Municipalities manage a significant part of society's services, and hence they also handle a vast amount of information. A municipality's activities include managing a significant part of society's services, and municipalities’ supply and management of information are, therefore, critical for society in general, and also for achieving the municipalities’ own operational goals. However, research shows weaknesses in the municipalities' work on information security, and there is a need to study and identify the current level of security.

This paper presents the result from a GAP analysis mapping the current situation of Swedish municipalities' for systematic information security work, based on the demands made on municipalities from both research and social perspectives. The result shows that the information security level regarding the systematic security work is generally low, and that there is a need to implement adapted tools for Information Security Management Systems in order to support municipalities.

Behnia, A., Rashid, R.A and Chandry, J.A, (2012). A Survey of Information Security Risk Analysis Methods. Smart Computing Review, Vol.2, No.1.

De Lange, J., R. Von Solms and M. Gerber (2015). Better information security management in municipalities. IST-Africa Conference, 2015, IEEE.

Hwang, K. and Choi, M. (2017). Effects of innovation-supportive culture and organizational citizenship behaviour on e-government information system security stemming from mimetic isomorphism, Government Information Quarterly, 34 (2017), pp.183-198

ISO/IEC (2014) 27000:2014 Information technology - Security techniques, Information security management systems - Overview and vocabulary. ISO/IEC (2014).

Li, Z. and Yang, F. (2016), The e-govermnent information model based on GDR, Procedia Computer Science, 91 (2016), pp.193-200.

Lisiak-Felicka, D. and Szmit, M. (2016). Information security management systems in municipal offices in Poland. Information Systems in Management, 5(1), 66--77.

Lopes, I and Oliveira, P, (2015). Implementation of Information Security Olives: A Survey in Small and Medium Sized Enterprises, New Contributions in Information Systems and Technologies, Vol. 353, pp. 459-468.

Morgan, J. (2017). County and municipal cybersecurity, Part 1. CIO. Available online: https://www.cio.com/article/3184618/government-use-of-it/county-and-municipal-cybersecurity-part-1.html.

MSB (2015). En bild av kommunernas informationssäkerhetsarbete 2015. Myndigheten för samhällsskydd och beredskap (MSB). Advant Produktionsbyrå AB. Publ.nr: MSB943-december 2015. ISBN: 978-91-7383-619-7 (in Swedish).

MSB (2012). Kommunernas informationssäkerhet – en vägledning. Myndigheten för samhällsskydd och beredskap (MSB). Danagård LiTHO. Publ.nr: MSB508 – December 2012. ISBN: 978-91-7383-304-2 (in Swedish).

Rodriguez, J. R. (2016). ‘You Hacked’ appears at Muni stations as fare payment system crashes. San Francisco Examiner, Nov 26, 2016. Available online: http://www.sfexaminer.com/hacked-appears-muni-stations-fare-payment-system-crashes/.

Solms, R, (2012). Information Security Management: Processes and Metrics. Diss, University of Johannesburg.

SOU (2015). Informations- och cybersäkerhet i Sverige – Strategi och åtgärder för säker information i staten. SOU 2015:23. Betänkande av NISU 2014.. Elanders Svergie AB. ISBN 978-91-38-24256-8.

Soomro, Z. A., Shah, M. H., and Ahmed, J. (2016). Information security management needs more holistic approach: A literature review. International Journal of Information Management, 36(2), 215-225.

Tu, Z and Yuah, Y, (2014). Critical Success Factors, Analysis on Information Security Management: A Literature Review, CSF Analysis on Effective Information Security Management.

Williamson, K. (2002). Research methods for students, academics and professionals: Information management and systems: Elsevier.