{"id":83689,"date":"2026-01-25T12:05:24","date_gmt":"2026-01-25T12:05:24","guid":{"rendered":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/?p=83689"},"modified":"2026-03-11T21:26:13","modified_gmt":"2026-03-11T21:26:13","slug":"local-government-cybersecurity-compliance-risk","status":"publish","type":"post","link":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/executive-management\/local-government-cybersecurity-compliance-risk\/","title":{"rendered":"Cybersecurity in Local Government: Navigating Compliance and Risk"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"83689\" class=\"elementor elementor-83689\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1cba653 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1cba653\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7569a20\" data-id=\"7569a20\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-181feae elementor-widget elementor-widget-text-editor\" data-id=\"181feae\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>While the cybersecurity industry often caters to large enterprises and national-level mandates, local (state) governments remain underserved despite handling vast amounts of sensitive personal and financial data. This makes them attractive targets of the same cyberthreats facing larger corporations, including ransomware, phishing, insider risks, and IoT vulnerabilities. Explore cybersecurity strategies tailored to local governments, from building compliance-driven policies and adopting zero trust principles to securing supply chains\/vendor management and leveraging federal grants and partnerships.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-fc48702 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"fc48702\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ff21f5e\" data-id=\"ff21f5e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4299468 elementor-widget elementor-widget-heading\" data-id=\"4299468\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Local Government: A Complex IT and OT Landscape<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-29a0952 elementor-widget elementor-widget-text-editor\" data-id=\"29a0952\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Local governments operate in one of the most complex technology environments, balancing enterprise IT with operational technology (OT) and <a href=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/ethical-hacking\/what-is-iot-explained\/\">Internet of Things (IoT)<\/a> systems across diverse locations. Enterprise IT supports multiple departments: public safety, libraries, finance, HR, elections, legal, planning, and more. OT\/IoT environments span public works functions such as water treatment, power generation, traffic management, and waste management, often involving systems like traffic light controls, webcams, and plant automation. Multiple locations may include office buildings, police and fire stations, water and electric plants, dumps, airports, and ports. The scope of technology use varies by the size of the municipality; cities, counties, and towns may have all, some, or only a subset of these elements. Drawing from several cybersecurity assessments conducted for local governments in Virginia, it\u2019s clear that safeguarding these interconnected systems requires a comprehensive, tailored approach to compliance and cybersecurity.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-56d2b73 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"56d2b73\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2f85848\" data-id=\"2f85848\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fdcb910 elementor-widget elementor-widget-heading\" data-id=\"fdcb910\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Where Does IT and Cybersecurity Fit?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-26f35fe elementor-widget elementor-widget-text-editor\" data-id=\"26f35fe\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>In local government, IT and cybersecurity often sit much lower in the organizational hierarchy compared to corporate environments. While a corporation might have a Chief Information Officer (CIO) positioned alongside the CEO, COO, and CFO, local government IT leaders are often buried three levels down, frequently without a dedicated <a href=\"https:\/\/www.eccouncil.org\/train-certify\/certified-chief-information-security-officer-cciso\/\">Chief Information Security Officer (CISO)<\/a> or cybersecurity director.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9ddfe88 elementor-widget elementor-widget-text-editor\" data-id=\"9ddfe88\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>In most cases, cybersecurity responsibilities fall under the IT department, if they exist at all. This structure limits IT\u2019s influence over governance decisions, even though technology touches every department, from public safety and utilities to administration and community affairs.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ad174a2 elementor-widget elementor-widget-text-editor\" data-id=\"ad174a2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>For effective governance and cybersecurity programs to succeed, IT leaders must build strong relationships across departments and with deputy managers. Given that IT spans all functional areas, collaboration is essential to ensure data security and maintain strong governance practices.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-3b48304 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"3b48304\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0c54330\" data-id=\"0c54330\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-85f29f6 elementor-widget elementor-widget-heading\" data-id=\"85f29f6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Threat Landscape in Local Government<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2f7e5f4 elementor-widget elementor-widget-text-editor\" data-id=\"2f7e5f4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Local governments face many of the same attack vectors as other organizations: ransomware, phishing, insider threats, OT and IoT vulnerabilities, and risks from third-party vendors through SaaS or cloud services. The difference lies in the impact.