Skip to main content

Managing Risk for Internet Gaming

June 13, 2012

We all know that online gaming is coming to the United States, and is partially here via WAN-connected tribal casinos, online poker that is available in multiple countries around the world, and U.S.-based casinos that are opening up wireless integration opportunities for the playing purposes of their consumers. As with any move from a brick and mortar scenario to the Internet, IT security and maintenance of that security become more important to casinos. Understanding the risks involved before you make the move, as well as developing a risk management strategy and program to continue to manage the risks, including adding controls to limit or remove risks, will provide value to your organization and operational efficiency.

What are your Business Risks?

First, do you know your business security risks? Have they been identified from multiple levels? What’s an acceptable risk for you? What is totally not acceptable? How do you manage risk in your environment? Do you know where and how to reduce your risk? How will you identify and report on the risk levels in your organization? Your risks may include loss of player personal information, credit card information, critical casino operational information, malware such as Trojans hidden in your systems, hijacked player sessions, and critical data loss or leakage. You should also consider the risk of reputation should your systems be attacked.

High-Level Technical Risks for Internet-Based Gaming Systems

There are also technical risks that should be understood, while controls to manage risks should be in place. Some high-level examples of the risks and controls you should consider are in Figure 1 and Figure 2 below. For “Application Security” below, I’m focused on the security of delivery or supporting applications -- not so much the actual gaming applications, which you’ll need to meet the appropriate regulatory requirements for your area.

Figure 1 - High-Level Risks to Internet-Based Gaming Systems

High-Level Controls for Internet-Based Gaming Systems

There are a few examples of the controls (Figure 2) you can put in place to protect against the risks identified above. However, in addition to technical controls, ensure you also have the policies, processes, including incident management, and training as part of your controls and risk management program and strategy. From a high level, some of the types of risk controls that you should have in place are as follows: 

Figure 2- High-Level Controls for Internet-Based Gaming Systems

You’ll need to dig much deeper then these high-level examples I’ve shown to have a good grasp on your risks. A risk-based gap analysis should provide you with a view of your risks, controls you have or need to put in place, as well as help you define a strategy and roadmap to get the risks to an acceptable level.

Related Blogs

May 03, 2018

Getting Started with Postman for API Security Testing: Part 1

Postman is a useful tool used by many developers to document, test and interact with Application Programming Interfaces (APIs). With the ubiquity of A...

See Details

May 16, 2012

Securing Mobile Gaming Applications

The Gaming Industry is moving at lightening speeds to get mobile content to their players to enhance player in-house experiences, integrate with loyal...

See Details

February 28, 2012

Thinking Strategically on GSA Gaming Standards Security

As the gaming industry moves further toward open-source Gaming Standards Association (GSA) standards for lowering costs and risks while increasing int...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

September 20, 2017

PCI Compliance

Go beyond the PCI compliance checklist.

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.