Socio-Technical Determinants of Information Security Perceptions in US Local Governments

Socio-Technical Determinants of Information Security Perceptions in US Local Governments

Eunjung Shin (Science and Technology Policy Institute, South Korea) and Eric W. Welch (Arizona State University, USA)
Copyright: © 2020 |Pages: 23
DOI: 10.4018/978-1-5225-9860-2.ch104
OnDemand PDF Download:
No Current Special Offers


Concerns about electronic information security in government have increased alongside increased use of online media. However, to date, few studies have examined the social mechanisms influencing electronic information security. This article applies a socio-technical framework to model how technical, organizational and environmental complexities limit electronic information security perceived by local government managers. Furthermore, it examines to what extent organizational design buffers security risks. Using data from a 2010 national survey of local government managers, this article empirically tests the proposed model in the context of U.S. local government's online media use. Findings show that, in addition to technical complexity, organizational and environmental complexities are negatively associated with local managers' awareness of and confidence in electronic information security. On the other hand, internal security policy and decentralized decision-making appear to buffer security risks and enhance perceived information security.
Chapter Preview


Governments at all levels have sought to consistently improve online resources for citizens and other stakeholders. As the quantity and quality of information stored and disseminated have increased, so too have concerns that government information security safeguards have failed to keep pace (Dawes, 2008; Moyle & Kelley, 2012). The need to address these concerns intensifies as new technologies such as interactive social media and cloud computing become more widely used for government services (Paquette, Jaeger, & Wilson, 2010). Although new information and communication technologies are being implemented by government, it is unclear whether governments are ready to deal with emerging electronic information security issues that accompany this new technology (White, 2012).

Just as government’s power and authority enables it to collect and store private information, government is also accountable to the public for ensuring citizen privacy. Breakdown of this social contract is likely to further reduce levels of public trust in government (Blanchard, Hinnant, & Wong, 1998). Even in a practical sense, information security is essential for improving the performance of electronic government (Reddick, 2009; Shea, 2014). Several articles have called for an improved understanding of electronic information security in the public sector, particularly in local and state governments (Hof & Reichstädter, 2004; Kaliontzoglou, Sklavos, Karantjias, & Polemi, 2005; White, 2012; Williams, Hardy, & Holgate, 2013; Zhao & Zhao, 2010).

In response, this paper investigates electronic information security of US local governments. Information security, in general, refers to the status of information and information systems protected from unauthorized access, use, misuse and disclosure (Hof, 2003; McCumber, 1991; Smith & Jamieson, 2006). Provision of information security comprises two tasks: (1) protecting information from unauthorized users, and (2) making information trust-worthy and readily available for authorized users. When local governments use online media for public services, they are required not only to protect government information from unauthorized access but also to provide timely, trust-worthy information to citizens and stakeholders through an appropriate authorization process. Inevitably, there exist managerial tensions between the practices of data protection and data provision. Information security entails vigilant decision-making on when and how to provide data and to the extent to which online systems are open to the public. Hence, information security is a contextual and organizational outcome rather than the result of a static technical system (Dhillon & Backhouse, 2001; Huang, Rau, & Salvendy, 2010).

Complete Chapter List

Search this Book: