A Secure Online Second Chance Drawing System Presented by: Patrick Maroney, Director of Security & Investigations, Colorado Lottery Ken Sabey, Director.

Slides:



Advertisements
Similar presentations
Accel Computerized Maintenance Management System.
Advertisements

Test test Please press the F5 key to begin. (Then, press the Page Up or Page Down keys to move through the following 3 slides.)
Ensuring Quality Support by Measuring Quality of Responses Mike Myers Director – Help Desk Operations Robin Rea Process Services Project Manager CompuCom.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
New Release Announcements and Product Roadmap Chris DiPierro, Director of Software Development April 9-11, 2014
LeadManager™- Internet Marketing Lead Management Solution May, 2009.
Welcome to the Award Winning Easiest to Use & Most Advanced View, Manage, and Control Security, Access Control, Video, Energy & Lighting Systems, & Critical.
Use Mobile Guidebook to Evaluate this Session – M1.5 Allowing Students to Update Their Program of Study Online.
OVERVIEW TEAM5 SOFTWARE The TEAM5 software manages personnel and test data for personal ESD grounding devices. Test and personnel data may be viewed/reported.
CUONG NGUYEN PRIYA PAKHANAVAR RUSSELL ROBINSON RPC Hotels.
Web Plus Overview Division of Cancer Prevention and Control National Center for Chronic Disease Prevention and Health Promotion CDC Registry Plus Training.
Compliance on Demand. Introduction ComplianceKeeper is a web-based Licensing and Learning Management System (LLMS), that allows users to manage all Company,
Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University
Uniqueness of user names is enforced Customer information logged to database Require contact information as well as address address will.
DePaul Bears Try Your Luck!. Why buy this product? Approximately 1,000,000 cell phone users Approximately 2,000,000 or more people play the lottery New.
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
1 Electronic Filing System United States Patent and Trademark Office.
8/9/2015 1:47 AM SurveyCentralOverview.ppt CSC ©Copyright 2012 Online Survey Application: CSC Survey Central System Overview November 26, 2012 Supported.
PEMSolutions Technology Training The New Early Warning System.
A Second Chance How to Enhance your Scratch Product Through Second-Chance Drawings Presented By: Todd Greco – Colorado Lottery Scratch Product Manager.
(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson,
CIS 1310 – HTML & CSS 12 E-Commerce Overview. CIS 1310 – HTML & CSS Learning Outcomes  Define E-commerce  Identify Benefits & Risks of E-Commerce 
Kim Carter Ombudsman for British Columbia Contact: The British Columbia Ombudsman’s Investigation into the BCLC’s Prize.
Chapter 16 Designing Effective Output. E – 2 Before H000 Produce Hardware Investment Report HI000 Produce Hardware Investment Lines H100 Read Hardware.
09/04/2008 Wallops Institutional Information Management System WIIMS An Overview.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
Online Translation Service Capstone Design Eunyoung Ku Jason Roberts Jennifer Pitts Gregory Woodburn Kim Tran.
AY Year  The administration period runs for two weeks in the 14 –weeks sessions (fall and spring) and six calendar days in other sessions. 
Types of Electronic Infection
Copyright © First Option 2008 First Option WebCheck The 1st Option in IT.
12 Developing a Web Site Section 12.1 Discuss the functions of a Web site Compare and contrast style sheets Apply cascading style sheets (CSS) to a Web.
All Input is Evil (Part 1) Introduction Will not cover everything Healthy level of paranoia Use my DVD Swap Shop application (week 2)
Section 12.1 Discuss the functions of a Web site Create a feedback form Compare and contrast option buttons and check boxes Section 12.2 Explain the use.
John A. Coates, P.E., Administrator Wastewater Compliance Evaluation Section, Office of Wastewater Management Florida Department of Environmental Protection.
1 TRI-MEweb: The Future Is Now Juan Parra Washington DC November 3, 2010.
Windows 2000 Certificate Authority By Saunders Roesser.
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC PUBLIC CO900G L03 - Design, Implement, and Manage FactoryTalk Security.
FP6 IT System 1 ELECTRONIC PROPOSAL SUBMISSION SYSTEM.
OARN Database UPDATE – SEPTEMBER We’re Live – and Testing  The site is up and running in Google’s data centers:  The site has been secured: 
Data, data, data In-depth session on data integration.
Copyright © 2006, Infinite Campus, Inc. All rights reserved. User Security Administration.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
FDOT Database Training #2 May 3, 2010 Presented by Erica Hughes & Michael Faraone Bridge Software Institute University of Florida.
2015 NetSymm Overview NETSYMM OVERVIEW December
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
PUBLISHING & COLLABORATION. SOCIAL NETWORKING ▪ Web sites such as Facebook, Twitter and LinkedIn are generally the first names people associate with social.
(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson,
STAAR Assessment Management System and StAAR Online Testing Platform
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Endpoint Security VPN R75 (SecureClient Next Generation)
Citrix ShareFile. Instant file access from any device Sharing and collaboration—with anyone Easy & Familiar (love Dropbox) USERS DEMAND Security Control.
Page ADP PearsonAccess Proctor Training. Page Agenda Test Overview Testing Components Proctor Roles and Responsibilities Overview Administering the Test.
Page PearsonAccess™ Technology Training Online Test Configuration.
Page ADP Technology Training. 2 Page2 Confidential Copyright © 2007 Pearson Education, Inc. and/or one or more of its direct or indirect affiliates. All.
1 A Look at the Application Authorized users can access Communicator! NXT from any Internet-capable computer via the Web.
1 Page1 WELCOME Call-in toll-free number: Conference Code: Please do not put your phone on hold. Use *6 to mute your line.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
REDCap General Overview
Setting and Upload Products
# 66.
DePaul Bears Try Your Luck!.
Enterprise security for big data solutions on Azure HDInsight
Chapter 27: System Security
REDCap and Data Governance
Online Translation Service Capstone Design
Electronic Payment Security Technologies
6. Application Software Security
Fast-Track UiPath Developer Module 10: Sensitive Data Handling
Presentation transcript:

