References
- AICPA ASEC. (2017). Description Criteria for Management’s Description of the Entity’s Cybersecurity Risk Management Program. Issued by the AICPA Assurance Services Executive Committee (ASEC) Prepared by ASEC’s Cybersecurity Working Group. Retrieved September 5, 2022, from https://us.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/cybersecurity/description-criteria.pdf
- ASPE. (1996). Health insurance portability and accountability act of 1996. Retrieved July 26, 2022, from https://aspe.hhs.gov/reports/health-insurance-portability-accountability-act-1996
- Bastidas, V., Bezbradica, M., & Helfert, M. (2017, June). Cities as enterprises: A comparison of smart city frameworks based on enterprise architecture requirements. In International Conference on Smart Cities (pp. 20–28). Springer.
- Brady, A. (2022). Counterattacks on cybersecurity. Retrieved September 5, 2022, from https://www.iso.org/contents/news/2022/05/counter-attacks-on-cybersecurity.html
- Braun, T., Fung, B. C., Iqbal, F., & Shah, B. (2018). Security and privacy challenges in smart cities. Sustainable Cities and Society, 39, 499–507. https://doi.org/10.1016/j.scs.2018.02.039
- Chen, D., Wawrzynski, P., & Lv, Z. (2021). Cyber security in smart cities: A review of deep learning-based applications and case studies. Sustainable Cities and Society, 66, 102655. https://doi.org/10.1016/j.scs.2020.102655
- COBIT. (2020). State of Cybersecurity 2020, Part 1: Workforce Efforts and Resources. Retrieved September 5, 2022, from https://www.isaca.org/go/state-of-cybersecurity-2020
- COBIT 2019. (2018). COBIT 2019 Overview. Retrieved September 5, 2022, from https://www.isaca.org/resources/cobit
- Committee of Sponsoring Organizations of the Treadway Commission (COSO). (2013). Internal Control—Integrated Framework. Retrieved July 27, 2022, from https://www.coso.org/Shared%20Documents/Framework-Executive-Summary.pdf
- COSO-ERM. (2019). Managing Cyber Risk in a Digital Age. Retrieved September 5, 2022, from https://www.coso.org/Shared%20Documents/COSO-Deloitte-Managing-Cyber-Risk-in-a-Digital-Age.pdf
- Cybersecurity and Infrastructure Security Agency. (2020). Trust in Smart City Systems Report. Retrieved July 11, 2022, from https://www.cisa.gov/sites/default/files/publications/Trust%20in%20Smart%20City%20Systems%20Report%2020200715_508.pdf
- Deep, S., Zheng, X., Jolfaei, A., Yu, D., Ostovari, P., & Kashif Bashir, A. (2022). A survey of security and privacy issues in the internet of things from the layered context. Transactions on Emerging Telecommunications Technologies, 33(6), e3935. https://doi.org/10.1002/ett.3935
- De Haes, S., Van Grembergen, W., Joshi, A., & Huygh, T. (2020). COBIT as a Framework for Enterprise Governance of IT. In Enterprise governance of information technology (pp. 125–162). Springer.
