The following words and terms, when used in this subchapter, shall
have the following meanings unless the context clearly indicates otherwise:
"Access" means the ability to create, read, modify, and/or delete
controlled data.
"Authorized user" means a current employee of the casino licensee,
affiliate, or vendor, which has been approved by the casino licensee's Information
Technology (IT) Department to access a controlled computer system.
"Computer access" or "logical access" means any access to
controlled data or software.
"Computer security" means the physical and logical controls that
are used to prevent unauthorized access to controlled hardware, software, and
data.
"Confidential data" means any data that is collected by the casino
licensee that is not in the public domain.
"Controlled computer system" means all hardware and software used
to protect, generate, or store controlled data.
"Controlled data" means any casino related record, other than
marketing data, that is required by the Casino Control Act and the Division
rules.
"Controlled hardware" means any device that is used by a
controlled computer system.
"Controlled software" means any software, other than marketing
applications, that can be used to create or alter controlled data.
"Critical computer system" means all hardware and software used to
protect, generate, or store critical data.
"Critical data" is a subset of controlled data and means any
record that is used in the calculation of gross gaming revenue and does not include
marketing data.
"Critical hardware" means any device that is used to store
critical data.
"Critical location" means any physical location used to house
critical hardware and software.
"Critical software" means any program that can be used to create
or alter critical data.
"Disaster recovery plan" means written procedures, including
assigned roles and responsibilities, designed to restore all or part of a casino
licensee's controlled computer system capabilities in the event that the system is
rendered unusable by a disaster.
"Division best practice" means a course of action recommended by
the Division. When Division best practice is not used, the casino licensee shall
document in its internal controls, the course of action to be taken. Such internal
controls shall be approved by the casino licensee's Director of IT Division best
practices shall be considered a safe harbor such that a licensee that implements the
Division best practice shall not be subject to sanctions if the regulation for which
the Division best practice set forth is breached.
"Firewall" means dedicated computer hardware, software, and
related device security policies, which are controlled by the casino licensee's IT
department to effectively protect a controlled computer system, its software, and
data from unauthorized access.
"Personal patron data" means any non-public patron information
collected by the casino licensee, including date of birth, social security number,
credit card numbers, bank account information, and driver's license number.
"Qualified affiliate" is a holding, intermediary or subsidiary
company of a casino licensee that has been found qualified in conjunction with such
licensee's casino license.
"Release Notes" means documents which describe and provide the
reason for changes made to components, configurable options, settings, or versions
of a critical computer system.
"Remote access" means connectivity to a controlled computer system
from a location outside of the casino licensee's casino facility.
"System integrity" means the validity of controlled data and the
controls used to minimize human error, hardware malfunctions, transmission errors,
software errors, infiltration of unwanted software (malware, virus, etc), and
disasters.
