5.260.2—5.260.2
>Control Description
Definitions. As used in this section:
(a) “Cyber attack” means any act or attempt to gain unauthorized access to an information system for purpose of disrupting, disabling, destroying, or controlling the system or destroying or gaining access to the information contained therein.
(b) “Cybersecurity” means the process of protecting an information system by preventing, detecting, and responding to cyber attacks.
(c) “Covered entity” means an entity required to comply with the requirements of this section. Each of the following qualify as a covered entity:
(1) Holder of a nonrestricted license as defined in NRS 463.0177 who deals, operates, carries on, conducts, maintains, or exposes for play any game defined in NRS 463.0152;
(2) Holder of a gaming license that allows for the operation of a race book;
(3) Holder of a gaming license that allows for the operation of a sports pool; and
(4) Holder of a gaming license that permits the operation of interactive gaming.
(d) “Information system” means a set of resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. Elements of an information system include, without limit, hardware, software, information, data, applications, communications, and people.
(e) “Risk assessment” means the process of identifying, estimating, and prioritizing risks to organizational operations and assets resulting from the operation of an information system. Guidance for conducting a risk assessment can be found in the Framework for Improving Critical Infrastructure Cybersecurity, version 1.1 or later, published by NIST.
>Cross-Framework Mappings
Ask AI
Configure your API key to use AI features.