Paul J. Luft

Date of Award





Master of Cybersecurity Management


TSYS School of Computer Science

First Advisor

Lydia Ray

Second Advisor

Shamim Khan

Third Advisor

Yesem Kurt Peker


Although increasing cybersecurity threats continue in libraries, not many studies are available which examine surrounding cybersecurity policies. Even less has been done on specific types of libraries such as academic and archives. When it comes to academic libraries, cybersecurity policies take a top-down approach to managing and creating policies. The problem is that both academic libraries and archives are unique areas within a university setting. Some of the general policies do not always handle specific issues dealt with in an academic library or archives. This paper investigates if an actual gap or void in policy exists which could create issues in academic libraries and archives, as well as if the university cybersecurity policy is being communicated, reviewed, reported, and created with inclusion of librarians and archivists. An 18-question survey was administered to librarians, archivists, and university information technology cybersecurity professionals within the 24 academic institutions of University Systems of Georgia (USG). Twenty-seven respondents completed the survey. The survey was, then, analyzed according to subcategories. A general theme emerged: communication of cybersecurity policy and the inclusion of librarians and archivists in policy creation and reporting could improve cybersecurity defense. The lack of participation and report feedback also lead to a very low perception or barometer score (5.1 average on a 10-point scale) as to how well the cybersecurity plan was being communicated. The solution to the communication gap could be in form of a plan. A conceptual model entitled Communication Enlightenment Engagement Plan (CEEP) would increase involvement by community engagement (inclusion, policy review, and policy creation.) Adding a feedback loop to CEEP will aid in the engagement process as well as keeping top tiers of management aware of policy changes and issues.