State Lottery Enlists CBIZ for Cyber Compliance

Client Profile

Sector: Public
Industry: Gaming and Entertainment
Number of Employees: 50+
Geographic Footprint: State of Oklahoma
Annual Revenue: $190M+

Doctor and Infant Issue

The Oklahoma Lottery Commission (the Commission) had never undergone a comprehensive cybersecurity assessment. As a small state agency with a two-person Information Technology (IT) department, a majority of their IT systems and processes are managed by a third party. The Commission sought CBIZ’s assistance to meet new state mandated assessment requirements based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).

Solution

To comply with the NIST and CSF assessment framework, we reviewed an array of sensitive IT information – system security documentation, password and security configurations, application and system user account lists, physical access lists, IT policies and procedures, vendor contracts and agreements – as well as some network information. Vendor management became a key focus of the engagement. We established an understanding of the roles and responsibilities of the Commission versus each of their vendors. We then determined whether service levels, metrics and responsibilities were outlined in vendor contracts and associated agreements.

Outcome

In addition to placing the OK Lottery Commission in compliance with state requirements, this initial assessment provided a detailed guide for remediating deficient, ineffective or overlooked information security controls. Our final report highlighted assessment results, key findings and related control weaknesses, noted applicable NIST CSF criteria and provided recommendations labeled with severity level (high, medium, or low) to help prioritize a plan for remediation. Our final report also included the Commission management’s responses and planned corrective actions for addressing the findings.

Download our case study


Copyright © 2020, CBIZ, Inc. All rights reserved. 

State Lottery Enlists CBIZ for Cyber ComplianceThe Oklahoma Lottery Commission (the Commission) had never undergone a comprehensive cybersecurity assessment....2020-10-20T13:21:00-05:00

State Lottery Enlists CBIZ for Cyber Compliance