UMBC Maryland Institute for Policy Analysis & Research (MIPAR)

Permanent URI for this collection

Housed in the Center for Social Science Scholarship, the Maryland Institute for Policy, Analysis, and Research (MIPAR) is the principal center for social science and public policy research at UMBC. MIPAR links the analytical resources of the University with policymakers in the state and region, conducting opinion research, policy analyses, and program evaluations on a variety of topics. MIPAR activities are supported by federal, state, and local governmental agencies, foundations, and corporations. MIPAR also administers the Center for Aging Studies at UMBC.


Recent Submissions

Now showing 1 - 9 of 9
  • Item
    Local government cyber insecurity: Causes and recommendations for improvement
    (Wiley, 2023-10-02) Norris, Donald; Mateczun, Laura; Hatcher, William; Meares, Wesley L.; Heslen, John
    In this paper, we address several facets of the problem we call local government cyber insecurity – a problem that plagues such governments across the nation, if not the world. We describe this problem and discuss its manifestations in local governments. This is followed by our analysis of why, on average, local government cybersecurity is managed and practiced so poorly. Next, we discuss several constraints on local governments that may help to explain why so many of these governments are not able to provide highly effective cybersecurity. We then discuss steps that local governments can and should take to improve their cybersecurity, including adopting dedicated cybersecurity budgets, adopting several highly recommended cybersecurity policies, and following best cybersecurity practices.
  • Item
    Mainframe and PC Computing in American Cities: Myths and Realities
    (Wiley, 1996-12-01) Norris, Donald; Kraemer, Kenneth L.
    How much can PCs aid city management? This article is based on a 1993 survey that compares computing in cities that use only personal computers (PCs) with computing in cities that use central computer systems. The authors found that claims that PCs would speed up automation of governmental functions were not substantiated. Central system cities were more widely automated, had more widespread use among staff, and were more likely to deploy leading-edge computer technologies than PC-only cities. Moreover, respondents in central cities were positive about computer impacts and satisfied with computing. PC-only cities had an edge over central-system cities in that they reported fewer problems with computers, but the test of statistical significance showed only a weak relationship. The authors argue that PC-only cities' reliance on ad hoc solutions, out-sourcing, or "computer gurus," results in a failure to develop ongoing support capabilities. In contrast, central-system cities have developed and enhanced these capabilities over time, thereby providing greater support for the computing function and a more stable technology platform.
  • Item
    Adoption of cybersecurity policies by local governments 2020
    (Kennesaw State University, 2023-10) Norris, Donald; Mateczun, Laura
    This paper should be of interest to the readers of this journal because it addresses a subject that has received little scholarly attention; namely, local government cybersecurity. The U.S. has over 90,000 units of local government, of which almost 39,000 are “general purpose” units (i.e., municipalities, counties, towns and townships). On average, these governments do not practice cybersecurity effectively (Norris, et al., 2019 and 2020). One possible reason is that they do not adopt and/or implement highly recommended cybersecurity policies. In this paper, we examine local government adoption or lack of adoption of cybersecurity policies using data from three surveys. Norris, et al, 2019 & 2020; Hatcher, et al., 2020; and Norris and Mateczun, 2023. It will probably not be surprising that our first finding is that, by and large, local governments still do a poor good job of adopting and implementing cybersecurity policies. Thus, our first recommendation is that these governments must take whatever actions are needed to ensure high levels of cybersecurity. If they do not, the consequences will be painful and costly, as demonstrated by examples presented in the text. Among these actions, we next recommend that local governments adopt and effectively implement the highly recommended cybersecurity policies discussed in the concluding section. Last, as we have recommended previously, we again call upon local governments to create and maintain within their organizations a culture of cybersecurity – one in which all parties in these governments fully understand and support cybersecurity at the highest levels in their governments.
  • Item
    Cyberattacks on local governments 2020: findings from a key informant survey
    (Taylor & Francis Online, 2023-02-16) Norris, Donald F.; Mateczun, Laura
    Based on empirical data from a survey that we conducted in 2020 of key informants in local governments (CIOs, CISOs, and IT Directors), this paper examines patterns of cyberattacks, types of attackers, the frequencies of incidents and breaches of local government IT systems, and purposes of attacks. The paper also examines whether and to what extend local governments offer cybersecurity awareness training to their officials and staff and whether a nexus exists between training and these persons support for cybersecurity in their governments. Throughout the paper, we compare data from the 2020 survey with data from a nationwide local government cybersecurity survey that a team that included the authors conducted in 2016. We conclude with recommendations to local governments to improve their practice and management of cybersecurity in their organisations.
  • Item
