systems, and certification and accreditation.
Security Source Code Review – Security source code review is probably the single-most effective technique for identifying security flaws. When used together with automated tools and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort. GLI has reviewed source code for a variety of organization in the iGaming industry to verify that the proper security controls are present, work as intended, and have been invoked in all the right places. Code review is a way of ensuring that the application has been developed so as to be “self-defending” in its given environment and it is performed according to the OWASP open source framework.
Skill-Based Games – Interactive games in which the outcome of the game is determined by the player’s physical skill (such as fast reaction or dexterity) or mental skill (logic abilities, strategic thinking, trivia knowledge).
Slot File Verification – Verification of the key elements of the slot file, such as so‑ware IDs and versions.
Social Engineering – GLI social engineers attempt, by personal contact, to steal your employees’ confidential information by exploiting trust, good faith and helpfulness or through excessive demand and/or employee uncertainty. Depending on the test objective and target group, GLI uses different methods and types of social engineering attack.
Social Gaming – Social gaming commonly refers to the activity or practice of playing/wagering on an interactive game via a social media platform. Typically, these interactive games allow or require social interaction between players, as opposed to playing games in solitude. It also refers to games that involve multiple players or a social network game that has social network integration or elements. “Freemium” is the most popular social gaming model, where players play/wager for free.
Sports Betting – Sports betting is the activity of predicting sports results and placing a wager on the outcome through interactive means. Today, bets accepted and reconciled by iGaming operators extend to non-athletic events as well, such as reality show contests, political elections, movie and music award shows, and non-human contests like horse racing. Consequently, ensuring the accuracy of odds and settlement of wagers is fair and secure is vital.
System Audits – Verification of critical back-end system files and evaluation of approval status.
Threat/Risk Management Analysis and Vulnerability Assessments – An effective risk management program requires a thorough assessment of the threats to a particular information system as well as the vulnerabilities of the system to those threats. GLI provides customers with a comprehensive evaluation of the risk management implementation and analysis of naturally occurring and man-made threats to information systems using authoritative sources and various intelligence sources. These assessments are used to identify mitigation procedures and system modifications to close-known vulnerabilities, thereby enabling the information system to operate at an acceptable level of risk.
User Acceptance Testing – GLI can provide User acceptance testing (UAT) services, in which new so‑ware installs or upgrades can be tested in a real-world environment from a user’s perspective.