Development and Applications of a Multiple Risk Communicator with - PowerPoint PPT Presentation

Japan – Austria Joint 18 th October, 2010 Workshop Development and Applications of a Multiple Risk Communicator with its Future Direction Tokyo Denki University Professor Ryoichi Sasaki sasaki@im.dendai.ac.jp This research was partially supported by Japan Science and 1 Technology Agency

Table of Contents • Introduction • Development of Multiple Risk Communicator (MRC) • Application of MRC to Personal Information Leak Issue in a Local Government • Future Direction of MRC - Social-MRC as a Social Consensus Formation Support System • Conclusion 2

Table of Contents • Introduction • Development of Multiple Risk Communicator (MRC) • Application of MRC to Personal Information Leak Issue in a Local Government • Future Direction of MRC - Social-MRC as a Social Consensus Formation Support System • Conclusion 3

Various Risks in Corporate Management Original Risk Primary Risk The risk taken positively in order to obtain profits Secondary Risk Information Security Risk Personal Information Leakage Risk Compliance Risk, Tax Risk etc. The risk at which reputation gets worse 4

Trend Among them, Information security risk and privacy risk which contains personal information leakage risk become very serious in Japan. According to the JNSA survey in 2008, personal information of more than seven million people leaked in Japan. 5 JNSA: Japan Network Security Association

Security and Privacy Concepts Privacy Security Security （ Confidentiality, Integrity, Protection of （ Confidentiality, Integrity, Protection of Availability etc. ） personal information Availability etc. ） personal information Measures Privacy countermeasure Privacy countermeasure Security countermeasures Com- Security countermeasures Personal information Intrusion prevention patible? Personal information Intrusion prevention leakage prevention Conflict ? leakage prevention Data secrecy etc. Data secrecy etc. Anonymity maintenance Anonymity maintenance Technologies Security technology Privacy Technology Cryptography Anonymous channel , P3P Digital signature Ring Signature etc. Access control etc. 6

Multiple Risks (Risk vs. Risk) • Public key certificate system is main measure to reduce security risk. However it often causes privacy risk, because the user name, address, etc become open. • Thus, how to deal with one risk versus another risk, or tradeoff of multiple risks, is a major problem. Measure One Risk One Risk (e.g. Security Risk) (e.g. Security Risk) Another Risk Another Risk 7 (e.g. Privacy Risk) (e.g. Privacy Risk)

The Image to Solve the Conflict Preference of Security Decision Maker Solution with Technology ○ ○ <Example> ○ Preference ○ Public Key Certificate System (Name, Address, Birth Day ) Technology Privacy Attribute Certificate System (Only Attribute) Cost Many Participants for decision making have many preferences. 8

Table of Contents • Introduction • Development of Multiple Risk Communicator (MRC) • Application of MRC to Personal Information Leak Issue in an Organization • Future Direction of MRC - MRC as a Social Consensus Formation Support System • Conclusion 9

Background and Requirements to Develop MRC Requirement １ Existence of many risks (security risk, privacy risk and so on) ＝＞ Develop- ment of Necessity of measure for avoiding conflict Multiple of risks Requirement ２ Difficulty to achieve the Risk objective with only one measure ＝＞ Communi- cator Necessity of searching for optimal (MRC) combination of measures Requirement 3 Existence of many participants (executive officer , customers, employees and so on) ＝＞ Necessity of risk communication to obtain consensus from many participants 10

Requirements and Main Measures in MRC (1) Requirement １ Existence of many risks <MRC> (security risk, privacy risk and so on) ＝＞ Formulated as Necessity of measure for avoiding conflict Combinatorial of risks Optimization Requirement ２ Difficulty to achieve the Problem objective with only one measure ＝＞ Necessity of searching for optimal combination of measures Requirement 3 Existence of many participants (executive officer , customers, employees and so on) ＝＞ Necessity of risk communication to obtain consensus from many participants 11

Requirements and Main Measures in MRC (2) Requirement １ Existence of many risks (security risk, privacy risk and so on) ＝＞ <MRC> Necessity of measure for avoiding conflict of The display risks easy to Requirement ２ Difficulty to achieve the understand the objective with only one measure ＝＞ optimal Necessity of searching for optimal solution for combination of measures participants, Requirement 3 Existence of many and easy to participants (executive officer , customers, obtain the employees and so on) ＝＞ Necessity of risk consensus communication to obtain consensus from many participants 12

Overview of MRC Multiple Risk Communicator (MRC) (1) Assistant (4) Assistant Tool for (5) Database Tool for Specialists Participants Assistance for analysis Display the (2) Total Controller （ FTA etc. ） results of Assistance for analysis formulation (3) Optimization Engine Assistance for Assistance for consensus parameter construction setting (6) Negotiation Infrastructure The Internet Participants Specialists for decision making ( Manager, 13 Facilitator Customer, Employee, etc. )