    Adult Numeracy Skill Practice by STEM and Non-STEM Workers in the USA: An Exploration of Data using Latent Class Analysis
    (Taylor & Francis, 2022-11-14) Yamashita, Takashi; Punksungka, Wonmai; Narine, Donnette; Helsinger, Abigail; Kramer, Jenna W.; Cummins, Phyllis A.; Karam, Rita
    Adult numeracy is one of the essential skill sets to navigate through numeric information-rich labour markets in general, and STEM industries in particular. Yet, relatively little is known about how numeracy skills are used in different settings in the USA. This study examined numeracy skill use patterns of STEM and non-STEM workers at work and home. Data were obtained from the 2012/2014/2017 Program for International Assessment of Adult Competencies, USA restricted-use file. Adults who were employed and aged between 25 and 65 years old (n = 5,220) were included in this study. Latent class analysis revealed four numeracy skill use patterns: non-users, non-occupational (i.e. at home) simple numeracy users, ubiquitous numeracy users, and occupational numeracy users. Additional multinomial logistic regression analysis showed that the STEM occupation was associated with a greater likelihood of being ubiquitous users than being non-occupational simple users. Results also showed that numeracy proficiency, socioeconomic statuses (i.e. educational attainment and income), as well as demographic characteristics (i.e. gender and race/ethnicity), were predictive of the numeracy skill use patterns in terms of the level of engagement and settings. Findings from this study inform policies and interventions which promote skill engagement and improvement among workers in the USA.
  • Item
    Cyberattacks at the Grass Roots: American Local Governments and the Need for High Levels of Cybersecurity
    (Wiley, 2019-02-21) Norris, Donald F.; Mateczun, Laura; Joshi, Anupam; Finin, Tim
    This article examines data from the first-ever nationwide survey of cybersecurity among American local governments. The data show that these governments are under constant or near-constant cyberattack, yet, on average, they practice cybersecurity poorly. While nearly half reported experiencing cyberattacks at least daily, one-third said that they did not know whether they were under attack, and nearly two-thirds said that they did not know whether their information systems had been breached. Serious barriers to their practice of cybersecurity include a lack of cybersecurity preparedness within these governments and a lack of adequate funding for it. The authors make recommendations to local governments to improve their cybersecurity practice and to scholars for additional research into local government cybersecurity, an area that, to date, has largely been neglected by researchers from the social sciences and computer science.
  • Item
    Controlling Hospital and Health Care Spending in Maryland in the Era of Budget Caps
    Maryland runs the only all payer hospital payment system in the country. Under this system, the federal government allows a statewide commission, the Health Services Cost Review Commission (HSCRC) to regulate hospital prices. Effective January 1, 2014, the Centers for Medicare and Medicaid Services (CMS) approved a new, innovative all-payer model for hospitals in Maryland. The forum examined how hospitals and health care providers in Maryland are adapting to the new model, and the likely effect on the populations that hospitals serve.
  • Item
    Cybersecurity Challenges to American Local Governments
    (2017-06-12) Norris, Donald; Mateczun, Laura; Joshi, Anupam; Finin, Tim
    In this paper we examine data from the first ever nationwide survey of cybersecurity among American local governments. We are particularly interested in understanding the threats to local government cybersecurity, their level of preparedness to address the threats, the barriers these governments encounter when deploying cybersecurity, the policies, tools and practices that they employ to improve cybersecurity and, finally, the extent of awareness of and support for high levels of cybersecurity within their organizations. We found that local governments are under fairly constant cyberattack and are periodically breached. They are not especially well prepared to prevent cyberattacks or to recover when breached. The principal barriers to local cybersecurity are financial and organizations. Although a number of polices, tools and practices to improve cybersecurity, few local governments are making wide use of them. Last, local governments suffer from too little awareness of and support for cybersecurity within their organizations
  • Item
    An Examination of Vote Verification Technologies: Findings and Experiences from the Maryland Study
    (2006-04-15) Sherman, Alan T.; Gangopadhyay, Aryya; Holden, Stephen H.; Karabatis, George; Koru, A. Gunes; Law, Chris M.; Norris, Donald F.; Pinkston, John; Sears, Andrew; Zhang, Dongsong
    We describe our findings and experiences from our technical review of vote verification systems for the Maryland State Board of Elections (SBE). The review included the following four systems for possible use together with Maryland’s existing Diebold AccuVote-TS (touch screen) voting system: VoteHere Sentinel; SCYTL Pnyx.DRE; MIT-Selker audio system; Diebold voter verified paper audit trail. As a baseline, we also examined the SBE’s procedures for “parallel testing” of its Diebold system. For each system, we examined how it enables voters who use touch screens to verify that their votes are cast as intended, recorded as cast, and reported as recorded. We also examined how well it permits post-election auditing. To this end, we considered implementation, impact on current state voting processes and procedures, impact on voting, functional completeness, security against fraud, attack and failure, reliability, accessibility, and voter privacy.