DHARMA

The main objective of the DHARMA project is to provide assistance for dynamic assessment and management of the risk and dynamically reassessed it in real time, in order to take innovative defence mechanisms to prevent, react and mitigate potential threats on sensitive assets of an organization. To achieve this novel aim, the DHARMA project will focus on the following objectives:

Design of a Distributed Dynamic Risk Assessment framework based on enforcing risk dynamic countermeasures to protect the assets of an organization from the impact of potential threats.
Characterization of heterogeneous sensors strategically deployed throughout the network in an intra and inter-firm setting, reporting to the dynamic risk assessment controller about security threats exploiting vulnerabilities on assets of the organization.
Definition and design of intelligent techniques to correlate and collaboratively process the most relevant data gathered from heterogeneous sensors to assess the assets' risk in a dynamic fashion, isolating unreliable data coming from not well-reputed sources.
Definition and deployment of dynamic countermeasures as response actions in protecting assets according to the current risk level, where the AIRS designed and implemented in the RECLAMO project will come also into play to infer the optimum reaction as a defence strategy.
Development and validation of the 3-tier framework in two representative scenarios: a BYOD (Bring Your Own Device) scenario and a Smart Cities scenario. The validation results will allow transferring the knowledge and the results generated in the DHARMA project, as well as generating prototypes that can be used for pilot testing in their particular communication scenarios.

The following table summarizes the contributions of the DHARMA project (last row) into the risk assessment and management field, in comparison with other traditional (first row) and dynamic (second row) risk analysis schemes.

Inputs	Risk Assessment Approach	Risk Management or Treatment	Methodologies, standards & tools
Assets Vulnerabilities Threats Safeguards and policies	Discrete intervals of time Set of inputs updated manually by the administrators	Preventive to reduce and mitigate the risk	Mature tools, standards and methodologies fully adopted and implemented
Traditional inputs Alerts from security tools such as IDSs or SIEMs	Continuous process Real-time analysis of inputs, but some shortcomings and challenge detected	Preventive to reduce and mitigate the risk Reactive to mitigate threats (e.g., decision trees and rules)	There are no standards nor common models
Traditional inputs Alerts from security tools such as IDSs or SIEMs Network and system context information Smart Grids networks Physical security sensors Social sensors	Dynamic process Real-time analysis, trying to solve detected challenges	Preventive to reduce and mitigate the risk Reactive to mitigate threats by integrating impact and risk in external AIRSs or a multi-step correlator Collaborative to share risk data amongst DRA controllers complying with privacy requirements	Selection of the most efficient after a thorough analysis of the standards and methods Adoption of existing and ad-hoc tools to cover the gap