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6d2d778 elementor-widget elementor-widget-text-editor\" data-id=\"6d2d778\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li>In the private sector, a cyber incident may cause financial loss, reputational damage, or service downtime, but rarely does it threaten public safety.<\/li><li>In local government, an attack can disrupt essential services like water, power, waste management, and emergency response.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5bcace3 elementor-widget elementor-widget-text-editor\" data-id=\"5bcace3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Such disruptions not only cause financial loss but also erode citizen trust, degrade the quality of life, and in severe cases, endanger lives.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-07d5e86 elementor-widget elementor-widget-text-editor\" data-id=\"07d5e86\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>A successful attack could prevent police, fire, or medical services from responding to emergencies or cut off vital utilities, directly affecting a community\u2019s ability to live safely and comfortably.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ad7f6fe elementor-widget elementor-widget-image\" data-id=\"ad7f6fe\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/elementor\/thumbs\/Picture1-2-1-rcgwlulhs0uvlnc881sxr3zvncs8z7j2zgiz4rr1ps.png\" title=\"Picture1-2.png\" alt=\"Picture1-2.png\" loading=\"lazy\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9c67cd0 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9c67cd0\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e56ee06\" data-id=\"e56ee06\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6ad1e02 elementor-widget elementor-widget-heading\" data-id=\"6ad1e02\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Regulatory and Compliance Requirements: Limited Enforcement in Local Government<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f12a16f elementor-widget elementor-widget-text-editor\" data-id=\"f12a16f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>If a cyberattack impacts local government operations, one might assume there are strict regulation and compliance requirements in place. In reality, at least in Virginia, such requirements are minimal and often apply only to specific functions.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5e7adf8 elementor-widget elementor-widget-heading\" data-id=\"5e7adf8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Examples of Common Frameworks and Mandates:<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f99502a elementor-widget elementor-widget-text-editor\" data-id=\"f99502a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><strong>HIPAA:\u00a0<\/strong>For local health departments handling medical data<\/li><li><strong>NIST 800-53\/800-171:\u00a0<\/strong>For general cybersecurity controls<\/li><li><strong>CJIS:\u00a0<\/strong>For law enforcement agencies accessing Criminal Justice Information Services (audited)<\/li><li><strong>State-Specific Guidance:<\/strong> E.g., Virginia SEC530 (subset of NIST 800-53)<\/li><\/ul><p>State agencies may provide security recommendations, but most are suggestions, not mandates. For example, the Virginia Department of Elections requires self-assessments of information security, but only for election-related systems, not other city or county functions.<\/p><p>As a result, many towns, cities, and counties operate without regular audits or enforced compliance, leaving large portions of their IT and OT infrastructure outside the scope of mandatory regulations.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-d7b0cc6 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d7b0cc6\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-fbcfeee\" data-id=\"fbcfeee\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-bdfa192 elementor-widget elementor-widget-heading\" data-id=\"bdfa192\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Governance and Risk Management in Local Government<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a349fdc elementor-widget elementor-widget-text-editor\" data-id=\"a349fdc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Many local governments lack formal cybersecurity governance structures\u2014with documented plans, policies, and procedures\u2014especially if not legally required. Smaller or less-resourced localities are more likely to have inadequate or incomplete programs. In contrast, larger cities and counties often have more mature governance due to greater funding, staff, and public scrutiny.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5ff7368 elementor-widget elementor-widget-heading\" data-id=\"5ff7368\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Key Elements of Effective Governance:<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1c3227c elementor-widget elementor-widget-text-editor\" data-id=\"1c3227c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><strong>Cybersecurity Governance Framework:<\/strong> Plans, policies, and procedures to guide <a href=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/whitepaper\/understanding-the-difference-between-it-and-ot-security\/\">IT and OT security<\/a><\/li><li><strong>Risk Assessments:<\/strong> Asset identification, <a href=\"https:\/\/www.eccouncil.org\/threat-modeling\/\">threat modeling,<\/a> and a comprehensive vulnerability management program<\/li><li><strong>Framework Adoption:<\/strong> ISO\/IEC, CIS Controls v8.1, or NIST CSF 2.0 as baselines for best practices<\/li><li><strong>Incident Response Planning:<\/strong> Clear escalation procedures and reporting requirements<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-295010e elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"295010e\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1e343ce\" data-id=\"1e343ce\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d1c15dc elementor-widget elementor-widget-heading\" data-id=\"d1c15dc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Risk Management Practices<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a529f6d elementor-widget elementor-widget-text-editor\" data-id=\"a529f6d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>A proper risk assessment starts with knowing all assets, not just laptops, servers, and firewalls, but also IoT devices (e.g., traffic cameras, smart cabinets) and OT systems (e.g., water treatment controls). These should be segmented from enterprise networks to reduce risk.