Empirical Study on the State of Practice of Information Security Management in Local Government | SpringerLink
Skip to main content
Springer Nature Link
Log in

Empirical Study on the State of Practice of Information Security Management in Local Government

  • Conference paper
  • First Online:
Human Centred Intelligent Systems

Part of the book series: Smart Innovation, Systems and Technologies ((SIST,volume 310))

  • 340 Accesses

Abstract

Modern administrative action is no longer conceivable without electronic communication and IT. The complexity of IT, the increasing degree of networking and the dependence of the administration on IT-supported procedures has led to the fact that security of IT and associated processes must be given high priority and a corresponding cybersecurity strategy must be substantiated. Existing approaches either fall short or cannot be applied to the context of local government without adaptation. This article aims at contrasting the published state-of-the-art in information security management and the state-of-practice in governmental organizations. Empirical basis for our work are (1) audit reports of certification audits in the municipal sector, (2) expert interviews on the status quo of information security in German local government and (3) a review of scientific literature. Results of the paper include current challenges in increasing the resilience of the municipal administration and open issues for future research.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 28599
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 35749
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
JPY 35749
Price includes VAT (Japan)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Solms, R. von, van Niekerk, J.: From information security to cyber security. Comput. Secur. 38, 97–102 (2013)

    Google Scholar 

  2. Helbig, N., Gil-Garcia, J.R., Ferro, E.: Understanding the complexity of electronic government: implications from the digital divide literature. Gov. Inf. Q. 26, 89–97 (2009)

    Article  Google Scholar 

  3. Calder, A.: EU GDPR: A Pocket Guide. IT Governance Ltd (2018)

    Google Scholar 

  4. EgovG: Gesetz zur Förderung der elektronischen Verwaltung. https://www.gesetze-im-internet.de/egovg/BJNR274910013.html

  5. Kweon, E., Lee, H., Chai, S., Yoo, K.: The utility of information security training and education on cybersecurity incidents: an empirical evidence. Inf. Syst. Front. 23, 361–373 (2021)

    Article  Google Scholar 

  6. Watson, R.T., Webster, J.: Analysing the past to prepare for the future: writing a literature review a roadmap for release 2.0. J. Decis. Syst. 29, 129–147 (2020). https://doi.org/10.1080/12460125.2020.1798591

  7. Weber, A., Heiser, G., Kuhlmann, D., Schallbruch, M., Chattopadhyay, A., Guilley, S., Kasper, M., Krauß, C., Krüger, P.S., Reith, S., et al.: Sichere IT ohne Schwachstellen und Hintertüren. TATuP - Zeitschrift für Technikfolgenabschätzung in Theorie und Praxis 29, 30–36 (2020). https://doi.org/10.14512/tatup.29.1.30

    Article  Google Scholar 

  8. Weber, K., Christen, M., Herrmann, D.: Bedrohung, Verwundbarkeit, Werte und Schaden: Cyberattacken und Cybersicherheit als Thema der Technikfolgenabschätzung. TATuP - Zeitschrift für Technikfolgenabschätzung in Theorie und Praxis 29, 11–15 (2020). https://doi.org/10.14512/tatup.29.1.11

    Article  Google Scholar 

  9. Aman, W., Shukaili, J.A.: A classification of essential factors for the development and implementation of cyber security strategy in public sector organizations. Int. J. Adv. Comput. Sci. Appl 12 (2021). https://doi.org/10.14569/IJACSA.2021.0120820

  10. Ahmad, S.U., Kashyap, S., Shetty, S.D., Sood, N.: Cybersecurity during COVID-19. In: Joshi, A., Mahmud, M., Ragel, R.G., Thakur, N.V. (eds.) Information and Communication Technology for Competitive Strategies (ICTCS 2020), vol. 191, pp. 1045–1056. Springer Singapore, Singapore (2022). https://doi.org/10.1007/978-981-16-0739-4_96

  11. Alagarsamy, S., Selvaraj, K., Govindaraj, V., Kumar, A.A., HariShankar, S., Narasimman, G.L.: Automated Data analytics approach for examining the background economy of Cybercrime. In: 2021 Third International Conference on Inventive Research in Computing Applications (ICIRCA), pp. 332–336. IEEE, Coimbatore, India (2021). https://doi.org/10.1109/ICIRCA51532.2021.9544845

