Authority: IC 4-33-4; IC 4-35-4
Affected: IC 4-33; IC 4-35
Sec. 7. The casino licensee must submit internal controls to maintain all aspects of security, including the following:
(1) Procedures to handle different types of security incidents, including the following:
- (A) System failures and loss of service.
- (B) Malicious code detection.
- (C) Denial of service.
- (D) Errors resulting from incomplete or inaccurate business data.
- (E) Breaches of confidentiality or integrity.
- (F) Misuse of information systems.
(2) In addition to the normal contingency plans, these internal controls shall include the following:
- (A) Analysis and cause of the security incident.
- (B) Containment.
- (C) Planning and implementation of corrective action to prevent recurrence.
- (D) Communication with those affected by or involved with recovery from the security incident.
- (E) Reporting of the action to the executive director or the executive director's designee.
(3) Action to recover from security breaches and correct system failures shall be carefully and formally controlled; the procedures shall ensure the following:
- (A) Only clearly identified and authorized personnel are allowed access to live systems and data.
- (B) Emergency actions taken are documented in detail.
- (C) Emergency action is reported to management and reviewed in an orderly manner.
- (D) The integrity of business systems and controls is confirmed with minimal delay.
- (4) Testing the integrity of the LMGS on an ongoing basis.
(Indiana Gaming Commission; 68 IAC 25-4-7; filed Jan 7, 2016, 8:21 a.m.: 20160203-IR-068150084FRA; readopted filed Oct 17, 2022, 11:45 a.m.: 20221116-IR-068220276RFA)