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-26ed64a elementor-widget elementor-widget-heading\" data-id=\"26ed64a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Vulnerability Management Beyond Patching Windows Systems:<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a5a91c4 elementor-widget elementor-widget-text-editor\" data-id=\"a5a91c4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li>Regular scanning of all devices, including IoT and OT assets<\/li><li>Identifying unauthorized devices (e.g., personal wearables) on the network<\/li><li>Addressing configuration weaknesses in addition to missing patches<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-992a383 elementor-widget elementor-widget-heading\" data-id=\"992a383\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Frameworks for Implementation<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0ac5b46 elementor-widget elementor-widget-text-editor\" data-id=\"0ac5b46\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The CIS Controls v8.1 framework is a practical starting point. Its Implementation Group 1 has 56 safeguards that provide baseline cyber hygiene, covering asset management, vulnerability management, employee awareness training, and <a href=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/executive-management\/what-is-disaster-recovery\/\">disaster recovery<\/a>. Larger or more mature localities can expand to Implementation Groups 2 and 3, or adopt more advanced frameworks.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-31e1174 elementor-widget elementor-widget-heading\" data-id=\"31e1174\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Other Examples of Advanced Frameworks:<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8feb6d6 elementor-widget elementor-widget-text-editor\" data-id=\"8feb6d6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><strong>NIST Cybersecurity Framework 2.0:<\/strong> Comprehensive guidance for building robust programs<\/li><li><strong>ISO\/IEC:<\/strong> IT governance framework for aligning technology with organizational goals<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1b76cb4 elementor-widget elementor-widget-heading\" data-id=\"1b76cb4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Incident Response Plan<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b376d24 elementor-widget elementor-widget-text-editor\" data-id=\"b376d24\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Local governments in Virginia must report cyber incidents to the State Police. This requirement should be embedded in a formal incident response plan to ensure timely escalation and mitigation. Without these measures, cybersecurity often defaults to ad-hoc practices, leaving critical systems exposed.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-c0e5c7c elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"c0e5c7c\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8c284fe\" data-id=\"8c284fe\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-12f6b2b elementor-widget elementor-widget-heading\" data-id=\"12f6b2b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Building a Resilient Cybersecurity Program<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fa206ac elementor-widget elementor-widget-text-editor\" data-id=\"fa206ac\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>A strong cybersecurity program relies on layered security: a \u201cdefense in depth\u201d approach combining multiple tools, strategies, and policies to protect systems, data, and users.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4eee6d4 elementor-widget elementor-widget-heading\" data-id=\"4eee6d4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Layered Security Controls:<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7105358 elementor-widget elementor-widget-text-editor\" data-id=\"7105358\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><strong>Firewalls and Endpoint Protection:<\/strong> While firewalls remain important, remote and hybrid work mean endpoint protection is now the true front line.<\/li><li><strong>Identity and M<\/strong><strong>ulti-Factor Authentication<\/strong><strong> (MFA):<\/strong> Protect cloud services (e.g., Microsoft 365, Google Workspace) with strong identity management and MFA.<\/li><li><strong>Backups:<\/strong> Maintain reliable, tested backups to recover from ransomware or data loss.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bbb4030 elementor-widget elementor-widget-heading\" data-id=\"bbb4030\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Zero Trust and Network Segmentation:<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8302c29 elementor-widget elementor-widget-text-editor\" data-id=\"8302c29\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><strong>Zero Trust:<\/strong> Apply zero-trust principles; this requires continuous verification and minimal trust between systems.<\/li><li><strong>Segmentation:<\/strong> Separate networks by function; avoid flat network designs that allow broad access.<\/li><li><strong>Micro-Segmentation:<\/strong> Restrict resource access to only necessary devices and users.<\/li><li><strong>Wireless and Remote Access:<\/strong> Isolate critical systems from wireless networks, use certificate-based authentication or 802.1X, and secure VPNs with MFA and least privilege principles.