Security Compliance Auditing & Vulnerability Analysis
Gaming is a highly regulated industry with regulators in each gaming jurisdiction establishing technical standards for the offering of fair, secure, and auditable gaming operations within their jurisdiction.
Early regulatory regimes for online gambling realized that information security would be a significant factor that would need to be considered, and as a result, many iGaming technical standards have included security elements. These extend to both the technical requirements of the gaming systems themselves and the internal controls needed to manage the gambling operations offered through the online gambling systems. In some cases, the security audit needs to be performed prior to deployment. In other cases, an annual security audit is required such as in New Jersey (DGE), Denmark (DGA), and the UK (UKGC).
The only way to ensure the correct functioning of an information-security framework is to test it. Depending on the business requirements of the organization, testing can take several forms ranging from an assessment of an information-security framework element’s effectiveness to a complete compliance audit of the information-security system to achieve certification of the system.
GLI’s Information System Security Audits will evaluate how the information-system security of your organization is implemented against a particular standard. The goal of the audit is to provide a determination of compliance. Compliance with a third-party standard may result in certification or accreditation to that standard. During an audit, any areas of non-compliance with the standard are brought to your attention in the form of non-conformance reports which are typically addressed before a system is deemed compliant.
GLI performs both remote and physical/on-site evaluation of the live dealer studio itself. GLI’s testing on-site normally includes (but is not necessarily limited to) the following elements:
- Penetration Testing
- Network Vulnerability Scan
- Vulnerability, Threat, and Risk Assessment
- Technical Controls Audit
- Physical & Environmental Controls Security Audit
- Personnel Security Audit
- PCI Qualified Security Audit
- PCI Approved Scanning Vendor Scan
- Disaster Recovery Audit
- Continuity of Operations Audit
- Incident Management Audit
- Internal Infrastructure Testing
- External Infrastructure Testing
- Cloud Computing Security Audit
- Application Security Testing
- Security Source Code Review
- Social Engineering Audit
- ISO 27001 Audit
For the greatest peace of mind that your iGaming system and operation is secure, contact GLI today.