1 / 15

Information Security Issues at Casinos and eGaming

Information Security Issues at Casinos and eGaming. Tim Tarabey June 2012. Agenda. Advanced Persistent Threats (APT) Access Controls eGaming / Casinos specific Issues. Advanced Persistent Threats ( APT). Definition

emlyn
Download Presentation

Information Security Issues at Casinos and eGaming

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security Issues at Casinos and eGaming Tim Tarabey June 2012

  2. Agenda • Advanced Persistent Threats (APT) • Access Controls • eGaming / Casinos specific Issues

  3. Advanced Persistent Threats (APT) • Definition usually refers to a group of people with both the capability and the intent to persistently and effectively target a specific entity. • Challenges • Traditional IS tools/measures and controls are generally insufficient. • Information Security Awareness • Increase ISS budget/training/ Skills.

  4. Advanced Persistent Threats (APT) • Addressing the APT • Realtime monitoring • Packet filtering • Continuous true penetration test • Web application scans • Recognize the “new normal”. • Executive Support: reach out to CIO’s and executives to get things done.

  5. Access Controls • Definition • It is the cornerstone of any Information Security program. • Physical, technical and administrative controls • Challenges • Authentication of users • Business needs • Remote access • Access Control Review • Prevention vs detection and response • Internal breaches will happen as long as people has access to data

  6. Access Controls • How to address • Awareness programs • Consistent account reviews by business owners not IT/IS • Define Processes • Costly • Resources • Require tools and technologies • Requires facilities and back-end systems to manage • Constant updates and maintenance of systems

  7. Casino / eGaming Issues • Background • Casino and eGaming have their own unique challenges and the amount of casino/egaming expertise is limited. • Casino operations are trying to enhance the customer experience by collecting more and more sensitive player data. • With the changes in business operations as a result of the internet era, security concerns move from computer lab to the front page of newspapers and media.

  8. Casino / eGaming Issues • Challenges (Business and ISS/IT challenges) • Unclear law around exploiting online games • Regulatory & Compliance (GPEB, OIPC, PCI, …etc) • Data Access • expansion of user community • Application/ Software providers • Interoperability • Speed to market • Social Media

  9. Casino / eGaming Issues • 24x7x365 availability • 3rd party support • Mobile Devices and smart phones • VIP Players

  10. Casino / eGaming Issues • Business Priorities and Requirements (meeting business demands versus security requirements) • Projects vs. operations • Time • Resources • How to address • Information Systems Security Program • Be Dynamic • ISS as business enabler (business must drive security) • Segregate critical systems

  11. Information Security Challenges • Requires Special Skills and Training • Requires detection, analysis, investigative and resolution skill sets • Requires emergency response capabilities for resolution • Requires on-going hiring, training and retention initiatives • Ongoing Research and ability to incorporate new tools and technologies • Real Time Monitoring

  12. Defining the Role, Scope and Procedures • Role of the security operations team • Will it simply observe, record and report on recurring attacks? • Will it be actively involved in mitigating threats? • Scope of the security operations team • Agree on the scope of your Security operations activities, is it restricted to the network only, or includes suspicious behavior from user activity. • Define appropriate procedures • Ensure all processes and how incidents are handled are clearly understood by all parties. • Ensure you have a clearly documented incident response plan.

  13. Information Systems Security

  14. Information Systems Security • The role of ISS is to influence everyone in the corporation to embed information security principles, practices, and technology into all aspects of the business • ISS’s goal is to achieve and maintain a balancedinformation security posture commensurate with the risk appetite of the enterprise. • Safeguards are used to mitigate threats in a cost-efficient manner

  15. Questions

More Related