NJ A817

Public institutions of higher education must establish plans and procedures to enhance cyber security and prevent cyber attacks, addressing system monitoring, threat assessment, risk mitigation, and incident response and recovery

Institutions may consult with the New Jersey Cybersecurity and Communications Integration Cell for guidance on cyber security best practices and data protection

Cyber security plans must be regularly updated to reflect current technologies and information security techniques

Public institutions must notify the New Jersey Office of Homeland Security and Preparedness of any cyber attack against their IT systems, consistent with P.L.2023, c.19; phishing attempts are excluded from this notification requirement

"Cyber attack" is defined as unauthorized access to electronic files containing personal information (Social Security numbers, driver's license numbers, financial account data, or login credentials) that compromises security, confidentiality, or integrity of that information