•  A financial plan to meet the requirements of operational risk management, based on Public
                Goods Valuation.
            •  Awareness building and institutional capacity building initiatives on risks, mitigation measures,
                impact reduction, crisis management, adaptation, etc.


            While cities may not have the capacity to create a full and detailed framework, plans to address
            even one or two of the most pressing concerns will benefit the city.



            3.6     Securing city e-governance


            As cities increase their use of digital tools for providing services and for engaging with city
            stakeholders, the potential increases for crises that arise from disruption of the digital infrastructure.
            Cities might be smarter, but without considering their cyber-resilience, these tools might not be
            available to manage physical crises. Disruption to online services may, in turn, become crises. For
            this reason, smart cities need to take some simple steps to manage their e-governance systems.
            These include:

            •  Security: Making use of automated vulnerability detection tools in their e-governance systems
                and assets.

            •  Reliability: Preventive maintenance of e-governance system assets and automated tools to
                identify points of failure (database, servers, power supply, networks, software, etc.), with fault-
                tolerance or fail-over mechanisms.

            •  Database security: A documented and tested backup and restore plan to recover databases
                with adequate support of version control, data integrity & data encryption mechanisms for
                transmission over secure networks.

            •  Data-centre security: The city’s data centre should have 24/7 security monitoring with proper
                alarm systems for security violations.
            •  Application server security: Incorporation of security protocols and certificates, antivirus
                solutions, along with proper role-based multi-user access controls.

            •  User training: Periodic training to ensure that all system users are properly aware of good
                practices as well as the business processes, system functionality, system risks, user roles and
                access rights needed to perform their jobs effectively and safely.


            Using a shared service data-centre which hosts the city’s applications and data is often more secure
            for a city than trying to run their own, because the service provider is able to provide optimal
            physical and technical security.












             46  U4SSC: Simple ways to be smart