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4f1e68e elementor-widget elementor-widget-heading\" data-id=\"4f1e68e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Vendor Risk and Supply Chain Security:<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7448fd7 elementor-widget elementor-widget-text-editor\" data-id=\"7448fd7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li>Understand exactly what vendors, especially smaller service providers, are responsible for versus your own responsibilities.<\/li><li>Ensure contracts include clear security obligations and a right to audit.<\/li><li>Avoid assumptions about patching or system updates; verify critical systems like 911 dispatch servers are maintained.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c26359f elementor-widget elementor-widget-heading\" data-id=\"c26359f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Staff Training and Awareness<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6b3a1db elementor-widget elementor-widget-text-editor\" data-id=\"6b3a1db\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li>Users remain the largest attack surface.<\/li><li>Conduct regular security awareness training.<\/li><li>Run frequent phishing simulations to reinforce good practices.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2f0e5f0 elementor-widget elementor-widget-heading\" data-id=\"2f0e5f0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Cyber Insurance<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ff01af7 elementor-widget elementor-widget-text-editor\" data-id=\"ff01af7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Consider cyber liability insurance to help transfer risk and cover damages or liability in case of a breach, ensuring policy terms align with organizational needs.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9894065 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9894065\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-cb71a63\" data-id=\"cb71a63\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a2a62de elementor-widget elementor-widget-heading\" data-id=\"a2a62de\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Funding and Resource Optimization<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-44f02e5 elementor-widget elementor-widget-text-editor\" data-id=\"44f02e5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Local government cybersecurity funding often comes from tax revenues (e.g., property taxes, service fees for water, electricity, or waste management, etc.). But in most cases, this isn\u2019t enough, leading to a sharp divide between the \u201chaves\u201d and \u201chave-nots.\u201d<\/p><p>A typical mid-sized city or county might have 500 employees but fewer than 10 IT staff, often with no dedicated security role. These small teams juggle everything from help desk support to server administration, network management, and application maintenance. This lean staffing leaves them overstretched and unable to meet growing security demands.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9eebe0f elementor-widget elementor-widget-heading\" data-id=\"9eebe0f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Potential Funding and Optimization Strategies:<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a75bfef elementor-widget elementor-widget-text-editor\" data-id=\"a75bfef\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><strong>Federal and State Grants<\/strong><strong>:<\/strong> Programs from the Department of Homeland Security (DHS), the Federal Emergency Management Agency (FEMA), and State, Local, Tribal, and Territorial (SLTT) can help cover costs for security tools like EDR solutions or managed security services. In Virginia, local governments must apply through state entities.<\/li><li><strong>Cooperative Purchasing Agreements<\/strong><strong>:<\/strong> Regional buying groups can pool resources to negotiate better license pricing.<\/li><li><strong>Cloud-Based Security Services<\/strong><strong>:<\/strong> Reduce infrastructure costs while improving security capabilities.<\/li><li><strong>Managed Security Service Providers (MSSPs):<\/strong> Outsource cybersecurity functions to MSSPs to gain monitoring, incident response, and specialized expertise.<\/li><li><strong>Public\u2013Private Partnerships:<\/strong> Leverage organizations like:<ul><li><strong>Center for Internet Security (CIS):<\/strong> Free CIS Controls v8.1, security benchmarks, and guidelines<\/li><li><strong>Multi-State Information Sharing and Analysis Center (MS-ISAC):<\/strong> Low-cost endpoint detection, network monitoring, and actionable threat intelligence for state and local governments<\/li><\/ul><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6ab94ea elementor-widget elementor-widget-text-editor\" data-id=\"6ab94ea\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Some smaller towns even outsource their entire IT function to an MSSP, which is common in jurisdictions without critical infrastructure, like water treatment plants or airports, but still responsible for essential services like police, fire, sanitation, and traffic management.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-2ae72ff elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"2ae72ff\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ce112ce\" data-id=\"ce112ce\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4a4ff35 elementor-widget elementor-widget-heading\" data-id=\"4a4ff35\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Conclusion<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1bab6b3 elementor-widget elementor-widget-text-editor\" data-id=\"1bab6b3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Proactive governance is the foundation of resilience. Local IT leaders must build strong relationships with other department heads, advocate for cybersecurity, and ensure governance extends across both IT and OT\/IoT environments. Local government cybersecurity leaders should view compliance as a starting point, applying standards like election security and CJIS across all departments. They should focus on risk-based investments, maintain asset inventory, and address high-risk exposures. They should also aim to reduce human errors through regular security awareness training and foster a security-first culture. Finally, they should maximize available resources such as state and federal funding, cooperative purchasing, MSSPs, and partnerships with CIS and MS-ISAC.