Project of the Week - HERMENEUT Project of the Week: HERMENEUT

Enterprises Intangible Risk Management via Economic Models based on Simulation of Modern Cyber Attacks

A Dynamic Solution for Intangible Assets


Project Hermeneut is a Horizon 2020 research and innovation project focusing on the economic aspects of cybersecurity, specially regarding intangible assets. It started in May 2017 and with a duration of 24 months it’s now approaching its end.

Hermeneut managed to address some critical topics in the cybersecurity area and to highlight its results is promoting it as project of the week from 18th to 24th of February.

An holistic and dynamic approach

Essentially, Hermeneut’s work can be split into two macro-activities: the development of the methodology and the development of a decision support tool to perform a risk self-assessment.

Where is innovation? First of all, the inclusion of intangible assets with an economic estimation for their losses in case of attack. Moreover, most of the established cyber-risk analysis methods provide little or no support for analysing changing and evolving risks or either strategies to support the management of organisations to determine when it is necessary to repeat the assessment. Project Hermeneut introduced an innovative approach based on weak signals correlation to do this.


Accurate risk analysis for the end-users

Currently the most common way for end-users to make a risk assessment is to buy for an assessment by a Cybersecurity vendor or through the self-questionnaires online. The bigger companies already have complex tools to assess cyber risk and it is easy to find short inaccurate questionnaires for cyber risk assessment on the web too. With this in mind, Hermeneut developed a RATING tool (Risk Assessment Tool for INtegrated Governance), a very good compromise between simplicity and depth of risk analysis.


Hermeneut’s proposal for a solid EU cybersecurity

According to Project Hermeneut’s representatives there are a lot of references for data breaches but not enough about DDoS and other type of attacks. This could be caused by the absence of a regulation that would make mandatory the notification of authority for every cyber-attack (not only when personal data are affected [GDPR]). This is a practice that would substantially help the EC to better direct the research and funding programs towards the most economically significant impacts of a cyber-attack

To know more about the project you can visit their website:


Read more about Cyberwatchingeu Project of the Week for 18-22 February 2019:


See more updates on our social media channels.

Twittter: http://@cyberwatchingeu



A Holistic framework: Business Process Re-engineering and functional toolkit for GDPR compliance

BPR4GDPR is one of the GDPR cluster projects that will provide a holistic framework able to support end-to-end GDPR-compliant intra- and interorganisational ICT-enabled processes at various scales, while also being generic enough, fulfilling operational requirements covering diverse application domains. Read this to find out more.

Future Events

IAM Online Europe live webinar - AARC Extensions to the REFEDS Assurance Framework

AARC is holding a live webinar on 27 June 2019 at 15:00 CEST, that will explain extensions to the REFEDS Assurance Framework and implementations that were devised in the AARC project.

Representation of the State of Hessen to the EU
04/07/2019 to 05/07/2019

Project CyberSec4Europe (Cyber Security for Europe) is holding it next event - "Representation of the State of Hessen to the EU" in Brussels, Belgium on 4-5 July 2019. 

Other three pilots are invited during CyberSec4Europe meetings.