This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Video Game Security Framework"

From OWASP
Jump to: navigation, search
m
m (Quick Download)
Line 325: Line 325:
 
'''Governance & Compliance Process'''
 
'''Governance & Compliance Process'''
 
<br />
 
<br />
:1.    Regulation Alignment
+
:1.    Regulation
  
:2.    Audit Process
+
:2.    Audit
  
:3.    Monitor Method
+
:3.    Monitor
  
:4.    Control Setup
+
:4.    Control
 
<br />
 
<br />
'''1. Regulation Alignment'''
+
'''1. Regulation'''
  
 
<br />
 
<br />
There are many regulations that attribute to organizational compliance and understanding policies that adhere to the business model and future security strategy is the first step.
+
There are many regulations that attribute to organizational compliance and understanding policies that align to the business model and future security strategy is the first step.
  
 
<br />
 
<br />
Line 363: Line 363:
 
::d)    Google
 
::d)    Google
 
::e)    Amazon
 
::e)    Amazon
::f)   Apple
+
::f)     Apple
 
::g)    Steam
 
::g)    Steam
  
Line 371: Line 371:
 
<br />
 
<br />
  
2. '''Audit Process'''
+
2. '''Audit'''
  
 
<br />
 
<br />
The best way to ensure an organization is maintaining the right level of compliance is to properly audit.
+
The best way to ensure an organization is maintaining the proper level of compliance is to audit.
  
 
Auditing involves performing routine internal checks to ensure policies are being followed by all.
 
Auditing involves performing routine internal checks to ensure policies are being followed by all.
Line 415: Line 415:
  
 
<br />
 
<br />
Monitoring involves watching an existing infrastructure for changes related to compliance status. The goal is to detect anomalies and be able to watch organizational trends from a compliance point of view. This valuable information will aid in quickly remedying non compliance and developing new strategies by pinpointing areas of improvements.
+
Monitoring involves watching an existing business environment for changes related to the overall compliance status. The goal is to detect anomalies and watch organizational trends from a compliance point of view. This valuable information will aid in quickly remedying non-compliance and developing new strategies by pinpointing areas of improvements.
  
 
<br />
 
<br />
Line 433: Line 433:
 
::b)  Is the Incident Response plan being implemented and tracked at each stage
 
::b)  Is the Incident Response plan being implemented and tracked at each stage
  
 +
<nowiki>**</nowiki>''Overall if anything goes wrong, will you be able to pinpoint where non-compliance is.''
  
 
+
'''''How ''''' do we want to view information on what is being monitored?   
'''''What''''' monitoring method are we planning to use?   
 
 
:1)    Reports
 
:1)    Reports
 
:2)    Dashboards/Charts
 
:2)    Dashboards/Charts
Line 457: Line 457:
  
 
<br />
 
<br />
During this phase an org must implement controls in place to ensure as much compliance. The goal should not only be to set up a compliance framework but to use as much automation as possibly.  This will in turn reduce overhead and will make compliance easier to manage and modify in the future.
+
During this phase an org must implement controls in place to structure compliance in daily operations. The goal should not only be to set up a compliance framework but to use as much automation as possible.  This will in turn reduce overhead and will make compliance easier to manage and modify in the future.
  
 
<br />
 
<br />
Line 466: Line 466:
  
 
:1)    People
 
:1)    People
 +
 +
:a)    Work Requirements
  
 
:2)    Process
 
:2)    Process
 +
 +
:a)    Change management
  
 
:3)    Technology
 
:3)    Technology
 +
:a)    Identity Access Management (IAM) Software
 
<br />
 
<br />
 
'''''What''''' can be done to automate future compliance controls?
 
'''''What''''' can be done to automate future compliance controls?

Revision as of 20:00, 1 May 2019

OWASP Project Header.jpg

OWASP Video Game Security Framework (VGSF)

OWASP Video Game Security Framework (VGSF) defines an approach to discovering solutions for strategy, development, operations, and management surrounding security for video game industry business models


Most organizations that operate in the digital landscape approach security as a last afterthought when compared to the overall business strategy and operations. In the recent years it has become more apparent the consequences of such behavior with increasingly amounts of data breaches happening. The cost associated with an organization’s loss of intellectual property and other digital assets has reached the millions.


With the fast growth of the video game industry (174 billion by 2021 - Newzoo Global Game Forecast) in recent years, it is critical that organizations operating in this space have a strong security posture. Cyber-attacks aimed at various components of a business can affect the interoperability, user protected info, end-game product, and overall business model. As more businesses and clients operate in the cyber space its important to leverage security as a way to create sustainable trust, lead competitively, and operate more agile with different types of data.

The framework is comprised of five discipline areas that could produce many best practice methodologies:
VGSF-LOGO.png


I. Business Strategy & Risk


II. Governance & Compliance


III. Prevention

This will be one of the largest sections as it is comprised of many different aspects of overall cyber security


IV. Management


V. Service Delivery & Support

Licensing

The OWASP Video Game Security Framework is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


What is the OWASP Video Game Security Framework?

The goal of the OWASP Video Game Security Framework is to provide an adaptable blueprint to guide the development and deployment of cyber resiliency within a video game enterprise operation.

The target audience for the project includes:

  • Game Publishers
  • Game Developers
  • Security Professionals
  • Consumer Gamers
  • Quality Assurance Testers
  • Business Stakeholders in the Gaming Industry
  • Industry Enthusiasts

Project Leaders

  • Romen Brewer

Contributors

  • TBD

Related Projects

Collaboration

Join the discord channel: [1]

Quick Download

COMING SOON

News and Events

  • April, 2019: Site Creation and Discord channel creation.


Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files DOC.jpg