North Carolina Education Lottery

SeNet performed an independent security assessment and audit of North Carolina Education Lottery (NCEL) systems and gaming operations.  We worked with and reported directly to the internal audit team at NCEL.  Our review focused on both gaming systems (i.e. RNG, ICS) as well as the supporting IT infrastructure. SeNet utilized NIST 800-53 “Security and Privacy Controls of Federal Information Systems and Organizations” revision 4 as the baseline for the audit.

In addition to performing interviews and examinations, technical vulnerability assessment scans were also conducted on the NCEL network and systems. Vulnerability scans were conducted both from external and internal perspectives. A limited web application security assessment was also conducted on mission critical applications identified by NCEL. A physical security review was performed on the headquarters in Raleigh and a field office in Greensboro.

The result of this effort was a comprehensive audit report that NCEL could use to strengthen their overall security posture.