The ideal candidate will provide quality audit services, with specialization and expertise in penetration testing, vulnerability scanning and compliance with the ISO 27001:2013 security framework.
In order for the Lottery maintain its integrity and ensure that the appropriate internal controls and security measures are in place, a comprehensive audit of the Lottery’s security controls must include:
- Security Department Management, Duties, and Procedures;
- Physical Security;
- Information Systems Security (including Internal Control System (ICS), WiFi, Firewalls, Network Diagrams, etc.);
- Security surrounding Draw Game drawings;
- Business Continuity Planning (as it relates to Hoosier Lottery, only – not specific to IGT Indiana, unless explicitly stated);
- A best-practices assessment of Lottery practices investigating potential fraud;
- Penetration testing of the Lottery network (Internal Control System (ICS), WiFi, Switches, Firewalls, VPN, VLANs, and Secure File Transfer Protocol (SFTP) workstations);
- Vulnerability scanning for Lottery devices;
- Adherence to ISO 27001:2013 security framework and the requirements of the World Lottery Association Security Control Standard (WLA-SCS).
RFP submission dates:
Response Part One, Submission Form due date and time: June 28, 2023 @ 3:00 PM ET
Response Part Two, Submission of Proposals by flash drive due date and time: July 3, 2023 @ 4:30 PM ET
Full details of the RFP process and criteria can be found at this link.