- Economist Intelligence Unit. (2022). The Global Liveability Index 2022. Retrieved August 11, 2022, from https://www.eiu.com/n/campaigns/global-liveability-index-2022/
- Elmaghraby, A. S., & Losavio, M. M. (2014). Cyber security challenges in smart cities: Safety, security and privacy. Journal of Advanced Research, 5(4), 491–497. https://doi.org/10.1016/j.jare.2014.02.006
- European Commission. (n.d.). Smart cities. Retrieved July 17, 2022, from https://ec.europa.eu/info/eu-regional-and-urban-development/topics/cities-and-urban-development/city-initiatives/smart-cities_en
- European Confederation of Institutes of Internal Auditing. (2022). Risk in Focus: Hot Topics for Internal Auditors, 2022. [ Retrieved September 4, 2022, from https://www.eciia.eu/wp-content/uploads/2021/09/FINAL-Risk-in-Focus-2022-V11.pdf
- European Union: General data protection regulation. (2018). Official Journal of the European Union. Retrieved July 21, 2022a, from http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679
- Foster, A. D., & Rosenzweig, M. R. (2010). Microeconomics of Technology Adoption. Annual Review of Economics, 2(1), 395–424. https://doi.org/10.1146/annurev.economics.102308.124433
- Frost, & Sullivan. (2020). Smart Cities to Create Business Opportunities Worth $2.46 Trillion by 2025, says Frost & Sullivan. Retrieved July 10, 2022, from https://www.frost.com/news/press-releases/smart-cities-to-create-business-opportunities-worth-2-46-trillion-by-2025-says-frost-sullivan/
- Galligan, M., & Rau, K. (2015). COSO in the Cyber Age. Retrieved July 28, 2022, from https://www.coso.org/Shared%20Documents/COSO-in-the-Cyber-Age.pdf
- Gharaibeh, A., Salahuddin, M. A., Hussini, S. J., Khreishah, A., Khalil, I., Guizani, M., & Al-Fuqaha, A. (2017). Smart cities: A survey on data management, security, and enabling technologies. IEEE Communications Surveys & Tutorials, 19(4), 2456–2501. https://doi.org/10.1109/COMST.2017.2736886
- The global risks report 2022 - World Economic Forum. Retrieved July 8, 2022b, from https://www3.weforum.org/docs/WEF_The_Global_Risks_Report_2022.pdf
- Goldstein, S. M., Johnston, R., Duffy, J., & Rao, J. (2002). The service concept: The missing link in service design research? Journal of Operations Management, 20(2), 121–134. https://doi.org/10.1016/s0272-6963(01)00090-0
- Hernandez-Ramos, J. L., Martinez, J. A., Savarino, V., Angelini, M., Napolitano, V., Skarmeta, A. F., & Baldini, G. (2020). Security and privacy in internet of things-enabled smart cities: Challenges and future directions. IEEE Security & Privacy, 19(1), 12–23. https://doi.org/10.1109/MSEC.2020.3012353
- Hope, A. (2022). Ransomware Attack Disrupted Municipal Services in the Italian City of Palermo. CPO Magazine. Retrieved July 28, 2022, from https://www.cpomagazine.com/cyber-security/ransomware-attack-disrupted-municipal-services-in-the-italian-city-of-palermo/
- IIA-GTAG. (2016). Assessing Cybersecurity Risk Roles of the Three Lines of Defense. International Professional Practices Framework Global Technologies Audit Guide (GTAG). Retrieved September 5, 2022, from https://www.theiia.org/en/content/guidance/recommended/supplemental/gtags/gtag-auditing-cybersecurity-operations-prevention-and-detection/
- IMD. (2021). IMD-SUTD Smart City Index. Retrieved June18, 2022, from https://www.imd.org/smart-city-observatory/home/#_smartCity
- Industrial Internet Consortium (2021). The Industrial Internet of Things Trustworthiness Framework Foundations. Retrieved September 9,2022, from https://www.iiconsortium.org/pdf/Trustworthiness_Framework_Foundations.pdf
- The Institute of Internal Auditors (IIA). (2022). OnRisk 2022: A Guide to Understanding, Aligning, and Optimizing Risk, 2022. Retrieved July12, 2022, from https://www.theiia.org/globalassets/site/2021-2865-onrisk-report-online-current-final-crx.pdf
