Abstract
This paper explores cybersecurity risk modeling for open data in Smart City environments, with a specific case study focused on the Hradec Kralove Region. The goal is to establish a cybersecurity baseline through automated analysis using extended BPMN modeling, complemented by Business Impact Analysis (BIA). The approach identifies critical data flows and quantifies the impact of disruptions in terms of Recovery Time Objective (RTO), Maximum Tolerable Period of Disruption (MTPD), and Maximum Tolerable Data Loss (MTDL). A framework for automated risk mitigation selection is proposed. Results demonstrate the effectiveness of combining process mapping with security requirements to prioritize protections for Smart City data. As an example from the open data domain, the visualization-publishing process was found to tolerate an outage of up to one week, but required high confidentiality and integrity. The maximum tolerable data loss (MTDL) was set at 24 h, leading to the selection of measures such as encryption, access control, and regular backups. This structured methodology enhances data availability and integrity, supporting resilient urban digital infrastructure.