<\/p><p>With constrained budgets and limited staff, strategic resource use and strong governance can bridge the gap between minimal compliance and true operational resilience.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-fd01cc0 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"fd01cc0\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-be4abb6\" data-id=\"be4abb6\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6b9c585 tags-cloud elementor-widget elementor-widget-heading\" data-id=\"6b9c585\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Tags<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c9b7e23 tags-cloud elementor-widget elementor-widget-post-info\" data-id=\"c9b7e23\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"post-info.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-inline-items elementor-icon-list-items elementor-post-info\">\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item elementor-repeater-item-f2e3860 elementor-inline-item\" itemprop=\"about\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text elementor-post-info__item elementor-post-info__item--type-terms\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-post-info__terms-list\">\n\t\t\t\t<a href=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/tag\/cybersecurity\/\" class=\"elementor-post-info__terms-list-item\">cybersecurity<\/a>, <a href=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/tag\/data-security\/\" class=\"elementor-post-info__terms-list-item\">Data Security<\/a>, <a href=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/tag\/ec-council\/\" class=\"elementor-post-info__terms-list-item\">EC-Council<\/a>, <a href=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/tag\/gdpr\/\" class=\"elementor-post-info__terms-list-item\">GDPR<\/a>, <a href=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/tag\/governance\/\" class=\"elementor-post-info__terms-list-item\">Governance<\/a>, <a href=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/tag\/hipaa\/\" class=\"elementor-post-info__terms-list-item\">HIPAA<\/a>, <a href=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/tag\/information-security\/\" class=\"elementor-post-info__terms-list-item\">Information Security<\/a>\t\t\t\t<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5935a1f tags-cloud elementor-widget elementor-widget-heading\" data-id=\"5935a1f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">About the Author<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-d49c388 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d49c388\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-e76906d\" data-id=\"e76906d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-62bdcaa elementor-widget elementor-widget-image\" data-id=\"62bdcaa\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"800\" height=\"800\" src=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/09\/24-june-Nick-Kuriger-1.jpg\" class=\"attachment-full size-full wp-image-83706\" alt=\"Nick Kuriger\" srcset=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/09\/24-june-Nick-Kuriger-1.jpg 800w, https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/09\/24-june-Nick-Kuriger-1-300x300.jpg 300w, https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/09\/24-june-Nick-Kuriger-1-150x150.jpg 150w, https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/09\/24-june-Nick-Kuriger-1-768x768.jpg 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e91ca2d elementor-widget elementor-widget-heading\" data-id=\"e91ca2d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Nick Kuriger<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e4da9cd elementor-widget elementor-widget-heading\" data-id=\"e4da9cd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Director of Information Technology\/Information Security Officer, Virginia State Bar<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-8e96410\" data-id=\"8e96410\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ee4d1f0 elementor-widget elementor-widget-text-editor\" data-id=\"ee4d1f0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>With over 25 years in IT and cybersecurity, Nick Kuriger serves as the Director of Information Technology and Information Security Officer at the Virginia State Bar. He is also an Associate Professor and conducts cybersecurity assessments for Virginia\u2019s local governments. Kuriger holds 13 EC-Council Certifications, including CCISO and CEH Master, along with over 100 other certifications from (ISC)\u00b2, ISACA, SANS, Microsoft, AWS and CompTIA. He also holds multiple master\u2019s degrees in IT, cybersecurity, and business and is committed to advancing cybersecurity practices and education through his work.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>While the cybersecurity industry often caters to large enterprises and national-level mandates, local (state) governments remain underserved despite handling vast amounts of sensitive personal and financial data. This makes them attractive targets of the same cyberthreats facing larger corporations, including ransomware, phishing, insider risks, and IoT vulnerabilities. Explore cybersecurity strategies tailored to local governments, from&hellip;<\/p>\n","protected":false},"author":39,"featured_media":83699,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":true,"_eb_attr":"","footnotes":""},"categories":[3444],"tags":[199,12443,115,13048,12391,13049,12407],"class_list":{"0":"post-83689","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-executive-management","8":"tag-cybersecurity","9":"tag-data-security","10":"tag-ec-council","11":"tag-gdpr","12":"tag-governance","13":"tag-hipaa","14":"tag-information-security"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v20.13 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Local Government Cybersecurity: Compliance &amp; Risk Guide<\/title>\n<meta name=\"description\" content=\"Learn how local governments manage cybersecurity risks and ensure compliance with regulations to protect public data and digital infrastructure.