Gaming Privacy and Security e Gaming Experience in
- Slides: 15
Gaming, Privacy and Security e. Gaming Experience in British Columbia Lottery Corporation October 5, 2013 Gurmit Aujla – Director, Internal Audit 1
Play. Now. Com Timeline Launch Play. Now. com July 2010 Sports July 2012 Mobile June 2013 Casino B 2 B January 2013 Poker February 2011 2 Lottery B 2 B August 2013
Old World – Ways to Play 3
4
Competition 5
Competition 6
Top 5 Risk Areas Information Security & Privacy Regulatory Compliance Infrastructure Vendors Public Support (Integrity) 7
Manitoba & Western Canada Concern Areas Contract compliance, SLA's Regulatory – multiple jurisdictions Gaming integrity Communication Risks Availability 8
Governance Participants (Internal Vs. External) BCLC External Auditor Regulator (GPEB) Audit Services e. Gaming … Oversight Information Security e. Gaming Security Steering Committee 9
Assurance Map Assurance Coverage Map (Internal) – e. Gaming Key Risk Areas Department Sub-Department Key Business Process e. Sec. Int. Audit Info Sec. Regulator Ext. Audit e. Gaming Marketing e. Gaming Operations Detailed data redacted e. Gaming Security e. Gaming Business Development Responsible Gambling 10
What our B 2 B customer wanted Assurance Coverage Map (External) – e. Gaming Key Risk Areas Coverage What our Customer cares about External Auditor Regulator SOC 1 IT General Controls Product Certification Change Management Controls IT Security Detailed data redacted 11 Detailed data redacted
New World Reporting Status Control Areas e. Gaming Risk Registry & Risk Coverage E External Assurance Internal Assurance e. Security l p m a x O e Play. Now Continuous Monitoring y l n Executive Dashboard 12
Internal Audit Resource Allocation New World Old World Technology Focus Casino/Lottery Operations 18% 40% 60% 82% Technology Focus Casino/Lottery Operations 13
Risks Vs. Controls Mapping 14 Information Security & Privacy • • • Security & Privacy Requirements Security Testing & Penetration Tests Privacy Impact Assessment Infrastructure • • • Design Assessment Change Management QA & Compliance Testing Vendors • • • Requirements Management Vendor SLA measurement Contract Management Regulatory Compliance • • • Regulator Coordination Independent Testing Verification of Gaming Standards Player / Public Support • • Communications Management Advertising
Questions? 15
Cvs privacy awareness and hipaa training answers
Indiana gaming commission charity gaming division
Azure security privacy compliance and trust
Chapter 9 privacy security and ethics
Chapter 9 privacy security and ethics
Chapter 9 privacy security and ethics
Hipaa privacy and security awareness training
Is a destructive event a program is intended to deliver.
Private securty
Direct and indirect experience examples
Imprinting meaning psychology
Continuity vs discontinuity
Wireless security in cryptography
E commerce security policy
Cloud gaming: architecture and performance
Privacy and dignity in care
