MIM6 - Security

OASC MIM6: Security Management


Work Item





As cities become smarter and more technology-driven, they become a target for cyber attacks with significant consequences in terms of costs and loss of services. In order to deliver reliable digital services for citizens, cities have to continuously evaluate the cyber risks and to put in place security measures to prepare for cyber attacks.

The objective of proposed MIM6 is to develop a methodology to help identify security-related risks and choose the right measures to protect systems and data.

To provide cities with a framework for governance, risk management and control in the area of cybersecurity, along with a baseline of cybersecurity measures addressing the identified risks and providing a methodology for conducting regular maturity assessments.


Baseline Specifications



International Standard ISO/IEC 27005:2018 Information technology – Security techniques – Information security risk management

NIST SP800-53r5

NIST Special Publication SP800-53, Security and Privacy Controls for Information Systems and Organizations


REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27vApril 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

Last updated