DOGANA

Introduction

The advent of Social Networks has made both companies and public bodies tremendously exposed to the so-called Social Engineering 2.0, and thus prone to targeted cyber-attacks. Unfortunately, there is currently no solution available on the market that allows neither the comprehensive assessment of Social Vulnerabilities nor the management and reduction of the associated risk.

DOGANA aims to fill this gap by developing a framework that delivers "aDvanced sOcial enGineering And vulNerability Assessment". The underlying concept of DOGANA is that Social Vulnerabilities Assessments (SVAs), when regularly performed with the help of an efficient framework, help deploy effective mitigation strategies and lead to reducing the risk created by modern Social Engineering 2.0 attack techniques. Two relevant features of the proposed framework are:

1. the presence of the "awareness" component within the framework as the cornerstone of the mitigation activities;
2. the legal compliance by design of the whole framework, that will be ensured by a partner and a work package explicitly devoted to this task.

Moreover, the outcomes of the project are also expected to provide a solid basis to revise the insurance models for cyber-attacks related risks, thanks to the involvement of 2 strong DOGANA partners in this area of activity.

Who is the project designed for?

The project, started the 1st September 2015, will be implemented by a consortium of 18 partners, from 11 different countries, including users, technology providers of whom 3 are major world-wide cyber-security solutions market leaders as well as legal and psychological expertise. An extensive field trial plan enables the testing of the DOGANA platform with six users (4 partners and 2 supporting users) operating in the critical areas of energy, finance, transport, utilities, and public authorities. DOGANA has also created a unique consortium with a world-wide scope.

How is your project benefitting the end-user?

The main DOGANA aim is to provide enterprises with a complete framework to assess their exposure and consequently adopt secure countermeasures. This is not an easy problem due to several legal, technological and procedural limitations. The consortium includes several end-user partners, belonging to different industries as well as some project supporters (involved during the proposal preparation and committed to the project through a letter of interest). The aim is to perform real tests and trials involving the entire users group, carefully selected for their orthogonally in order to guarantee to the project the best possible coverage of all user’s needs.

Please briefly describe the results your project achieved so far

• Handling of Legal and ethical requirements to which the DOGANA system must comply according to current Regulation (GDPR): The result is the definition of a set of security policies that must be implemented by an organization to implement DOGANA-based SDVA systems.
• Extension of the psychological models and foundations driving the definition, implementation, and evaluation of awareness methods: Guidelines and strategies for incorporating a human-centric approach in user interactions and interfaces, for the toolset and the awareness methods.
• First assessment on the effectiveness of the awareness methods and the definition and implementation of Awareness strategies to improve people’s understanding of the social engineering phenomena through iterative training that should mitigate the overall risk.
• Tool chain architecture and specifications definition and implementation to support the assessment of social engineering exposure: DOGANA SDVA framework, consisting of assessment tools, SE-oriented vulnerability verification tools according to guidelines and evaluation criteria and requirements. This framework also includes data analysis and aggregation techniques.

What are the next steps for your project?

Field trials execution and validation