06 Apr ISS audit and ISMS audit in betting slots in virtual casinos
As can be seen in this https://www.gamingintelligence.com/es/productos/casino/28843-los-secretos-del-exito-de-las-tragaperras-online/ as slots represented 43.4% during 2019 of total online casino revenue, well ahead of roulette (28.11%) or blackjack (11.5%). Its growth is maintained at 40% annually after having achieved a spectacular 243% between 2014 and 2015. There are several factors that explain these figures. The attractive, thematic and localized design has been vital, but there are also others such as game time, the rules they have or the prizes that can be achieved. Looking ahead, slots will also have to adapt to the demands of digital natives, offering a closer gaming experience. As external auditor of the information security system at www.3cherry.com I would like to indicate in this post some of the Key questions of the two aspects of auditing that I will now explain, ISS Audit and ISMS audit in slots.
ISS audit and ISMS audit in betting slots in virtual casinos
As CISA auditor and Master in Cybersecurity by Deloitte, first of all I have to name that what is sought in this type of online gambling slot audit is to guarantee that the systems to which the online player and the other stakeholders of this business operate and are players of secure systems that guarantee what we call CDI (Confidentiality, availability and integrity) of the information that we share with these systems.
This type of audit has two main parts:
ISS audit. We are talking about technical vulnerability analysis of these systems.
ISMS audit. Where we are before how the casino slots software development company manages its internal security. We are facing a large percentage of ISO27001 as well as some added questions from this particular sector.
ISS audit
We are faced with the need of the audit to ensure that the system (servers, hosts, operating systems, endpoints), its modules and the information exchanged is free of the maximum possible vulnerabilities that an external system (generally a hacker can exploit) In This sense made this part of the audit following the following scheme:
Analysis with my client of the architecture, technologies used, hosting and security measures applied (typically IP Filtering, Firewall, WAF, anti spam, SSL encryption, VPN, restricted ports, configured IPS and IDS, etc.)
Ethical hacking with penetration tests that rescue the vulnerabilities that any hacker will use in the first instance.
Recommended solution to the results obtained in the previous point.
Step 2 and 3 until free of level 1, 2 and 3 vulnerabilities.
Delivery of reports.
ISMS audit
Information security must be a pillar of this type of companies in their business processes. For this, this audit includes a series of control points that ensure that the entire company works safely, from the facilities, employee registration and termination procedures, password management, backups, management and mobile devices, etc. the ISO27001 standard plus some very specific questions about this type of betting slot system in virtual casinos. For this and like when other companies ask me to adapt to ISO27001, I recommend the use of a cloud tool that allows us to manage all the documentation, risk management, that already provides templates and examples, etc. to reduce the adaptation time of the company to this standard.
Conclusion
The gambling slots player in virtual casinos is not generally aware that there are regulations, for each country, that guarantee that economic transactions, among other issues, are carried out securely free of alterations, impersonations by third parties, improper access, etc.
Luis Vilanova Blanco. CISA Auditor, Master in Cybersecurity, Auditor slots online casinos.
911277300
auditoriajuegoonline@luisvilanova.es