GLI-19: - Gaming Laboratories International
GLI-19: - Gaming Laboratories International
GLI-19: - Gaming Laboratories International
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>GLI</strong> Standard #<strong>19</strong> – Standards for Interactive <strong>Gaming</strong> Systems (Suppliers) Version 1.0<br />
Final<br />
b) There must be a secure method implemented for changing the current encryption keyset.<br />
It is not acceptable to only use the current key set to “encrypt” the next set. An example<br />
of an acceptable method of exchanging keys is the use of public key encryption<br />
techniques to transfer new key sets.<br />
c) There must be a secure method in place for the storage of any encryption keys.<br />
Encryption keys must not be stored without being encrypted themselves through a<br />
different encryption method and/or by using a different encryption key.<br />
7.3.9 Malicious and Mobile Code.<br />
a) Detection, prevention, and recovery controls to protect against malicious code and<br />
appropriate user awareness procedures shall be implemented.<br />
b) Where the use of mobile code is authorized, the configuration shall ensure that the<br />
authorized mobile code operates according to a clearly defined security policy, and<br />
unauthorized mobile code shall be prevented from executing.<br />
7.3.10 Monitoring.<br />
a) Audit logs recording user activities, exceptions, and information security events shall be<br />
produced and kept for an agreed period to assist in future investigations and access<br />
control monitoring.<br />
b) Any modification, attempted modification, read access or other change or access to any<br />
<strong>Gaming</strong> Platform record, audit or log must be noticeable by an approved <strong>Gaming</strong><br />
Platform via version control or file time stamping. It must be possible to see who has<br />
viewed or altered a log and when.<br />
c) Procedures for monitoring use of information processing facilities shall be established<br />
and the results of the monitoring activities reviewed quarterly or as provided by the<br />
jurisdiction.<br />
d) Logging facilities and log information shall be protected against tampering and<br />
unauthorized access.<br />
e) System Administrator and System Operator activities shall be logged.<br />
f) Faults shall be logged, analyzed, and appropriate action taken.<br />
g) The clocks of all relevant information processing systems within an organization or<br />
Chapter Seven: Information Systems Security (ISS) Requirements Page 58<br />
Copyright © 2011 <strong>Gaming</strong> <strong>Laboratories</strong> <strong>International</strong>, LLC<br />
All Rights Reserved.