Gamasutra is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Gamasutra: The Art & Business of Making Gamesspacer
Seven Steps to Improved Security
View All     RSS
October 15, 2019
arrowPress Releases
October 15, 2019
Games Press
View All     RSS







If you enjoy reading this site, you might also want to check out these UBM Tech sites:


 

Seven Steps to Improved Security


May 2, 2012 Article Start Previous Page 2 of 3 Next
 

3. Network Security is a Process

Game companies that store hundreds of thousands, or millions, of customer service records need evolving technical measures in place as well the policy level considerations above. Security is an arms race where hacking, protections, and countermeasures are constantly at battle with one another.

We know that state of the art technical security in 2012 would include encrypting very sensitive data such as credit card numbers, parameterizing queries to prevent SQL injection, and implementing strong input validation to protect systems from invalid character entries.

While any system can be attacked via zero-day vulnerabilities, ensure your systems are rigorously updated with all security patches to prevent needless exposure.

We also know these measures and how they are implemented will change next year, and even over the course of this year. As your company follows its own internal road map, the company's security should be audited regularly. These audits should usually be internal, but on occasion, the network should engage an independent third party audit to conduct the security system review.

Interacting with external auditors on an ongoing basis provides both a different perspective as well as market knowledge that cannot be achieved internally. Furthermore, regularly planned external audits reduce the emergency or reactive character associated with bringing in external auditors only after a breach.

4. Written Information Security Program

Every organization should have a written information security program which sets forth the organization's data management and security practices. This is actually required by law in some jurisdictions if a company collects personal data -- however, it is a best practice in any regard. The plan should be reviewed and updated on an annual basis. Such a plan makes it easier to measure and manage compliance with sound security practices since there will be objective standards.

5. Children's Data

Extra caution should accompany any project that involves the collection or use of personal information from children. If there is one area of privacy and data security that unites lawmakers, regulators, and consumers, it is the need to protect children online.

Everything in this article applies to children under 13 as well as adults. In addition, compliance with the Children's Online Privacy Protection Act (COPPA) is required if your service is directed to children under 13, or if you know your service is collecting information from children under 13.

In addition, there are self-regulatory guidelines imposed by industry organizations such as the ESRB Kids Privacy Certification and the Children's Advertising Review Unit that monitor self-regulatory programs and COPPA compliance.

COPPA compliance review should be part of the company's privacy and security audit procedures. Certainly, any substantial loss of children's data would be associated with many of the costs attributed to adult data breaches and likely include additional negative publicity. Last year, Playdom was fined 3 million dollars associated with a COPPA violation.


Article Start Previous Page 2 of 3 Next

Related Jobs

Sanzaru Games Inc.
Sanzaru Games Inc. — Dublin, California, United States
[10.15.19]

Environment Artists
Sanzaru Games Inc.
Sanzaru Games Inc. — Dublin, California, United States
[10.15.19]

UI Technical Artist
Obsidian Entertainment
Obsidian Entertainment — Irvine, California, United States
[10.15.19]

Combat Designer
Deep Silver Volition
Deep Silver Volition — Champaign, Illinois, United States
[10.15.19]

Project Manager





Loading Comments

loader image