How local government can manage technology risk
- By Amanda Ziadeh
- Jan 28, 2016
What: “Managing Technology Risks through Technological Proficiency: Guidance for Local Governments,” a report from the Bloustein Local Government Research Center at Rutgers University.
Findings: Drawing from research and surveys of New Jersey local government technology practices and other government-related sources, the authors both inventory the common types of technology found in local government and outline the common categories of risk that come with them.
Those risk areas include network vulnerabilities through phishing attacks and social engineering; societal risks caused by changes in employment patterns and the public’s expectations; and reputational risks concerning how government manages technology and engages with citizens. Financial risks stem from the cost of cyber insurance, liability suits, breach responses and system failures, and operational risks can occur when technology failures compromise overall government operations and services can no longer be delivered. Technology failures can also cause liability issues with third parties and contractors, and because of regulations surrounding citizen access to public information, legal risks become a concern as well.
Takeaways: In order to manage these risks, the report highlights four practices that will lead to improved technological proficiency:
- Governance: Executive managers should set technology policy goals, monitor all technological activities and make risk-based decisions regarding staffing, spending and policy.
- Planning: Technology plans should include long- and short-term goals, and recommend risk-management strategies that support all business processes, resource allocations and technology requirements.
- Cyber hygiene: Employees should be provided with proper training on safe security practices, and agencies should invest in intrusion and penetration testing services.
- Technical competence: Government IT departments need the right staffing, management attention and financial resources to implement sound cybersecurity practices, keep employees appropriately certified and educate management on technological activities.
Local governments should continue to assess their risk maturity and technology profiles, the authors note, to easily spot areas that need improvement.
Read the full report here.
Amanda Ziadeh is a former reporter/producer for GCN.