  12. Kesan, J.P., Zhang, L.: An empirical investigation of the relationship between local government budgets, IT expenditures, and cyber losses. IEEE Trans. Emerg. Top. Comput. 9, 582–596 (2021). https://doi.org/10.1109/TETC.2019.2915098

    Article  Google Scholar 

  13. Bouzoubaa, K., Taher, Y., Nsiri, B.: Predicting DOS-DDOS attacks: review and evaluation study of feature selection methods based on wrapper process. Int. J. Adv. Comput. Sci. Appl. 12 (2021). https://doi.org/10.14569/IJACSA.2021.0120517

  14. Müller, N.: Es muss nicht kompliziert sein. Technische Sicherheit 10, 16–18 (2020). https://doi.org/10.37544/2191-0073-2020-03-16

    Article  Google Scholar 

  15. Alhashim, S.S., Rahman, M.M.H.: Cybersecurity threats in line with awareness in Saudi Arabia. In: 2021 International Conference on Information Technology (ICIT), pp. 314–319. IEEE, Amman, Jordan (2021). https://doi.org/10.1109/ICIT52682.2021.9491711

  16. Andreasson, A., Artman, H., Brynielsson, J., Franke, U.: A census of Swedish public sector employee communication on cybersecurity during the COVID-19 pandemic. In: 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), pp. 1–8. IEEE, Dublin, Ireland (2021). https://doi.org/10.1109/CyberSA52016.2021.9478241

  17. Wirtz, B.W., Weyerer, J.C.: Cyberterrorism and cyber attacks in the public sector: how public administration copes with digital threats. Int. J. Public Adm. 40, 1085–1100 (2017). https://doi.org/10.1080/01900692.2016.1242614

    Article  Google Scholar 

  18. Park, S.-K., Lee, S.-H., Kim, T.-Y., Jun, H.-J., Kim, T.-S.: A performance evaluation of information security training in public sector. J. Comput. Virol. Hacking Tech. 13, 289–296 (2017). https://doi.org/10.1007/s11416-017-0305-7

    Article  Google Scholar 

  19. Alharbe, M.A.: Measuring the influence of methods to raise the E-awareness of cybersecurity for medina region employees. In: Saeed, F., Al-Hadhrami, T., Mohammed, F., Mohammed, E. (eds.) Advances on Smart and Soft Computing, vol. 1188, pp. 403–410. Springer Singapore, Singapore (2021). https://doi.org/10.1007/978-981-15-6048-4_35

  20. Coppolino, L., D’Antonio, S., Mazzeo, G., Romano, L., Sgaglione, L.: How to protect public administration from cybersecurity threats: the COMPACT project. In: 2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 573–578. IEEE, Krakow (2018). https://doi.org/10.1109/WAINA.2018.00147

  21. Drmola, J., Kasl, F., Loutocký, P., Mareš, M., Pitner, T., Vostoupal, J.: The matter of cybersecurity expert workforce scarcity in the Czech Republic and its alleviation through the proposed qualifications framework. In: The 16th International Conference on Availability, Reliability and Security, pp. 1–6. ACM, Vienna Austria (2021). https://doi.org/10.1145/3465481.3469186

  22. Lehto, M.: ECCWS 2020 19th European Conference on Cyber Warfare: Warfare and Security (2020)

    Google Scholar 

  23. Phelps, M.: The role of the private sector in counter-terrorism: a scoping review of the literature on emergency responses to terrorism. Secur. J. 34, 599–620 (2021). https://doi.org/10.1057/s41284-020-00250-6

    Article  Google Scholar 

  24. Choi, I., Lee, J., Kwon, T., Kim, K., Choi, Y., Song, J.: An easy-to-use framework to build and operate ai-based intrusion detection for in-situ monitoring. In: 2021 16th Asia Joint Conference on Information Security (AsiaJCIS), pp. 1–8. IEEE, Seoul, Korea, Republic of (2021). https://doi.org/10.1109/AsiaJCIS53848.2021.00011

  25. Dreyling, R., Jackson, E., Pappel, I.: Cyber security risk analysis for a virtual assistant G2C digital service using FAIR model. In: 2021 Eighth International Conference on eDemocracy & eGovernment (ICEDEG), pp. 33–40. IEEE, Quito, Ecuador (2021). https://doi.org/10.1109/ICEDEG52154.2021.9530938

