DOGANA - Advanced Social Engineering and Vulnerability Assessment Framework

Date: 
01/09/2015 to 31/08/2018

Introduction

The advent of Social Networks has made both companies and public bodies tremendously exposed to the so-called Social Engineering 2.0, and thus prone to targeted cyber-attacks. Unfortunately, there is currently no solution available on the market that allows neither the comprehensive assessment of Social Vulnerabilities nor the management and reduction of the associated risk.

DOGANA aims to fill this gap by developing a framework that delivers "aDvanced sOcial enGineering And vulNerability Assessment". The underlying concept of DOGANA is that Social Vulnerabilities Assessments (SVAs), when regularly performed with the help of an efficient framework, help deploy effective mitigation strategies and lead to reducing the risk created by modern Social Engineering 2.0 attack techniques. Two relevant features of the proposed framework are:

  1. the presence of the "awareness" component within the framework as the cornerstone of the mitigation activities;
  2. the legal compliance by design of the whole framework, that will be ensured by a partner and a work package explicitly devoted to this task.

Moreover, the outcomes of the project are also expected to provide a solid basis to revise the insurance models for cyber-attacks related risks, thanks to the involvement of 2 strong DOGANA partners in this area of activity.

Who is the project designed for?

The project, started the 1st September 2015, will be implemented by a consortium of 18 partners, from 11 different countries, including users, technology providers of whom 3 are major world-wide cyber-security solutions market leaders as well as legal and psychological expertise. An extensive field trial plan enables the testing of the DOGANA platform with six users (4 partners and 2 supporting users) operating in the critical areas of energy, finance, transport, utilities, and public authorities. DOGANA has also created a unique consortium with a world-wide scope.

How is your project benefitting the end-user?

The main DOGANA aim is to provide enterprises with a complete framework to assess their exposure and consequently adopt secure countermeasures. This is not an easy problem due to several legal, technological and procedural limitations. The consortium includes several end-user partners, belonging to different industries as well as some project supporters (involved during the proposal preparation and committed to the project through a letter of interest). The aim is to perform real tests and trials involving the entire users group, carefully selected for their orthogonally in order to guarantee to the project the best possible coverage of all user’s needs.

Please briefly describe the results your project achieved so far

  • Handling of Legal and ethical requirements to which the DOGANA system must comply according to current Regulation (GDPR): The result is the definition of a set of security policies that must be implemented by an organization to implement DOGANA-based SDVA systems.
  • Extension of the psychological models and foundations driving the definition, implementation, and evaluation of awareness methods: Guidelines and strategies for incorporating a human-centric approach in user interactions and interfaces, for the toolset and the awareness methods.
  • First assessment on the effectiveness of the awareness methods and the definition and implementation of Awareness strategies to improve people’s understanding of the social engineering phenomena through iterative training that should mitigate the overall risk.
  • Tool chain architecture and specifications definition and implementation to support the assessment of social engineering exposure: DOGANA SDVA framework, consisting of assessment tools, SE-oriented vulnerability verification tools according to guidelines and evaluation criteria and requirements. This framework also includes data analysis and aggregation techniques.

What are the next steps for your project?

Field trials execution and validation

Week: 
Thursday, 15 February, 2018 to Thursday, 22 February, 2018

Project type:

News

Europol - Internet Organised Crime Threat Assessment 2018

Europol has just released its fifth annual Internet Organised Crime Threat Assessment (IOCTA).

The report offers a unique law enforcement view of the emerging threats and key developments in the field of cybercrime over the last year and warns of 15 ways in which people can fall prey to cyber criminals.

Events

29/09/2018 to 05/10/2018
Cryptology And Network Security - 30th September/ 3rd October 2018 - Naples (Italy)

The International Conference on Cryptology And Network Security (CANS) is a recognized annual conference, focusing on all aspects of cryptology, and of data, network, and computer security. CANS 2018 will be held in Naples from the next 30th September until the 3rd October.

06/10/2018 to 11/10/2018
Security of Personal Data Processing Event - 8th October - Athens (Greece)

ENISA and Cyberwatching.eu co-organize in October 8, 2018 a workshop on security measures (article 32 GDPR) in Athens.