Date of Conferral





Public Policy and Administration


David P. Milen


Cybersecurity is a growing threat not only to nations, critical infrastructure, and major entities, but also to smaller organizations and individuals. The growing number of successful attacks on all manner of U.S. targets highlights the need for effective and comprehensive policy from the local to federal level, though most research focuses on federal policy issues, not state issues. The purpose of this study was to examine the effectiveness of the decision-making process within the current cybersecurity policy environment in a southern state of the United States. Sabatier's advocacy coalition framework served as the theoretical framework for the study. Data were collected through 5 semistructured interviews with individuals who were either elected or appointed officials, emergency managers, or subject matter experts. These data were transcribed, then coded and analyzed with McCracken's analytic categorization procedure. Participants recognized that the federal government provides some resources but acknowledged that action at the state level is largely funded through the state resulting in a network of dissimilar policies and protocols in states across the country. Findings also revealed that state leadership in some locations better grasps what resources are needed and is more likely to earmark in order to plan for unanticipated cybersecurity needs of the public. Analysis of study data also highlighted areas for future study and identified needed resources or areas of opportunity for creating a more comprehensive and effective cybersecurity policy environment. Implications for positive social change include recommendations for state and federal decision makers to engage in community partnerships in order to more effectively protect the public from cybersecurity threats.