- International Organization for Standardization. (2017). ISO/IEC 30182: 2017 Smart city concept model — Guidance for establishing a model for data interoperability, ISO. Retrieved July 23, 2022, from https://www.iso.org/standard/53302.html
- International Organization for Standardization. (2019). ISO/IEC 27701: 2019 Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management — Requirements and guidelines, ISO. Retrieved July 20, 2022, from https://www.iso.org/standard/71670.html
- International Organization for Standardization. (2022a). ISO/IEC 24039: 2022 Information technology — Smart city digital platform reference architecture — Data and service, ISO. Retrieved July 23 2022, from https://www.iso.org/standard/77621.html
- International Organization for Standardization. (2022b). ISO/IEC 27002: 2022 Information security, cybersecurity and privacy protection — Information security controls, ISO. Retrieved July 20, 2022, from https://www.iso.org/standard/75652.html
- International Organization for Standardization. (2022c). ISO/IEC 27400: 2022 Cybersecurity — IoT security and privacy — Guidelines, ISO. Retrieved July 20, 2022, from https://www.iso.org/standard/71670x.html
- Ismagilova, E., Hughes, L., Rana, N. P., & Dwivedi, Y. K. (2022). Security, privacy and risks within smart cities: Literature review and development of a smart city interaction framework. Information Systems Frontiers, 24(2), 393–414. https://doi.org/10.1007/s10796-020-10044-1
- ISO/IEC TS 27100:2020. (2020). Retrieved August 1, 2022, from https://www.iso.org/obp/ui/#iso:std:iso-iec:ts:27100:ed-1:v1:en
- ISO - #worldsmartcity. Retrieved July 18, 2022c, from https://www.iso.org/sites/worldsmartcity/
- Karie, N. M., Sahri, N. M., Yang, W., Valli, C., & Kebande, V. R. (2021). A review of security standards and frameworks for IoT-based smart environments. IEEE Access.
- Keshavarzi, G., Yildirim, Y., & Arefi, M. (2021). Does scale matter? An overview of the ‘smart cities’ literature. Sustainable Cities and Society, 74, 103151. https://doi.org/10.1016/j.scs.2021.103151
- Kitchin, R., & Dodge, M. (2019). The (in) security of smart cities: Vulnerabilities, risks, mitigation, and prevention. Journal of Urban Technology, 26(2), 47–65. https://doi.org/10.1080/10630732.2017.1408002
- Kohnke, A., Sigler, K., & Shoemaker, D. (2016). Strategic risk management using the NIST risk management framework. EDPACS, 53(5), 1–6. https://doi.org/10.1080/07366981.2016.1160713
- Lom, M., & Pribyl, O. (2020). Smart city model based on systems theory. International Journal of Information Management, 56, 102092. https://doi.org/10.1016/j.ijinfomgt.2020.102092
- Ministry of Internal Affairs and Communications, Japan. (2020). Smart City Security Guideline (Ver 1.0). [ Retrieved July 14, 2022], from https://www.soumu.go.jp/main_sosiki/joho_tsusin/eng/presentation/pdf/Smart_City_Security_Guideline_ver1.0.pdf
- National Cyber Security Center. (2022). Mitigating malware and ransomware attacks. Retrieved August 20, 2022, from https://www.ncsc.gov.uk/pdfs/guidance/mitigating-malware-and-ransomware-attacks.pdf
- National Institute of Urban Affairs. (2021). Municipal Performance Index 2020. Retrieved August 8, 2022, from https://smartnet.niua.org/sites/default/files/resources/final_web_mpi_report_2021.pdf
- NIST. (2018). Risk management framework for information systems and organizations. Retrieved July 8, 2022, from https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf
- NIST. (2020a). About the RMF - NIST Risk Management Framework | CSRC. Retrieved July 22, 2022, from https://csrc.nist.gov/projects/risk-management/about-rmf
- NIST. (2022a). Assurance - Glossary | CSRC. Retrieved August 1, 2022, from https://csrc.nist.gov/glossary/term/assurance
- NIST. (2022b). Glossary | CSRC. Retrieved August 1, 2022, from https://csrc.nist.gov/glossary
