The advent of Social Networks has made both companies and public bodies tremendously exposed to the so-called Social Engineering 2.0, and thus prone to targeted cyber-attacks. Unfortunately, there is currently no solution available on the market that allows neither the comprehensive assessment of Social Vulnerabilities nor the management and reduction of the associated risk. DOGANA aims to fill this gap by developing a framework that delivers "aDvanced sOcial enGineering And vulNerability Assessment". The underlying concept of DOGANA is that Social Vulnerabilities Assessments (SVAs), when regularly performed with the help of an efficient framework, help deploy effective mitigation strategies and lead to reducing the risk created by modern Social Engineering 2.0 attack techniques. Two relevant features of the proposed framework are: i) the presence of the "awareness" component within the framework as the cornerstone of the mitigation activities; ii) the legal compliance by design of the whole framework, that will be ensured by a partner and a work package explicitly devoted to this task. Moreover, the outcomes of the project are also expected to provide a solid basis to revise the insurance models for cyber-attacks related risks, thanks to the involvement of 2 strong DOGANA partners in this area of activity. The project will be implemented by a consortium of 18 partners, from 11 different countries, including users, technology providers of whom 3 are major world-wide cyber-security solutions market leaders as well as legal and psychological expertise. An extensive field trial plan enables the testing of the DOGANA platform with six users (4 partners and 2 supporting users) operating in the critical areas of energy, finance, transport, utilities, and public authorities. DOGANA has also created a unique consortium with a world-wide scope.

IT security and risk management often ignore or underestimate the human factor (psychological, behavioural, societal, organisational and economic aspects) in the identification of cyber-risks, their quantitative economic impact and the costs of countermeasures. Cyber-attacks can harm intangible assets like reputation, IPR, expertise, and know-how. And there is severe imbalance between the efficiency of attacks and inadequate defences, due in part to the lack of quantitative information for decision makers to prioritise security investments. To foster a culture of risk management by an individual organisation or a complete sector, HERMENEUT answers: What is the real fallout of a data compromise and the long-run consequences on associated assets? What are the losses for intangible assets? Do other type of attacks (beyond data breach) severely impact intangible and tangible assets? HERMENEUT assesses vulnerabilities of organisations and corresponding tangible and intangible assets at risk, taking into account the business plans of the attacker, the commoditisation level of the target organisations, the exposure of the target and including human factors as well as estimating the likelihood that a potential cyber-attack exploits identified vulnerabilities. HERMENEUT’s cyber-security cost-benefit approach combines integrated assessment of vulnerabilities and their likelihoods with an innovative macro- and micro-economic model for intangible costs, delivering a quantitative estimation of the risks for an organisation or a business sector and investment guidelines for mitigation measures. 11 partners from 6 countries deliver an innovative methodology and advanced macro- and micro-economic models and make it available to the European research community. HERMENEUT implements its innovations in a decision support tool, tested with 2 users in healthcare and an IPR-intensive industry.