Online security assessment framework helps businesses cope with increased use of personal devices

Employees increasingly access sensitive company data remotely, often from personal devices where social media networks hold a prominent place. Easy targets for cyber criminals? Members of the DOGONA consortium believe so, and they have devised a risk assessment framework to help businesses alleviate this threat.

Working anytime, from anywhere. This could easily be an advertising slogan for the increasingly widespread corporate culture of telecommuting. And who would argue against it? Working from home cuts down on company expenditures, increases productivity, makes employees happier, and even helps tackle issues such as congestion and CO2 emissions.

But this new philosophy also does raise a few questions, a good one at that being related to security. Whilst industries have always been vulnerable to cyberattacks, the risk has considerably increased with the blurring line between private and professional devices, and the unprecedented success of social networks.

As Ms Francesca Giampaolo, coordinator of the DOGANA project, explains, there are different factors at play. “Not only do people increasingly use personal devices for work purposes, but they will often combine this use with that of social media whose business model consists in encouraging them to reveal and share personal information. These platforms fail to provide strong authentication mechanisms and, to make things worse, many people seem unable to avoid subjecting themselves to unnecessary risk and lack the knowledge to efficiently secure their devices.”

DOGANA answers this problem with a framework delivering ‘advanced social engineering and vulnerability assessment’ to measure and mitigate the risk related to social vulnerabilities. Whilst all industries are vulnerable, the system allows for quantifying actual risks based on business’ ICT dependence, level of consequences following attacks, level of associated risk and other metrics.

The framework consists of an open source toolchain to perform the vulnerability assessment (information gathering, attack and hook preparation, attack execution and reporting); a training programme including awareness methods and a set of tools for automated risk mitigation; and a law enforcement component.

According to Giampaolo, DOGANA’s main innovations include the ‘information Gathering framework’ which relieves testers from gathering the information on their own, in turn reducing error rates and improving efficiency. There is also the ‘awareness framework’ offering a range of awareness methods that can be tailored to the needs of a specific company; as well as the ‘organisational policy framework’ that will provide a set of guidelines and requirements specifically for European enterprises. DOGANA is also fully compliant with GDPR.

“The framework is designed to provide general Social Driven Vulnerability Assessments (SDVA) services, but at the same time specific parts are tailored for the four application domains of applications that have been tested in the trial phase (defence, government, transport and emergency),” Giampaolo explains.

“Additionally, DOGANA has been designed with two distinct classes of end-users in mind, each with its own limitations and responsibilities: the SDVA Tester, responsible for tasks related to preparation and execution of SDVAs; and the Company Representative, who can access statistics and reports on the results of SDVA execution.”

DOGANA is targeting companies whose employees use a computer daily, providing a solution that can help them monitor the percentage of these employees that get tricked by phishing and social-engineering attacks in general. “We will help these companies to provide training programmes to make sure that their employees fully understand how to avoid getting tricked by emails that look very credible to an inexperienced user,” Giampaolo says.

Market offerings around DOGANA will include consulting services and training, and each consortium member will be promoting the framework to its relevant networks and partners.

Source: Cordis

Illustration Photo: Online Security (CC0 Creative Commons from Pixabay.com)

Read more

Comments

No comments to display.

Related posts

Call for Applications: Go Ignite Global Call

Start-ups working on solutions in IoT, Big Data Analytics, Cyber Security, Artificial Intelligence, 5G and Customer Experience Enhancement are encouraged to apply.
Application Deadline in 11 days

EU's Call for Proposals: Digital technologies for improved performance in cognitive production plants

Proposals need to develop new technologies to realise cognitive production plants, with improved efficiency and sustainability, by use of smart and networked sensor technologies, intelligent handling and online evaluation of various forms of data streams as well as new methods for self-organizing processes and process chains.
Application Deadline in 4 days

Increased Consumption of Plant-Based Protein Diets to Mitigate the Incidence of Type 2 Diabetes

The < a href = "https://www.marketsandmarkets.com/Market-Reports/wheat-protein-market-67845768.html">wheat protein market</a> is estimated at USD 2.04 Billion in 2017 and is projected to reach USD 2.58 Billion by 2022, at a CAGR of 4.8% from 2017. The wheat protein market has been largely driven by the growing demand for bakery products, the increasing popularity of plant-based foods, wheat protein being a suitable alternative for non-animal protein among vegans coupled with nutritional benefits for lactose-intolerant consumers.

Increase in Use of Crop Protection Products in Developing Countries Drives the Pesticide Inert Ingredients Market

The pesticide inert ingredients market is projected to reach USD 4.7 billion by 2023, from USD 3.5 billion in 2018, at a CAGR of 6.14% during the forecast period. The market is driven by factors such as the increasing demand for specific inert ingredients in pesticide formulation and capability of inert ingredients to improve the efficacy of pesticide application.

Pilot plant to turn sugarcane waste into biofuel and beer bottles

Their patented REACH technology, developed by US parent company Mercurius Biorefining, has the potential to convert sugarcane bagasse and other biomass into cost effective drop-in biofuels and bio-chemicals , as alternatives to fossil fuels.

Call for applications: The Entrepreneurship World Cup

The Entrepreneurship World Cup is more than just a global pitch competition with a shot at life-changing prizes. With 100,000 entrants from around the world, EWC elevates entrepreneurs – providing you with tools and resources to grow your venture. It doesn’t matter how far you’ve come – idea-stage, early-stage, growth-stage or beyond – EWC can put you on the right course. Leverage world-class content in the EWC Accelerator to: unleash your ideas, hone your pitching skills and engage with a global network of mentors. And, oh yeah, compete for those life-changing prizes, together with business opportunities and investment.
Application Deadline in 3 months

EU's Call for Proposals: EGNSS applications fostering digitisation

Actions should deliver new innovative applications, with commercial impact and a clear market uptake perspective (a Business Plan is required as part of the proposal). The proposed EGNSS applications may integrate digital technologies like Internet of Things (IoT), cloud computing, big data and robotics.
Application Deadline in 16 days

Growing Farm Labor Issues due to Higher Costs and Availability Drives the Smart Harvest Market Ma

The smart harvest market is projected to reach USD 15.6 billion by 2023, from USD 9.0 billion in 2018, at a CAGR of 11.81% during the forecast period. The market is driven by factors such as growing farm labor issues due to higher costs and availability, and cost efficiency benefits offered by smart harvest systems.

Call for applications: 2019 SEED Awards for Entrepreneurship in Sustainable Development

Are you part of a small and growing eco-inclusive enterprise that continues to deliver environmental, social and economic benefits to your target markets?
Application Deadline in 2 months

Review of Emerging Additive Manufacturing Technologies in 3D Printing of Cementitious Materials in the Construction Industry

Additive manufacturing is a fabrication technology that is rapidly revolutionizing the manufacturing and construction sectors. In this paper, a review of various prototyping technologies for printing cementitious materials and selected 3D printing techniques are presented in detail.