Article Preview
TopIntroduction
Governments at all levels have sought to consistently improve online resources for citizens and other stakeholders. As the quantity and quality of information stored and disseminated have increased, so too have concerns that government information security safeguards have failed to keep pace (Dawes, 2008; Moyle & Kelley, 2012). The need to address these concerns intensifies as new technologies such as interactive social media and cloud computing become more widely used for government services (Paquette, Jaeger, & Wilson, 2010). Although new information and communication technologies are being implemented by government, it is unclear whether governments are ready to deal with emerging electronic information security issues that accompany this new technology (White, 2012).
Just as government’s power and authority enables it to collect and store private information, government is also accountable to the public for ensuring citizen privacy. Breakdown of this social contract is likely to further reduce levels of public trust in government (Blanchard, Hinnant, & Wong, 1998). Even in a practical sense, information security is essential for improving the performance of electronic government (Reddick, 2009; Shea, 2014). Several articles have called for an improved understanding of electronic information security in the public sector, particularly in local and state governments (Hof & Reichstädter, 2004; Kaliontzoglou, Sklavos, Karantjias, & Polemi, 2005; White, 2012; Williams, Hardy, & Holgate, 2013; Zhao & Zhao, 2010).
In response, this paper investigates electronic information security of US local governments. Information security, in general, refers to the status of information and information systems protected from unauthorized access, use, misuse and disclosure (Hof, 2003; McCumber, 1991; Smith & Jamieson, 2006). Provision of information security comprises two tasks: (1) protecting information from unauthorized users, and (2) making information trust-worthy and readily available for authorized users. When local governments use online media for public services, they are required not only to protect government information from unauthorized access but also to provide timely, trust-worthy information to citizens and stakeholders through an appropriate authorization process. Inevitably, there exist managerial tensions between the practices of data protection and data provision. Information security entails vigilant decision-making on when and how to provide data and to the extent to which online systems are open to the public. Hence, information security is a contextual and organizational outcome rather than the result of a static technical system (Dhillon & Backhouse, 2001; Huang, Rau, & Salvendy, 2010).