Information Security Issues at Casinos and eGaming

Slides:

Advertisements

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

Advertisements

Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.

EMS Checklist (ISO model)

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Security Controls – What Works

Information Security Policies and Standards

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)

Computer Security: Principles and Practice

Stephen S. Yau CSE , Fall Security Strategies.

Risk Management Vs Risk avoidance William Gillette.

Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.

OU INFORMATION SECURITY & RISK MANAGEMENT ISA – February 4, 2015.

Session 3 – Information Security Policies

Network security policy: best practices

Joel Maloff Phone.com February, 2012.

PBA. Observations  Growth, projects, busy-ness –Doing an incredible amount of work  Great Quality of work  Concern about being perfect  Attitudes.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

SEC835 Database and Web application security Information Security Architecture.

[Name / Title] [Date] Effective Threat Protection Strategies.

Intrusion Detection MIS ALTER 0A234 Lecture 11.

Evolving IT Framework Standards (Compliance and IT)

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Information Systems Security Computer System Life Cycle Security.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Dell Connected Security Solutions Simplify & unify.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Asif Jinnah Microsoft IT – United Kingdom. Security Challenges in an ever changing landscape Evolution of Security Controls: Microsoft’s Secure Anywhere.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Auditing Information Systems (AIS)

Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.

Network design Topic 1 Business goals. Agenda Network life cycle Network design process Business goals Scope Constraints.

Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.

Kathy Corbiere Service Delivery and Performance Commission

INFORMATION SECURITY AWARENESS Whose Job is it Anyway? Ron Freedman Ron Freedman Vice President VCampus Corporation Scott Wright Scott WrightPresident.

1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Information Security Management Goes Global

Cybersecurity - What’s Next? June 2017

Data Minimization Framework

Data and database administration

Security Standard: “reasonable security”

Introduction to the Federal Defense Acquisition Regulation

Joe, Larry, Josh, Susan, Mary, & Ken

Security Awareness Training: System Owners

The Privacy Cycle A Five-Step Process to Improve Your Privacy Culture

IS4680 Security Auditing for Compliance

Cybersecurity ATD technical

HIPAA Security Standards Final Rule

Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.

Cloud Computing for Wireless Networks

Presentation transcript:

Information Security Issues at Casinos and eGaming Tim Tarabey June 2012

Agenda Advanced Persistent Threats (APT) Access Controls eGaming / Casinos specific Issues

Advanced Persistent Threats (APT) Definition usually refers to a group of people with both the capability and the intent to persistently and effectively target a specific entity. Challenges Traditional IS tools/measures and controls are generally insufficient. Information Security Awareness Increase ISS budget/training/ Skills.

Advanced Persistent Threats (APT) Addressing the APT Real time monitoring Packet filtering Continuous true penetration test Web application scans Recognize the “new normal”. Executive Support: reach out to CIO’s and executives to get things done.

Access Controls Definition It is the cornerstone of any Information Security program. Physical, technical and administrative controls Challenges Authentication of users Business needs Remote access Access Control Review Prevention vs detection and response Internal breaches will happen as long as people has access to data

Access Controls How to address Awareness programs Consistent account reviews by business owners not IT/IS Define Processes Costly Resources Require tools and technologies Requires facilities and back-end systems to manage Constant updates and maintenance of systems

Casino / eGaming Issues Background Casino and eGaming have their own unique challenges and the amount of casino/egaming expertise is limited. Casino operations are trying to enhance the customer experience by collecting more and more sensitive player data. With the changes in business operations as a result of the internet era, security concerns move from computer lab to the front page of newspapers and media.

Casino / eGaming Issues Challenges (Business and ISS/IT challenges) Unclear law around exploiting online games Regulatory & Compliance (GPEB, OIPC, PCI, …etc) Data Access expansion of user community Application/ Software providers Interoperability Speed to market Social Media

Casino / eGaming Issues 24x7x365 availability 3rd party support Mobile Devices and smart phones VIP Players

Casino / eGaming Issues Business Priorities and Requirements (meeting business demands versus security requirements) Projects vs. operations Time Resources How to address Information Systems Security Program Be Dynamic ISS as business enabler (business must drive security) Segregate critical systems

Information Security Challenges Requires Special Skills and Training Requires detection, analysis, investigative and resolution skill sets Requires emergency response capabilities for resolution Requires on-going hiring, training and retention initiatives Ongoing Research and ability to incorporate new tools and technologies Real Time Monitoring

Defining the Role, Scope and Procedures Role of the security operations team Will it simply observe, record and report on recurring attacks? Will it be actively involved in mitigating threats? Scope of the security operations team Agree on the scope of your Security operations activities, is it restricted to the network only, or includes suspicious behavior from user activity. Define appropriate procedures Ensure all processes and how incidents are handled are clearly understood by all parties. Ensure you have a clearly documented incident response plan.

Information Systems Security

Information Systems Security The role of ISS is to influence everyone in the corporation to embed information security principles, practices, and technology into all aspects of the business ISS’s goal is to achieve and maintain a balanced information security posture commensurate with the risk appetite of the enterprise. Safeguards are used to mitigate threats in a cost-efficient manner

Questions