The advent of Social Networks has made both companies and public bodies tremendously exposed to the so-called Social Engineering 2.0, and thus prone to targeted cyber-attacks.
Unfortunately, there is currently no solution available on the market that allows neither the comprehensive assessment of Social Vulnerabilities nor the management and reduction of the associated risk.
DOGANA aims to fill this gap by developing a framework that delivers "aDvanced sOcial enGineering And vulNerability Assessment" . The underlying concept of DOGANA is that Social Driven Vulnerabilities Assessments (SDVAs), when regularly performed with the help of an efficient framework, help deploy effective mitigation strategies and lead to reducing the risk created by modern Social Engineering 2.0 attack techniques. Two relevant features of the proposed framework are:

- The presence of the "awareness" component within the framework as the cornerstone of the mitigation activities;
- The legal compliance by design of the whole framework, that will be ensured by a partner and a work package explicitly devoted to this task.

Moreover, the outcomes of the project are also expected to provide a solid basis to revise the insurance models for cyber-attacks related risks, thanks to the involvement of 2 strong DOGANA partners in this area of activity.


Latest from our Social Engineering Blog


Three articles focused on the DOGANA framework, available on Medium

Written by Enrico Frumento and Roberto Puricelli - CEFRIEL

Three articles, available on Medium, focus on Phishing and Social Engineering newest trends and on the DOGANA solutions:
- Social Engineering: an IT Security problem doomed to get worse, Enrico Frumento, July 10th, 2018
- Is context really relevant in phishing attacks?, Roberto Puricelli, July 9th, 2018
- What the Enterprises can do to measure and mitigate the latest evolutions of Social Engineering, Enrico Frumento, February 16th, 2018

Recently NIST published a report highlighting that “employees are more likely to click on links and attachments when the premise of the email matches their work responsibilities”. Therefore, according to NIST, context is a critical factor in discriminating why users wither click or don’t click on a phishing email.

At Cefriel we have worked extensively on the Social Engineering threat and the Human Factor vulnerabilities and we obtained insights that actually show the opposite, or at least that “context” is one of the enablers, but not the main one...


by Enrico Frumento and Roberto Puricelli (CEFRIEL)


This project has received funding from the European Union’s Horizon 2020 Research and Innovation programme, under grant agreement No. 653618




The DOGANA phishing videogame

Want to try it?
Read more here and contact us


Phishing: awareness through play

Want to try it?
Read more here and contact us


Contraband pixels and texts
Read all about our liteary-graphic competition on phishing and social engineering

All the pictures and novels