Adoption of cybersecurity policies by local governments 2020
Loading...
Links to Files
Permanent Link
Author/Creator
Author/Creator ORCID
Date
2023-10
Type of Work
Department
Program
Citation of Original Publication
Norris, Donald F. PhD and Mateczun, Laura K. JD (2023) "Adoption of cybersecurity policies by local governments 2020," Journal of Cybersecurity Education, Research and Practice: Vol. 2023: No. 2, Article 9. Available at: https://digitalcommons.kennesaw.edu/jcerp/vol2023/iss2/9
Rights
This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
Attribution 4.0 International (CC BY 4.0 DEED)
Attribution 4.0 International (CC BY 4.0 DEED)
Subjects
Abstract
This paper should be of interest to the readers of this journal because it addresses a subject that has received little scholarly attention; namely, local government cybersecurity. The U.S. has over 90,000 units of local government, of which almost 39,000 are “general purpose” units (i.e., municipalities, counties, towns and townships). On average, these governments do not practice cybersecurity effectively (Norris, et al., 2019 and 2020). One possible reason is that they do not adopt and/or implement highly recommended cybersecurity policies. In this paper, we examine local government adoption or lack of adoption of cybersecurity policies using data from three surveys. Norris, et al, 2019 & 2020; Hatcher, et al., 2020; and Norris and Mateczun, 2023. It will probably not be surprising that our first finding is that, by and large, local governments still do a poor good job of adopting and implementing cybersecurity policies. Thus, our first recommendation is that these governments must take whatever actions are needed to ensure high levels of cybersecurity. If they do not, the consequences will be painful and costly, as demonstrated by examples presented in the text. Among these actions, we next recommend that local governments adopt and effectively implement the highly recommended cybersecurity policies discussed in the concluding section. Last, as we have recommended previously, we again call upon local governments to create and maintain within their organizations a culture of cybersecurity – one in which all parties in these governments fully understand and support cybersecurity at the highest levels in their governments.