Check List

Access limitation according to time

Purpose

To check if control is in place to ensure that instant lottery game data printing system operates only during the necessary hours.

Audit resources

Procedure

Verification

Document

Access record

Product

Detailed study list and method

-    Check if automatic log-off or end session takes place when there is no activity for specific time period.

-    Check if access time to crucial systems is limited.

Check List

The interception to the instant lottery game data printing system network

Purpose

To ensure that the instant lottery game data printing system and the systems designed for other use must be operated separately. In particular, game data server and game data printing server must be installed in the stand-alone format, disconnected from the network to prevent unnecessary access.

Audit resources

Procedure

Verification

Document

System design drawing, system architecture diagram, network assets list

Product

Detailed study list and method

-    Check if the system’s extent of importance is assessed.

-    Check if crucial system is separated from other systems and the network.

Check List

Portable computer usage

Purpose

To ensure that try game data printing system must be excluded from portable computing, and such a control must be maintained even at the time of maintenance and repair by an outside sources. However, when portable computing is unavoidable, the following control must be implemented.

Audit resources

Procedure

Verification

Document

portable computer assets list and register

Product

Detailed study list and method

-    Check if there is a control countermeasure when portable computer is used outside.

-    Check if there is a protection countermeasure in case of theft of laptop (notebook) or PDA containing game data.

Check List

Wireless LAN usage

Purpose

To ensure that the wireless LAN should not be applied in the instant lottery process, but if required, check that a control guide for the wireless LAN is being applied

Audit resources

Procedure

Verification

Document

Wireless LAN security guide

Product

Detailed study list and method

-    Wireless LAN must not be applied to instant lottery work. If the use of the wireless LAN is inevitable, the following requirements must be checked

-    Check if the default SSID is being modified (optional)

-    Check if WEP encrypted key over 128bit is being applied when in use (optional)

-    Check if WPA(802.1x) authentication is used to authenticate user

-    Check if there is a control over illegal AP that does not come through the manager