Section 68IAC25-4-7. Internal controls

Latest version.

The casino licensee must submit internal controls to maintain all aspects of security, including the following:

(1) Procedures to handle different types of security incidents, including the following:

(A) System failures and loss of service.

(B) Malicious code detection.

(C) Denial of service.

(D) Errors resulting from incomplete or inaccurate business data.

(E) Breaches of confidentiality or integrity.

(F) Misuse of information systems.

(2) In addition to the normal contingency plans, these internal controls shall include the following:

(A) Analysis and cause of the security incident.

(B) Containment.

(C) Planning and implementation of corrective action to prevent recurrence.

(D) Communication with those affected by or involved with recovery from the security incident.

(E) Reporting of the action to the executive director or the executive director's designee.

(3) Action to recover from security breaches and correct system failures shall be carefully and formally controlled; the procedures shall ensure the following:

(A) Only clearly identified and authorized personnel are allowed access to live systems and data.

(B) Emergency actions taken are documented in detail.

(C) Emergency action is reported to management and reviewed in an orderly manner.

(D) The integrity of business systems and controls is confirmed with minimal delay.

(4) Testing the integrity of the LMGS on an ongoing basis.

(Indiana Gaming Commission; 68 IAC 25-4-7; filed Jan 7, 2016, 8:21 a.m.: 20160203-IR-068150084FRA)

                    
                        var val = document.getElementById('citecontent').innerHTML;
                        art.dialog.defaults.title = window.location.href;
                        art.dialog.data('cite', val);
                        art.dialog.data('homeDemoPath', '/Scripts/plus/artDialog/');
                        art.dialog.open('/Scripts/plus/artDialog/citeiframe.html');