Gaming , Privacy and Security eGaming Experience in British Columbia British Columbia Lottery...
description
Transcript of Gaming , Privacy and Security eGaming Experience in British Columbia British Columbia Lottery...
1
Gaming, Privacy and SecurityeGaming Experience in British Columbia
British Columbia Lottery Corporation
October 5, 2013
Gurmit Aujla – Director, Internal Audit
22
PlayNow.Com TimelineLaunch
PlayNow.com July 2010 Mobile
June 2013
PokerFebruary 2011
SportsJuly 2012
Lottery B2B August 2013
Casino B2BJanuary 2013
33
Old World – Ways to Play
44
77
Top 5 Risk Areas
Information Security & Privacy
Regulatory Compliance
Infrastructure
Vendors
Public Support (Integrity)
88
Manitoba & Western Canada Concern Areas
Contract compliance, SLA's
Regulatory – multiple jurisdictions
Gaming integrity
Communication Risks
Availability
99
Governance Participants (Internal Vs. External)
eGaming Security
Information Security
Audit Services
…
Regulator (GPEB)External Auditor
Steering Committee
eGaming Oversight
BCLC
1010
Assurance MapAssurance Coverage Map (Internal) – eGaming Key Risk AreasDepartment Sub-Department Key Business Process eSec. Int. Audit Info Sec. Regulator Ext. Audit
eGaming Marketing
eGaming Operations
eGaming Security
eGaming Business Development Responsible Gambling
Detailed data redacted
1111
What our B2B customer wantedAssurance Coverage Map (External) – eGaming Key Risk Areas
CoverageWhat our Customer
cares about External Auditor Regulator
SOC1 IT General Controls Product Certification
Change Management Controls IT Security
Detailed data redacted
Detailed data redacted
1212
Example Only
New World ReportingControl Areas Status
Executive Dashboard
PlayNow Continuous Monitoring
eSecurity
Internal Assurance
External Assurance
eGaming Risk Registry & Risk Coverage
1313
Internal Audit Resource Allocation
18%
82%
Old World
Technology Focus
Casino/Lottery Operations
40%
60%
New WorldTechnology FocusCasino/Lottery Operations
1414
Risks Vs. Controls Mapping
Information Security & Privacy
• Security & Privacy Requirements• Security Testing & Penetration Tests• Privacy Impact Assessment
• Design Assessment• Change Management• QA & Compliance Testing
• Requirements Management• Vendor SLA measurement• Contract Management
• Regulator Coordination• Independent Testing• Verification of Gaming Standards
• Communications Management• Advertising
Infrastructure
Vendors
Regulatory Compliance
Player / Public Support
1515
Questions?