Resources for Businesses & Government

The purpose of the New Jersey Statewide Information Security Manual (SISM) is to assist organizations in applying a risk–based approach to information security while establishing the required behaviors and controls necessary to protect information technology resources, secure personal information, safeguard privacy and maintain the physical safety of individuals. This SISM includes a set of policies, standards, procedures, and guidelines that sets a clear direction for information security and its role in supporting organizations in their efforts to carry out their respective missions and to achieve their business goals and objectives, while effectively managing risk and ensuring the confidentiality, integrity and availability of their information and information systems.

This SISM provides direction regarding roles and responsibilities with respect to the security of information assets. The implementation of consistent security controls will help organizations comply with current and future legal obligations to ensure due diligence in protecting the confidentiality, integrity, availability, and privacy of information and information systems.

This SISM is intended to provide organizations with a means to tailor cost-effective security controls necessary to protect the confidentiality, integrity, availability, and privacy of information and information systems commensurate with their sensitivity and criticality, while also maintaining and ensuring compliance with all legal requirements.

The New Jersey Statewide Information Security Manual has been derived from applicable State and federal laws; industry best practices including the National Institute of Standards and Technology (NIST) Cybersecurity Framework for Improving Critical Infrastructure; NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations; NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations; the Center for Internet Security (CIS) Top 20 Critical Security Controls; the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM); lessons learned; and other New Jersey State Government business and technology related considerations.

• View and download the New Jersey Statewide Information Security Manual here.

The New Jersey Cybersecurity & Communications Integration Cell's cybersecurity strategic plan represents a pathway to achieving improved cyber resilience through the prosecution of a series of interrelated goals, objectives, and action items intended to help safeguard New Jersey's institutions, businesses, and individuals. It includes broad statewide goals and objectives applicable to all public and private sector institutions and individuals, as well as those specific to the executive branch of New Jersey State Government, for which the NJCCIC has direct oversight. This strategic plan also supports the overall mission of the New Jersey Office of Homeland Security and Preparedness, whereby cybersecurity is woven into its counterterrorism, counterintelligence, and preparedness functions. 

• View and download the Cybersecurity Strategic Plan here.

• View and download the exception request form here.

• View and download our instructions for New Jersey state email authorization and authentication set-up here.

Do you know the law in New Jersey when it comes to computer crime? Statutes include: computer criminal activity; wrongful access, disclosure of information; obtaining, copying, accessing program, software valued at $1,000 or less; forgery and related offenses; credit cards; scanning devices, reencoders; impersonation, theft of identity and more.

• Review New Jersey's computer crime statutes here.

• Disaster Recovery Journal
• Is your business ready?
• Small Business Association Disaster Recovery
• DRI International
• SANS Institute Disaster Recovery White Paper

• US-CERT - Getting Started for Business 
• US CERT - Getting Started for Small and Midsize Businesses (SMB) 
• Cybersecurity Course for Small Business (online) 
• Protecting Your Customers 
• Protecting Your Employees 
• Prepare My Business 
• Backup and Recovery Business Impact Analysis 
• Security Management 
• OnGuardOnline 
• Copier Data Security: A Guide for Businesses
• Employee Habits Put Corporate Data at Risk