From Security Frameworks to Sustainable Municipal Cybersecurity Capabilities

From Security Frameworks to Sustainable Municipal Cybersecurity Capabilities

While security frameworks like the NIST CSF and ISO 27001 provide organizations with standardized best practices for cybersecurity, these practices must be implemented in organizations by people with the necessary skills and knowledge and be supported by effective technological solutions. This artic...

Full description

Saved in:
Bibliographic Details
Main Authors: Arnstein Vestad, Bian Yang
Format: Article
Language:English
Published: MDPI AG 2025-04-01
Series:Journal of Cybersecurity and Privacy
Subjects:
cybersecurity
municipalities
local government
capabilities
card sorting
socio-technical
Online Access:https://www.mdpi.com/2624-800X/5/2/19
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:While security frameworks like the NIST CSF and ISO 27001 provide organizations with standardized best practices for cybersecurity, these practices must be implemented in organizations by people with the necessary skills and knowledge and be supported by effective technological solutions. This article explores the challenges and opportunities of building sustainable cybersecurity capabilities in resource-constrained organizations, specifically Norwegian municipalities. The research introduces the concept of sustainable cybersecurity capabilities, emphasizing the importance of a socio-technical approach that integrates technology, people, and organizational structure. A mixed-methods study was employed, combining document analysis of relevant cybersecurity frameworks with a modified Delphi study and semi-structured interviews with municipal cybersecurity practitioners. Findings highlight six core cybersecurity capabilities within municipalities, along with key challenges in implementing and sustaining these capabilities. These challenges include ambiguities in role formalization, skills gaps, difficulties in deploying advanced security technologies, and communication barriers between central IT and functional areas. Furthermore, the potential of artificial intelligence and cooperative strategies to enhance municipal cybersecurity is considered. Ultimately, the study highlights the need for a holistic perspective in developing sustainable cybersecurity capabilities, offering implications for both research and practice within municipalities and local government.
ISSN:2624-800X

Similar Items