Penetration Testing for ISO 27001 Compliance
(Online Gambling)

Speaking of gambling we imagine money, and where’s money there are risks. No wonder, casino business is fraught with the danger of clients' personal data theft, stolen transactions, false identities and unauthorized access to the system.

The client evaluated the costs of potential hacker intrusion and came to the conclusion the web security is not about something you can choose or not. It is necessary for business. Besides that, the UK Gambling Commission requires that all license holders should have regular Annual Security Audits undertaken by an independent security firm. That’s how the client found us and assigned with a task to conduct penetration testing in order to compliant with ISO 27001 and 'Remote and Gambling Software Technical Standards' (RTS).

Keeping in mind the main concern we focused our penetration testing tactics on the most vulnerable spots, specifically on compromised clients' accounts and fraud. The uncaught attack could cause tarnished casino reputation, cracked system assets and major financial losses.

We helped out the casino IT security staff and provided them with some valuable recommendations on how to strengthen casino security defences.