Local Government Cybersecurity: A Theoretical Model

Files

Primary Mateczun_umbc_0434D_13049.pdf (2.04 MB)

Links to Files

Permanent Link

http://hdl.handle.net/11603/39408

Collections

UMBC Theses and Dissertations
UMBC Graduate School
UMBC School of Public Policy
UMBC Student Collection

Author/Creator

Author/Creator ORCID

Date

2025-01-01

Type of Work

dissertation
Text
application:pdf

Department

School of Public Policy

Program

Public Policy

Citation of Original Publication

Rights

Distribution Rights granted to UMBC by the author.
This item may be protected under Title 17 of the U.S. Copyright Law. It is made available by UMBC for non-commercial research and education. For permission to publish or reproduce, please see http://aok.lib.umbc.edu/specoll/repro.php or contact Special Collections at speccoll(at)umbc.edu

Subjects

cybersecurity
Local government
management

Abstract

Local governments in the United States face growing cybersecurity threats but often operate with limited resources, inconsistent policy implementation, and varied technical capacities. Despite increasing attention to cybersecurity in the public sector, few empirical studies have examined the underlying relationships that shape cybersecurity management at the local level. This dissertation addresses that gap by using Exploratory Factor Analysis (EFA) and Confirmatory Factor Analysis (CFA) to identify and validate latent factors that characterize cybersecurity practices among local governments. Drawing on survey data collected in 2016 and 2022, this study empirically validates a six-factor model encompassing Training, Policies, Actions, Awareness, Support, and Tools. The findings suggest that cybersecurity readiness in local governments is best understood as a multi-dimensional construct driven by governance, including organizational behavior and leadership engagement, rather than by technology alone. Strong factor structures for Training, Awareness, and Support highlight the central role of human-centered factors, while weaker results for the Tools factor suggest variability in technical implementation and maturity. The findings have both theoretical and practical implications. Theoretically, this research advances the emerging field of local government cybersecurity management by providing a validated model structure. Practically, it identifies specific areas for improvement, including the need for more targeted and recurring training, stronger alignment between specific cybersecurity actions and policy development, more consistent adoption of tools, and greater cross-departmental collaboration. The dissertation also addresses limitations related to sampling, model modifications, and non-longitudinal design, and proposes directions for future research, including structural equation modeling and longitudinal studies, to further refine the theory of cybersecurity management among local governments.