Businesses are legally responsible for maintaining security and privacy. This page provides resources to assist businesses in protecting their most critical information assets. Check out the links below for valuable security information.
Key terms and definitions used in the cybersecurity industry and as adopted by the State of New Jersey. Explore the glossary.
+ Data Breach Reporting
According to the NJ Identity Theft Prevention Act, all businesses or public entities are required to disclose breaches of security of a customer's personal information and any information pertaining to the breach. Please report data breaches here.
+ Incident Reporting
All State of New Jersey employees are required to immediately report any suspected information security incident. Suspected information security incidents may be reported via the following channels:
- Immediate supervisor
- Agency HR Representative
- Agency IT Service Desk
- Agency Information Security Office
- NJOIT Enterprise Service Desk
- NJCCIC – 609-963-6900 x7865 or cyber.nj.gov/report
Any attempt to interfere with, prevent, obstruct, or dissuade a user in their efforts to report a suspected security incident or violation is strictly prohibited and cause for disciplinary action, up to, and including, termination. Any form of retaliation against an individual reporting or investigating a security incident or violation is also prohibited.
+ New Jersey Computer Crime Statutes
Do you know the law in New Jersey when it comes to computer crime? Review the statutes here.
Statutes include: Terroristic threats; stalking; luring, enticing child by various means, attempts; luring, enticing an adult, certain circumstances; bias intimidation; theft by deception; theft of services; computer criminal activity; wrongful access, disclosure of information; obtaining, copying, accessing program, software valued at $1,000 or less; forgery and related offenses; credit cards; scanning devices, reencoders; impersonation, theft of identity; endangering welfare of children; hindering apprehension or prosecution; and harassment.
+ Best Practices
Learn all about cybersecurity best practices on email security, passwords and multi-factor authentication, exploring the internet, and device security here.
+ Be Sure to Secure
The NJCCIC Be Sure to Secure page provides website visitors with information on various cybersecurity topics as well as instructional guides designed to teach visitors how to properly secure their devices, data, and networks, ultimately reducing their cyber risk. Please visit the Be Sure to Secure page here or click on the links below to learn more about specific topics.
- Guides to Accessing Security and Privacy Settings for: Android, Facebook, Google, Instagram, Twitter
- Cryptographic Protections in an Online World
- What to Expect When the GDPR Goes into Effect
- How to Configure and Secure a Home Wi-Fi Router
- Don't Take the Bait! Phishing and Other Social Engineering Attacks
+ Information Security Exception Request Form
+ NJ Statewide Information Security Manual
The purpose of the Executive Branch of New Jersey State Government’s Statewide Information Security Manual, hereinafter referred to as the Manual, is to assist New Jersey State Government organizations in applying a risk–based approach to information security while establishing the required behaviors and controls necessary to protect information technology resources, secure personal information, safeguard privacy and maintain the physical safety of individuals. This Manual includes a set of policies, standards, procedures, and guidelines that sets a clear direction for information security and its role in supporting Executive Branch departments and agencies in their efforts to carry out their respective missions and to achieve their business goals and objectives, while effectively managing risk and ensuring the confidentiality, integrity and availability of their information and information systems.
This Manual provides direction to the State workforce regarding their roles and responsibilities with respect to the security of State information assets. The implementation of consistent security controls across the Executive Branch of New Jersey State Government will help departments and agencies comply with current and future legal obligations to ensure due diligence in protecting the confidentiality, integrity, availability, and privacy of State information and information systems.
This Manual is intended to provide State agencies with a means to tailor cost-effective security controls necessary to protect the confidentiality, integrity, availability, and privacy of State information and information systems commensurate with their sensitivity and criticality, while also maintaining and ensuring compliance with all legal requirements.
The Executive Branch of New Jersey State Government’s Statewide Information Security Manual has been derived from applicable State and federal laws; industry best practices including the National Institute of Standards and Technology (NIST) Cybersecurity Framework for Improving Critical Infrastructure; NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations; NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations; the Center for Internet Security (CIS) Top 20 Critical Security Controls; the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM); lessons learned; and other New Jersey State Government business and technology related considerations.
Practice good online safety habits with these tips and advice.
+ Vulnerability Assessments
As technology continues to evolve and the “Internet of Things” takes shape in New Jersey, new vulnerabilities are constantly emerging across the State's digital landscape.
At the NJCCIC, we are committed to balancing a growing demand for convenience, accessibility, and efficiency with the need for resilient critical infrastructure assets.
We work with organizations across New Jersey to understand their strategic deployment of people, processes, and technologies, and to assess their cybersecurity posture.