- NIST Control Baselines for Information Systems and Organizations. (2020c). Retrieved July 28, 2022, from https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53B.pdf
- NIST Security and Privacy Controls for Information Systems and Organizations. (2020b). Retrieved July 26, 2022, from https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf
- Pierce, P., & Andersson, B. (2017). Challenges with smart cities initiatives – A municipal decision makers’ perspective. In Proceedings of the 50th Hawaii International Conference on System Sciences. https://web.archive.org/web/20180719171101id_/https://scholarspace.manoa.hawaii.edu/bitstream/10125/41495/1/paper0346.pdf
- Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020). Zero trust architecture. Retrieved August 3, 2022, from https://doi.org/10.6028/nist.sp.800-207
- Schiller, E., Aidoo, A., Fuhrer, J., Stahl, J., Ziörjen, M., & Stiller, B. (2022). Landscape of IoT security. Computer Science Review, 44, 100467. https://doi.org/10.1016/j.cosrev.2022.100467
- Smart Cities and Inclusive Growth. (2020). Retrieved July 18, 2022, from https://www.oecd.org/cfe/cities/OECD_Policy_Paper_Smart_Cities_and_Inclusive_Growth.pdf
- Smart Cities Mission. (n.d.). Smart Cities Mission: A step towards Smart India. Retrieved July 17, Retrieved https://www.india.gov.in/spotlight/smart-cities-mission-step-towards-smart-india
- State of California Department of Justice. (2018). California Consumer Privacy Act (CCPA). State of California - Department of Justice - Office of the Attorney General. Retrieved July22, 2022, from https://oag.ca.gov/privacy/ccpa
- Stine, K., Quinn, S., Witte, G., & Gardner, R. K. (2020). Integrating Cybersecurity and Enterprise Risk Management (ERM). Retrieved 23, July 2022, from https://doi.org/10.6028/nist.ir.8286
- Szajna, B., & Scamell, R. W. (1993). The effects of information system user expectations on their performance and perceptions. MIS Quarterly, 17(4), 493–516. https://doi.org/10.2307/249589
- Tham, I. (2018). Singapore’s most serious cyber attack: How it unfolded. The Straits Times. Retrieved July 20, 2022, from https://graphics.straitstimes.com/STI/STIMEDIA/Interactives/2018/07/sg-cyber-breach/index.html
- Tounsi, W., & Rais, H. (2018). A survey on technical threat intelligence in the age of sophisticated cyber attacks. Computers & Security, 72, 212–233. https://doi.org/10.1016/j.cose.2017.09.001
- United Nations. (2018). 2018 Revision of World Urbanization Prospects | Multimedia Library - United Nations Department of Economic and Social Affairs. Retrieved July 21, 2022, from https://www.un.org/development/desa/publications/2018-revision-of-world-urbanization-prospects.html
- Vasarhelyi, M. A., Alles, M. G., Kuenkaikaew, S., & Littley, J. (2012). The acceptance and adoption of continuous auditing by internal auditors: A micro analysis. International Journal of Accounting Information Systems, 13(3), 267–281. https://doi.org/10.1016/j.accinf.2012.06.011
- Vasarhelyi, M. A., & Halper, F. B. (1991). The continuous audit of online systems. A Journal of Practice & Theory, 10(1), 110–125.
- Vitunskaite, M., He, Y., Brandstetter, T., & Janicke, H. (2019). Smart cities and cyber security: Are we there yet? A comparative study on the role of standards, third party risk management and security ownership. Computers & Security, 83, 313–331. https://doi.org/10.1016/j.cose.2019.02.009
- Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. Computers & Security, 38, 97–102. https://doi.org/10.1016/j.cose.2013.04.004
- Weber, M., & Podnar Žarko, I. (2019). A regulatory view on smart city services. Sensors, 19(2), 415. https://doi.org/10.3390/s19020415
- World Bank. (2015). Smart Cities. Retrieved July 16, 2022, from https://www.worldbank.org/en/topic/digitaldevelopment/brief/smart-cities
- World Bank. (n.d.). Gscp. Retrieved 18 July, 2022, from https://www.worldbank.org/en/programs/global-smart-city-partnership-program