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/executive-management\/local-government-cybersecurity-compliance-risk\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Local Government Cybersecurity: Compliance &amp; Risk Guide\" \/>\n<meta property=\"og:description\" content=\"Learn how local governments manage cybersecurity risks and ensure compliance with regulations to protect public data and digital infrastructure.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/executive-management\/local-government-cybersecurity-compliance-risk\/\" \/>\n<meta property=\"og:site_name\" content=\"Cybersecurity Exchange\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-25T12:05:24+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-11T21:26:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/09\/Blog-Banners-CCISO-02-1080x1080e-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1080\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"EC-Council\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Local Government Cybersecurity: Compliance &amp; Risk Guide\" \/>\n<meta name=\"twitter:description\" content=\"Learn how local governments manage cybersecurity risks and ensure compliance with regulations to protect public data and digital infrastructure.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/09\/Blog-Banners-CCISO-02-1080x1080e-1.png\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"EC-Council\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/executive-management\\\/local-government-cybersecurity-compliance-risk\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/executive-management\\\/local-government-cybersecurity-compliance-risk\\\/\"},\"author\":{\"name\":\"EC-Council\",\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#\\\/schema\\\/person\\\/149b0e70bfa8b561d788e054ed4bd997\"},\"headline\":\"Cybersecurity in Local Government: Navigating Compliance and Risk\",\"datePublished\":\"2026-01-25T12:05:24+00:00\",\"dateModified\":\"2026-03-11T21:26:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/executive-management\\\/local-government-cybersecurity-compliance-risk\\\/\"},\"wordCount\":1723,\"publisher\":{\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/executive-management\\\/local-government-cybersecurity-compliance-risk\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/Blog-Banners-CCISO-02-1080x1080e-1.png\",\"keywords\":[\"cybersecurity\",\"Data Security\",\"EC-Council\",\"GDPR\",\"Governance\",\"HIPAA\",\"Information Security\"],\"articleSection\":[\"Executive Management\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/executive-management\\\/local-government-cybersecurity-compliance-risk\\\/\",\"url\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/executive-management\\\/local-government-cybersecurity-compliance-risk\\\/\",\"name\":\"Local Government Cybersecurity: Compliance & Risk Guide\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/executive-management\\\/local-government-cybersecurity-compliance-risk\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/executive-management\\\/local-government-cybersecurity-compliance-risk\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/Blog-Banners-CCISO-02-1080x1080e-1.png\",\"datePublished\":\"2026-01-25T12:05:24+00:00\",\"dateModified\":\"2026-03-11T21:26:13+00:00\",\"description\":\"Learn how local governments manage cybersecurity risks and ensure compliance with regulations to protect public data and digital infrastructure.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/executive-management\\\/local-government-cybersecurity-compliance-risk\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/executive-management\\\/local-government-cybersecurity-compliance-risk\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/executive-management\\\/local-government-cybersecurity-compliance-risk\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/Blog-Banners-CCISO-02-1080x1080e-1.png\",\"contentUrl\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/Blog-Banners-CCISO-02-1080x1080e-1.png\",\"width\":1080,\"height\":1080,\"caption\":\"Local Government Cybersecurity\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/executive-management\\\/local-government-cybersecurity-compliance-risk\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.eccouncil.org\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity Exchange\",\"item\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Executive Management\",\"item\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/category\\\/executive-management\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Cybersecurity in Local Government: Navigating Compliance and Risk\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#website\",\"url\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/\",\"name\":\"Cybersecurity Exchange\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#organization\",\"name\":\"Cybersecurity Exchange\",\"url\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Cybersecurity Exchange\"},\"image\":{\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#\\\/schema\\\/person\\\/149b0e70bfa8b561d788e054ed4bd997\",\"name\":\"EC-Council\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Local Government Cybersecurity: Compliance & Risk Guide","description":"Learn how local governments manage cybersecurity risks and ensure compliance with regulations to protect public data and digital infrastructure.