Development of MRC Program (1) The MRC program was implemented using Java and PHP in a Windows XP environment. (2) The total number of coding steps was about 10,000 . (3) Apache 2.24 was used for the Web server, MySQL 5.0 for the Database server, and Xoops 2.0.16 for the communication server. (4) In addition, Mathematica 5.2 was used to deal with the numerical formula in the PC for the specialist. Ryoichi Sasaki, et al.” Development and applications of a multiple risk communicator ” Sixth International Conference on RISK 14 ANALYSIS 2008 (in Greece)

How to Use MRC (1) Multiple Risk Communicator (MRC) 1. In order to formulate as combinatorial Multi – Risk Communicator (MRC) Multi-Risk Communicator (1) Assistant optimization problem, specialists decide (4) Assistant (5) Database specialists （ a ） objective function , （ b ） constraint functions, Tool for Tool for Database （ c ） proposed measures, （ d ） coefficient values, Specialists Participants （ e ） constraint values. Assistance for analysis Display the (2) Total Controller （ FTA etc. ） results of Assistance for analysis formulation (3) Optimization Engine Assistance for Assistance for consensus parameter construction setting (6) Negotiation Infrastructure The Internet Participants Specialists for decision making ( Manager, 15 Facilitator Customer, Employee, etc. )

Decide the objective function and constraint functions Objective function ： Min (Total risk of information leakage ＋ Total cost of measures ） Constraint functions is used to represent the risks for each Stakeholder ： (a) Probability of leakage (for the year) for Customers (b) Cost of measures for Manager (c) Degree of worker’s privacy burden for Employees (d) Degree of worker’s convenience burden for Employees 16

Result of the total formulation Amount of damage ＊ ｛ Minimization : Min 8 ∑ + + ＋ ｝ (P P P ) Ci * X i α α β 1 2 = 8 ∑ i 1 ≤ C X Ct （Total cost of measures） Subject to i i = i 1 8 ∑ ≤ D X D （Degree of privacy burden） 1 i 1 i = i 1 8 ∑ ≤ （Degree of convenience burden ） D X D 2 i 2 i = i 1 = + + ≤ ( 0 , 1 ) X P P P Pt i α α β 1 2 ( Probability of Information Leakage) 17

Result of the total formulation Amount of damage ＊ ｛ Minimization : Min 8 ∑ + + ＋ ｝ (P P P ) Ci * X i α α β 1 2 = 8 ∑ i 1 ≤ C X Ct （Total cost of measures） Subject to i i = i 1 8 ∑ ≤ If Xi=1, then i-th D X D （Degree of privacy burden） 1 i 1 i alternative measure is = i 1 adopted 8 ∑ ≤ If Xi=0, the i-th （Degree of convenience burden ） D X D 2 i 2 i alternative measure is not = i 1 adopted = + + ≤ ( 0 , 1 ) X P P P Pt i α α β 1 2 Ci: cost of i-th measure. ( Probability of Information Leakage) 18

Result of the total formulation Amount of damage ＊ ｛ Minimization : Min 8 ∑ + + ＋ ｝ (P P P ) Ci * X i α α β 1 2 = 8 ∑ i 1 ≤ P α１ ： Probability of leakage by the employee permitted to C X Ct （Total cost of measures） Subject to i i enter the isolated area. This equation is obtained = i 1 automatically from Fault Tree with MRC. ⎧ 8 ⎫ ⎛ − ⎞ ⎛ − ∑ ⎞ ≤ + ⎜ Δ ⎟ ⎜ ⎟ D X D P 1 P X 1 P X （Degree of privacy burden） ⎪ ⎪ α α 1 i 1 ⎪ ⎝ ⎠ ⎝ ⎠ i ⎪ b 8 8 6 6 = = 1 1 i 1 ⎨ ⎬ P P α a ⎛ − ⎞ ⎛ − ⎞ ⎛ − ⎞ ⎪ ⎪ 8 ∑ 1 + Δ Δ Δ ⎜ ⎟ ⎜ ⎟ ⎜ ⎟ ≤ P 1 P X 1 P X P 1 P X α α α （Degree of convenience burden ） ⎪ ⎪ D X D ⎝ ⎠ ⎝ ⎠ ⎝ ⎠ ⎩ c 1 1 2 2 d 3 3 ⎭ 2 i 2 i 1 1 1 = i 1 = + + ≤ ( 0 , 1 ) X P P P Pt i α α β 1 2 ( Probability of Information Leakage) 19