DOGANA - Advanced Social Engineering and Vulnerability Assessment Framework

Date: 
01/09/2015 to 31/08/2018

Introduction

The advent of Social Networks has made both companies and public bodies tremendously exposed to the so-called Social Engineering 2.0, and thus prone to targeted cyber-attacks. Unfortunately, there is currently no solution available on the market that allows neither the comprehensive assessment of Social Vulnerabilities nor the management and reduction of the associated risk.

DOGANA aims to fill this gap by developing a framework that delivers "aDvanced sOcial enGineering And vulNerability Assessment". The underlying concept of DOGANA is that Social Vulnerabilities Assessments (SVAs), when regularly performed with the help of an efficient framework, help deploy effective mitigation strategies and lead to reducing the risk created by modern Social Engineering 2.0 attack techniques. Two relevant features of the proposed framework are:

  1. the presence of the "awareness" component within the framework as the cornerstone of the mitigation activities;
  2. the legal compliance by design of the whole framework, that will be ensured by a partner and a work package explicitly devoted to this task.

Moreover, the outcomes of the project are also expected to provide a solid basis to revise the insurance models for cyber-attacks related risks, thanks to the involvement of 2 strong DOGANA partners in this area of activity.

Who is the project designed for?

The project, started the 1st September 2015, will be implemented by a consortium of 18 partners, from 11 different countries, including users, technology providers of whom 3 are major world-wide cyber-security solutions market leaders as well as legal and psychological expertise. An extensive field trial plan enables the testing of the DOGANA platform with six users (4 partners and 2 supporting users) operating in the critical areas of energy, finance, transport, utilities, and public authorities. DOGANA has also created a unique consortium with a world-wide scope.

How is your project benefitting the end-user?

The main DOGANA aim is to provide enterprises with a complete framework to assess their exposure and consequently adopt secure countermeasures. This is not an easy problem due to several legal, technological and procedural limitations. The consortium includes several end-user partners, belonging to different industries as well as some project supporters (involved during the proposal preparation and committed to the project through a letter of interest). The aim is to perform real tests and trials involving the entire users group, carefully selected for their orthogonally in order to guarantee to the project the best possible coverage of all user’s needs.

Please briefly describe the results your project achieved so far

  • Handling of Legal and ethical requirements to which the DOGANA system must comply according to current Regulation (GDPR): The result is the definition of a set of security policies that must be implemented by an organization to implement DOGANA-based SDVA systems.
  • Extension of the psychological models and foundations driving the definition, implementation, and evaluation of awareness methods: Guidelines and strategies for incorporating a human-centric approach in user interactions and interfaces, for the toolset and the awareness methods.
  • First assessment on the effectiveness of the awareness methods and the definition and implementation of Awareness strategies to improve people’s understanding of the social engineering phenomena through iterative training that should mitigate the overall risk.
  • Tool chain architecture and specifications definition and implementation to support the assessment of social engineering exposure: DOGANA SDVA framework, consisting of assessment tools, SE-oriented vulnerability verification tools according to guidelines and evaluation criteria and requirements. This framework also includes data analysis and aggregation techniques.

What are the next steps for your project?

Field trials execution and validation

Week: 
Thursday, 15 February, 2018 to Thursday, 22 February, 2018

Project type:

News

EU to strenghten its expertise in cybersecurity research, technology and industrial developmen

Europe is stepping up its protection against cybersecurity threats, and is discussing a new structure of pool of expertise which will help secure the digital single market and increase the EU’s autonomy in the area of cybersecurity.

Europe is currently working on the establishment of a top knowledge base for cybersecurity and a network of national cybersecurity coordination centres called the European Cybersecurity Industrial, Technology and Research Centre and the Network of National Coordination Centres.

Future Events

Cyber Insurance and its Contribution to Cyber Risk Mitigation - Leiden March 25-29
25/03/2019 to 29/03/2019
Image:

The rise in both the scale and severity of recent cyberattacks demands new thinking about cybersecurity risk and the mitigation and transfer of that risk. Cyber insurance is one potential way to manage risk by transferring damage liability, but the cyber insurance market is immature and the understanding and actuarial knowledge of cyber-risk is currently underdeveloped.

e-SIDES workshop 2019
02/04/2019
Image:

e-SIDES workshop: Towards Value-Centric Big Data: Connect People, Processes and Technology

BRUSSELS

2 April 2019

10am to 4pm

 

e-SIDES is a research project funded by European Commission H2020 Programme that deals with the ethical, legal, social and economic implications of privacy-preserving technologies in different big data context.