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/executive-management\/local-government-cybersecurity-compliance-risk\/","og_locale":"en_US","og_type":"article","og_title":"Local Government Cybersecurity: Compliance & Risk Guide","og_description":"Learn how local governments manage cybersecurity risks and ensure compliance with regulations to protect public data and digital infrastructure.","og_url":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/executive-management\/local-government-cybersecurity-compliance-risk\/","og_site_name":"Cybersecurity Exchange","article_published_time":"2026-01-25T12:05:24+00:00","article_modified_time":"2026-03-11T21:26:13+00:00","og_image":[{"width":1080,"height":1080,"url":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/09\/Blog-Banners-CCISO-02-1080x1080e-1.png","type":"image\/png"}],"author":"EC-Council","twitter_card":"summary_large_image","twitter_title":"Local Government Cybersecurity: Compliance & Risk Guide","twitter_description":"Learn how local governments manage cybersecurity risks and ensure compliance with regulations to protect public data and digital infrastructure.","twitter_image":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/09\/Blog-Banners-CCISO-02-1080x1080e-1.png","twitter_misc":{"Written by":"EC-Council","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/executive-management\/local-government-cybersecurity-compliance-risk\/#article","isPartOf":{"@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/executive-management\/local-government-cybersecurity-compliance-risk\/"},"author":{"name":"EC-Council","@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#\/schema\/person\/149b0e70bfa8b561d788e054ed4bd997"},"headline":"Cybersecurity in Local Government: Navigating Compliance and Risk","datePublished":"2026-01-25T12:05:24+00:00","dateModified":"2026-03-11T21:26:13+00:00","mainEntityOfPage":{"@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/executive-management\/local-government-cybersecurity-compliance-risk\/"},"wordCount":1723,"publisher":{"@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#organization"},"image":{"@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/executive-management\/local-government-cybersecurity-compliance-risk\/#primaryimage"},"thumbnailUrl":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/09\/Blog-Banners-CCISO-02-1080x1080e-1.png","keywords":["cybersecurity","Data Security","EC-Council","GDPR","Governance","HIPAA","Information Security"],"articleSection":["Executive Management"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/executive-management\/local-government-cybersecurity-compliance-risk\/","url":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/executive-management\/local-government-cybersecurity-compliance-risk\/","name":"Local Government Cybersecurity: Compliance & Risk Guide","isPartOf":{"@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/executive-management\/local-government-cybersecurity-compliance-risk\/#primaryimage"},"image":{"@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/executive-management\/local-government-cybersecurity-compliance-risk\/#primaryimage"},"thumbnailUrl":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/09\/Blog-Banners-CCISO-02-1080x1080e-1.png","datePublished":"2026-01-25T12:05:24+00:00","dateModified":"2026-03-11T21:26:13+00:00","description":"Learn how local governments manage cybersecurity risks and ensure compliance with regulations to protect public data and digital infrastructure.","breadcrumb":{"@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/executive-management\/local-government-cybersecurity-compliance-risk\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.eccouncil.org\/cybersecurity-exchange\/executive-management\/local-government-cybersecurity-compliance-risk\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/executive-management\/local-government-cybersecurity-compliance-risk\/#primaryimage","url":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/09\/Blog-Banners-CCISO-02-1080x1080e-1.png","contentUrl":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/09\/Blog-Banners-CCISO-02-1080x1080e-1.png","width":1080,"height":1080,"caption":"Local Government Cybersecurity"},{"@type":"BreadcrumbList","@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/executive-management\/local-government-cybersecurity-compliance-risk\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.eccouncil.org\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity Exchange","item":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/"},{"@type":"ListItem","position":3,"name":"Executive Management","item":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/category\/executive-management\/"},{"@type":"ListItem","position":4,"name":"Cybersecurity in Local Government: Navigating Compliance and Risk"}]},{"@type":"WebSite","@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#website","url":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/","name":"Cybersecurity Exchange","description":"","publisher":{"@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#organization","name":"Cybersecurity Exchange","url":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#\/schema\/logo\/image\/","url":"","contentUrl":"","caption":"Cybersecurity Exchange"},"image":{"@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#\/schema\/person\/149b0e70bfa8b561d788e054ed4bd997","name":"EC-Council"}]}},"_links":{"self":[{"href":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/posts\/83689","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/users\/39"}],"replies":[{"embeddable":true,"href":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/comments?post=83689"}],"version-history":[{"count":0,"href":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/posts\/83689\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/media\/83699"}],"wp:attachment":[{"href":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/media?parent=83689"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/categories?post=83689"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/tags?post=83689"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}