A Secure Online Second Chance Drawing System Presented by: Patrick Maroney, Director of Security & Investigations, Colorado Lottery Ken Sabey, Director of Sales, HostWorks, Inc. Dan Baughman, Developer, HostWorks, Inc Fall NASPL Security Subcommittee Meeting Colorado Springs, Colorado

Reason for Security Integrity of any drawing Integrity of any drawing No longer just a promotional tool No longer just a promotional tool Now in the prize structure…. Now in the prize structure…. Is additional security needed?? Is additional security needed??

Overview Overview Data Center Security Server Security Receiving HASH Data Testing Entry Process Drawing Process

Secure Environment Data center security Manned 24/7 Manned 24/7 SAS70 Controlled Security Procedures SAS70 Controlled Security Procedures Locked cabinets Locked cabinets Security cameras Security cameras Colorado Department of Revenue personnel background checks Colorado Department of Revenue personnel background checks Yearly security audits Yearly security audits

Secure Environment (cont.) Server security Follow the manufacturer’s security standards for the operating system and development platform Follow the manufacturer’s security standards for the operating system and development platform Dedicated firewall Dedicated firewall Server and database access via VPN tunnels only Server and database access via VPN tunnels only Access controlled at user level Access controlled at user level Secure Socket Layers (SSL) used to encrypt data Secure Socket Layers (SSL) used to encrypt data Robust suite of anti-virus tools Robust suite of anti-virus tools Pro-active monitoring of the servers Pro-active monitoring of the servers

Drawing Setup Receiving the HASH data Data is transmitted via an encrypted SFTP protocol (must have key to connect) Data is transmitted via an encrypted SFTP protocol (must have key to connect) Access limited to authorized personnel Access limited to authorized personnel Encrypted files uploaded to web server, then unencrypted with the key Encrypted files uploaded to web server, then unencrypted with the key HASH data uploaded into database for specific game over encrypted connection HASH data uploaded into database for specific game over encrypted connection HASH = plug a string into it, outputs a 32 HASH = plug a string into it, outputs a 32 character string back character string back

Drawing Setup (cont.) Testing Developer does initial test with non-active VIRN numbers to verify it works Developer does initial test with non-active VIRN numbers to verify it works Lottery personnel conduct second level of testing prior to sign-off on the game Lottery personnel conduct second level of testing prior to sign-off on the game Test entries are tracked and stored separately from actual entries Test entries are tracked and stored separately from actual entries

Entry Process Entering the Ticket Number Player enters 2CD section of Lottery’s web site Player enters 2CD section of Lottery’s web site2CD section 2CD section Enters VIRN number from non-winning scratch ticket Enters VIRN number from non-winning scratch ticket System does one-way encryption to HASH algorithm to determine validity System does one-way encryption to HASH algorithm to determine validity If non-valid, user is presented with immediate feedback on reason If non-valid, user is presented with immediate feedback on reason If valid, entry is stored in entry table If valid, entry is stored in entry table Numerous failed attempts result in entry form access being temporarily disabled for player Numerous failed attempts result in entry form access being temporarily disabled for player

Entry Process (cont.) Entry Submission Upon successful submission, player is provided option to enter another ticket number Upon successful submission, player is provided option to enter another ticket number MyLottery player has option to review their 2CD history when logged in or to opt-in to a weekly summary MyLottery player has option to review their 2CD history when logged in or to opt-in to a weekly summary All drawing entrants will receive an notification revealing the winner of the drawing. All drawing entrants will receive an notification revealing the winner of the drawing.

Drawing Process Acquiring Entrants Authorized Lottery personnel login into Admin section of web site Authorized Lottery personnel login into Admin section of web siteAdmin section Admin section Second level of dual logins required to access Drawing system Second level of dual logins required to access Drawing system Drawing team chooses a 2CD game from list of available games, system provides output of total number of entrants Drawing team chooses a 2CD game from list of available games, system provides output of total number of entrants Automated security audit performed on data to scrub for possible duplicate entries Automated security audit performed on data to scrub for possible duplicate entries Lottery security performs data integrity check Lottery security performs data integrity check

Drawing Process (cont.) Winner Selection Drawing team runs the drawing on a separate stand alone automatic draw machine Drawing team runs the drawing on a separate stand alone automatic draw machine Drawing team logs back into drawing system and inputs the winning entrant’s number; system outputs that entrant’s contact information Drawing team logs back into drawing system and inputs the winning entrant’s number; system outputs that entrant’s contact information Drawing team now downloads copy of the entrants database Drawing team now downloads copy of the entrants database Winner is contacted by Lottery personnel Winner is contacted by Lottery personnel Winner has to physically present the scratch game ticket Winner has to physically present the scratch game ticket

Summary Multiple solutions: secure your current environment, outsource the 2CD system to a secure third party, hybrid. Multiple solutions: secure your current environment, outsource the 2CD system to a secure third party, hybrid. Test, Test, Test Test, Test, Test Continually audit and evaluate options Continually audit and evaluate options Listen to your players Listen to your players

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.