  26. Mironeanu, C., Archip, A., Amarandei, C.-M., Craus, M.: Experimental cyber attack detection framework. Electronics 10, 1682 (2021). https://doi.org/10.3390/electronics10141682

    Article  Google Scholar 

  27. Savold, R., Dagher, N., Frazier, P., McCallam, D.: Architecting cyber defense: a survey of the leading cyber reference architectures and frameworks. In: 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), pp. 127–138. IEEE, New York, NY, USA (2017). https://doi.org/10.1109/CSCloud.2017.37

  28. Maglaras, L., Drivas, G., Chouliaras, N., Boiten, E., Lambrinoudakis, C., Ioannidis, S.: Cybersecurity in the Era of digital transformation: the case of Greece. In: 2020 International Conference on Internet of Things and Intelligent Applications (ITIA), pp. 1–5. IEEE, Zhenjiang, China (2020). https://doi.org/10.1109/ITIA50152.2020.9312297

  29. Bendiek, A., Schallbruch, M.: Stiftung Wissenschaft Und Politik: Europe’s third way in cyberspace: what part does the new EU Cybersecurity Act play? SWP Comment (2019). https://doi.org/10.18449/2019C52

  30. Garba, A.A., Siraj, M.M., Othman, S.H.: An explanatory review on cybersecurity capability maturity models. Adv. Sci. Technol. Eng. Syst. J. 5, 762–769 (2020). https://doi.org/10.25046/aj050490

    Article  Google Scholar 

  31. Zakaria, K.N., Zainal, A., Othman, S.H., Kassim, M.N.: Feature extraction and selection method of cyber-attack and threat profiling in cybersecurity audit. In: 2019 International Conference on Cybersecurity (ICoCSec), pp. 1–6. IEEE, Negeri Sembilan, Malaysia (2019). https://doi.org/10.1109/ICoCSec47621.2019.8970786

  32. Yin, R.K.: The case study crisis: some answers. Admin. Sci. Quart 26, 58. https://doi.org/10.2307/2392599

  33. Eisenhardt, K.M.: Building theories from case study research. Acad. Manag. Rev. 14, 532–550 (1989). https://doi.org/10.5465/amr.1989.4308385

    Article  Google Scholar 

  34. BSI-Standard 200–1: Managementsysteme für Informationssicherheit (ISMS). Bundesamt für Sicherheit in der Informationstechnik. https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/BSI_Standards/standard_200_1.html?nn=128578

  35. DIN ISO/IEC 27001. DIN (2018)

    Google Scholar 

  36. Mayring, P.: Qualitative content analysis. Companion Qual. Res. 1, 159–176 (2004)

    Google Scholar 

  37. Leeser, D.C.: Digitalisierung in KMU kompakt: Compliance und IT-Security. Springer Vieweg, Berlin [Heidelberg] (2020)

    Google Scholar 

  38. BSI-Standard 200–3: Risikomanagement. Bundesamt für Sicherheit in der Informationstechnik. https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/BSI_Standards/standard_200_3.html?nn=128620

  39. CMMI Institute—Home. https://cmmiinstitute.com

Download references

Author information

Authors and Affiliations

  1. Institute of Computer Science, University of Rostock, Rostock, Germany

    Frank Moses & Kurt Sandkuhl

  2. Jönköping University, Jönköping, Sweden

    Kurt Sandkuhl

  3. Norwegian University of Science and Technology, Trondheim, Norway

    Thomas Kemmerich

  4. Technologie-Zentrum Informatik Und Informationstechnik, University of Bremen, Bremen, Germany

    Thomas Kemmerich

Authors
  1. Frank Moses
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kurt Sandkuhl
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thomas Kemmerich
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kurt Sandkuhl .

Editor information

Editors and Affiliations

  1. Reutlingen University, Reutlingen, Germany

    Alfred Zimmermann

  2. KES International Research, Shoreham-by-Sea, UK

    Robert J. Howlett

  3. KES International, Selby, UK

    Lakhmi C. Jain

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Moses, F., Sandkuhl, K., Kemmerich, T. (2022). Empirical Study on the State of Practice of Information Security Management in Local Government. In: Zimmermann, A., Howlett, R.J., Jain, L.C. (eds) Human Centred Intelligent Systems. Smart Innovation, Systems and Technologies, vol 310. Springer, Singapore. https://doi.org/10.1007/978-981-19-3455-1_2

Download citation

Publish with us

Policies and ethics

Search

Navigation