Information Security Audit for a State Online Lottery

Download Now Date Added: Nov 2009
Format: PDF

This case study does a study to provide an Information Security (IS) audit on the backend and frontend systems of a state online lottery in India. This state online lottery wanted to conduct an IS audit as one of the country's leading state government lottery companies. The organization works with the use of internet-based kiosks across India. Therefore, it wanted to review the backend systems being used across the company along with five of their front-end systems at kiosks picked up by the company themselves. The idea of the study was to understand the efficiency of security of the IT systems and networks against internal and external threats. First things' first, the team met all stakeholders at the site office to understand the current policies engages and to know the future requirements. Simultaneously, Mahindra Satyam went on to do an "As-Is" study of the IS policies and procedures of the state online lottery. After collating information that was available from this exercise, a Gap Analysis was done to compare the company's processes with IS Best Practices and security guidelines. With this extensive study conducted on the state online lottery, Mahindra Satyam was able to undertake an audit of the security measures available at the online lottery system. The study helped them to identify key IS risks. After this, they used a tool-based vulnerability assessment to test the company's servers for their resistance against risk. This official Gap Analysis report specified the control gaps that were recognized.