MIM6 - Security

OASC MIM6: Security Management

Description

As cities become smarter and more technology-driven, they become a target for cyber attacks with significant consequences in terms of costs and loss of services. In order to deliver reliable digital services for citizens, cities have to continuously evaluate the cyber risks and to put in place security measures to prepare for cyber attacks.

MIM 6 focuses on addressing interoperability for secure data transfer.

Objectives

  • When information is transferred, between parts of the data platform or externally, this is done securely.

  • Data processors know what requirements concerning security and interoperability to make of suppliers and systems when evaluating, procuring, developing, operating, and using solutions.

Capabilities

(see Notes for discussion)

Requirements

Mechanisms

Specifications

StandardAspectReferences

ISO27005

International Standard ISO/IEC 27005:2018 Information technology – Security techniques – Information security risk management

https://www.iso.org/standard/75281.html

NIST SP800-53r5

NIST Special Publication SP800-53, Security and Privacy Controls for Information Systems and Organizations

https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final

GDPR

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27vApril 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

https://eur-lex.europa.eu/eli/reg/2016/679/oj

Compliance and Conformance

PreviousReferencesNextNotes