In the context of business process (BP) design, risk has been considered mainly from a project management perspective; however, risk is an inherent property of every BP. Knowledge sharing in cooperative BPes is a major source of business risk, as selfish or malicious actors will extract from the process’ information flows they have access to new knowledge, they will use for their own advantage.This disclosure risk depends on the specific BP and on the value of disclosed information, which changes over time.Also, disclosure risk depends on the attack model.In the past, much research work has been done on analyzing the risk of running BPes either in the presence of rational (selfish) participating entities (actors) or in the presence of malicious actors.The main objective of DISCRISK is enabling BP designers to dynamically compute orchestrations that minimize the risk of knowledge disclosure while minimizing the orchestration‘s own cost, in the presence of 1.changing information value and 2.both rational and malicious actors. DISCRISK will design a theoretical framework supporting process-driven assessment of information value and the value-based definition of a disclosure risk.Thanks to the framework, it will be possible to compute BP orchestrations and encryption schemata that will be able to guarantee that rational actors do not have enough information to leave the process and at the same time, alleviate the negative impact of actions by malicious nodes. DISCRISK will produce a methodology and a toolkit to help process designers in applying risk-aware process engineering techniques to specific BPes. This toolkit will allow experimenting with innovative encryption techniques including portable, machine embeddable quantum cryptography systems and evolutionary techniques taking also in account optimization issues. Finally, DISCRISK will analyze the feasibility of the techniques, algorithms and tools on realistic examples dealing with knowledge-intensive BPes. While highly innovative, DISCRISK is related to existing lines of research, i.e. Collaborative Peer-to-Peer Computing (CP2PC). The difference between CP2PC and traditional P2P systems is that CP2PC peers collaborate in process tasks. CP2PC has been studied under two different points of view: a “classical” distributed computing view[FER1,KON] and a game-theoretic view[FER2,YUR]. Under the first view, the actors are classified as either malicious or correct, based on a predefined behavior. The malicious actors have a “dysfunctional” behavior due to a software error or when the actor behaves maliciously intentionally. Under the game-theoretic view, actors act on their own self-interest, that is, they are assumed to be rational[SHN]. DISCRISK results will significantly advance the state-of-the-art in the study of the tradeoffs between cost and security in BP design, and it will make an important step towards increasing the use of economic risk analysis for orchestrating BPes.