ITU‐T's Technical Reports and Specifications 443 SSC information security technical protection The core protection mechanism for SSC functions through a comprehensive security system that should be established in four directions, namely physical and environmental security, system security, network security, and data and application security on a technical level. Physical and environment security contains several aspects of environment security, equipment security, as well as disaster recovery and prevention. System security includes three main aspects: anti‐virus technology, host security reinforcement, and operating system security. Network security involves gateway anti‐virus, firewall, and intrusion detection. Data and applications security includes database encryption and database backup technologies, among others. SSC security of applications Within SSC environment, the security of various applications should be based on the information security mechanism that relies not only on technical protection security, but also on security management, security operation and maintenance aspects. 8 Cybersecurity and a SSC governance framework Traditional mechanisms to organize and coordinate efforts among city stakeholders may prove insufficient to achieve the goals of smart sustainable cities, and ultimately ensure a better quality of life to city dwellers, businesses and visitors facing the effects of increasing threats. The need for interoperability of different smart systems and data sets generates the need for a unified approach to governance, to ICTs, and in particular, to cybersecurity and data protection mechanisms. SSC stakeholders are faced by the need to ensure that the ICT approach and the related cyber‐protection mechanisms are interwoven with the overall development strategy of the city. Chief Information Officers (CIOs) are becoming increasingly involved in devising these strategies, in collaboration with policy and decision‐makers. Each stakeholder, including system administrators, will have to consider the wider implications of security incidents, regardless of their nature. This involves considering how the recovering process could impact upon other components of the cities' services and operations. Similarly, any subsequent adjustment aimed at addressing new system vulnerabilities will have to take into account the implications of those measures on any related system, both in terms of interoperability and cybersecurity. A centralized governance body for SSC could utilize a central virtual dashboard, comprising the ICT operational center, to run the services provided by SSC and provide ongoing assessment and timely response to varying incidents and needs. With the reliability of SSC services at stake, absolute continuity, reliability and safety must be guaranteed. Any threat to the security of the system and its information can be detected, analysed and dealt with using threat intelligence services. The deployed ICT should be able to obtain reliable threat and vulnerability intelligence, and consequently dynamically adjust its security stance. In the case of incidents, these need to be promptly and effectively managed by specialist operators and incident