Check List

Cryptographic controls

Purpose

To check if the printing related system changes to screen lock status in the case of no-use for a predetermined time, and asks a user to input password for in-use status and to protect the confidentiality, authenticity and integrity of important gaming and lottery related information by cryptographic means.

Audit resources

Procedure

Verification

Document

System operation manual, IT access control manual, Printing process management guide, Game data printing system manual

Product

data on portable systems, networks, storage, validation numbers system, game data printing system being operated

Detailed study list and method

-    Check if screen saver function is set in the game data printing system with password

-    Check if screen saver is activated in a case where the game data printing system is not operated for a predetermined time, and check if the screen is restored when the printing staff inputs password

-    Check if screen saver password is managed by the printing staff

-    Check if encryption data on portable systems are applied for non public organization data on portable systems, USB, PDA, Notebook,. etc.

-    Check if encryption for Networks are applied for confidential data through networks which risk analysis has shown to have an inadequate level of protection, including validation or other important gaming information, e-mail, internet fax, and other mobile, etc.

-    Check if encryption data for storage are applied for the back-up library of winning and validation information.

-    Check if encryption of data transaction is applied for financial business among the lottery organization, government and a bank.

Check List

Check that the test plan of the computer to maintain the security, confidentiality and integrity of test data.

Purpose

To ensure the reliability of the system in a phase prior to test and actual printing phases and smoothly achieve association with printing process by testing existing and additionally developed program related to computer system (ticketing system, barcode system, verification system, etc.)

Audit resources

Procedure

Verification

Document

Test methodology policy, ticketing system, barcode system, verification system

Product

Test data

Detailed study list and method

-    Testing schedule of each computer system’s program

-    Check if program unit test and integrated test in association with the printing process are discriminated in test plan

-    Check if the integrated test schedule is planned considering link to any other process

-    Check if system of testing and result is established

-    Check if consideration about the preparation needed for the test is performed

-    Check if test data needed for test is defined

-    Check if test result is defined

-    Check that the test methodology policy include provisions to prevent the use of data created in a live production system for the current draw period and to prevent the use of player personal information.