Risk assessment and management is an extended practice used in most corporations nowadays with the aim to identify, analyse and either accept or apply countermeasures to mitigate the risk. Different methodologies are being usually considered, such as MAGERIT, ISO/IEC 27005:2011, OCTAVE, CRAMM, EBIOS, NIST SP 800-30, etc. However, these methodologies provide a static assessment, in a specific moment, so the current approach of mobility and dynamicity of the organizational assets and the continuous evolution of threats lead to a quick obsolescence of their outputs.

The DHARMA (Dynamic Heterogeneous threAts Risk Management and Assessment) project aims to provide a framework for the achievement of an efficient Dynamic Risk Management and Assurance in ICT environments taking into account new types of threats known as APTs (Advanced Persistent Threats). These threats are characterised for not using just the classical means of penetration based on software vulnerabilities, but a combination of heterogeneous attack vectors customized for the organization and its employees, including the use of physical intrusions, employees deception, sensitive information abuse, side channels, etc. Thus, the current methodologies cannot manage adequately this dynamicity, with changes in context being a possible symptom of a new vulnerability and implying a potential modification in the list of risks identified for the organization.

The DHARMA project is devoted to provide an answer to this shortcoming, proposing a multilevel architecture where a remarkable number of heterogeneous sensors will capture any change in the organization context (not just traditional network attacks, but any type of context change), namely: variations in the normal usage of systems and networks, electric consumption deviations, physical security incidents with presence detectors and video surveillance, ambient sensors, social networks activity sensors, and even the characterization of labour unrest in the organization in order to anticipate possible insider attacks by malicious employees.

All these sensors, adequately orchestrated, will send their information to the processing layer, where analysis, correlation, evaluation and sharing with cooperative systems will be performed. The results will then be sent to a dynamic risk assessment engine, which calculates the instantaneous risk level of the organization according to their specific policies and the identified risk dimensions.

Finally, the risk will be processed taking into account the main sources of the risk, with a set of modular countermeasures, including among others:

As a result, the DHARMA framework will enable different types of organizations to deploy specific sensors, integrating all their information in a Dynamic Risk Assessment engine that will provide updated information of the organization risk levels, even in the case of new threats, thus allowing a quick reaction and minimising the exposure time to potential risky situations and events for the organization.

The next figure depicts the main functional blocks of the DHARMA proposal. All these blocks are thoroughly addressed in the Objectives section.