1. The Office of Information Security and Cyber Defense shall prepare and make publicly available a statewide strategic plan that outlines policies, procedures, best practices and recommendations for preparing for and mitigating risks to, and otherwise protecting, the security of information systems in this State and for recovering from and otherwise responding to threats to or attacks on the security of information systems in this State. The statewide strategic plan prepared and made available pursuant to this subsection must not identify or include information which allows for the identification of specific vulnerabilities in the information systems in this State. 2. The statewide strategic plan must include, without limitation, policies, procedures, best practices and recommendations for: (a) Identifying, preventing and responding to threats to and attacks on the security of information systems in this State; (b) Ensuring the safety of, and the continued delivery of essential services to, the people of this State in the event of a threat to or attack on the security of an information system in this State; (c) Protecting the confidentiality of personal information that is stored on, transmitted to, from or through or generated by an information system in this State; (d) Investing in technologies, infrastructure and personnel for protecting the security of information systems; and (e) Enhancing the voluntary sharing of information and any other collaboration among state agencies, local governments, agencies of the Federal Government and appropriate private entities regarding protecting the security of information systems. 3. The statewide strategic plan prepared pursuant to this section must be updated at least every 2 years. 4. A private entity may, in its discretion, make use of the information set forth in the statewide strategic plan. 5. Each agency of the State Government that has adopted a cybersecurity policy shall test the adherence of its employees to that policy on a periodic basis. Such an agency shall submit the results of the testing to the Office of Information Security and Cyber Defense annually for consideration in the update of the statewide strategic plan.
‹ Prev All Nevada sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.