Application of “Multiple Risk Communicator“ to the Personal Information Leakage Problem

Along with the progress of our information society, various risks are becoming increasingly common, causing multiple social problems. For this reason, risk communications for establishing consensus among stakeholders who have different priorities have become important. However, it is not always easy for the decision makers to agree on measures to reduce risks based on opposing concepts, such as security, privacy and cost. Therefore, we previously developed and proposed the “Multiple Risk Communicator" (MRC) with the following functions: (1) modeling the support role of the risk specialist, (2) an optimization engine, and (3) displaying the computed results. In this paper, MRC program version 1.0 is applied to the personal information leakage problem. The application process and validation of the results are discussed.

Authors:

• Mitsuhiro Taniyama
• Yuu Hidaka
• Masato Arai
• Satoshi Kai
• Hiromi Igawa
• Hiroshi Yajima
• Ryoichi Sasaki

Keywords:

• Decision Making
• Personal Information Leakage Problem
• Risk Communication
• Risk Management

References:

[1] Ryoichi Sasaki, Saneyuki Ishii, Yuu Hidaka, Hiroshi Yajima, Hiroshi Yoshiura, Yuuko Murayama, "Development Concept for and trial application of a "multiplex risk communicator", IFIP I3E2005, Springer.
[2] Ryoichi Sasaki, Yuu Hidaka, Takashi Moriya, Mitsuhiro Taniyama,
Hiroshi Yajima, Kiyomi Yaegashi, Yasumasa Kawashima, Hiroshi
Yoshiura, "Development and applications of a Multiple Risk
Coomunicator", Risk Analysis 2008.
[3] Japanese Standards Association, "Information technology -- Guidelines
for the management of IT Security -- Part 3: Techniques for the management of IT Security", 2001.
[4] Bruce Schneier, Beyond Fear, Springer, 2006.
[5] R.S. Garfinkel et al.: Integer Programming, Wiley and Sons, 1972.
[6] N.J. McCormick: Reliability and Risk Analysis, Academic Press Inc.,1981.
[7] Japan Network Security Association, "2006 Information Security
Incident Survey Report",
http://www.jnsa.org/result/2006/pol/insident/070720/2006incidentsurve y-e_080403.pdf
[8] Japan Network Security Association, "2005 Information Security
Incident Survey Report",
http://www.jnsa.org/result/2005/20060803_pol01/2005incidentsurvey_060731en.pdf
[9] Japan Network Security Association, "2004 Information Security
Incident Survey Report",
http://www.jnsa.org/houkoku2004/incident_survey_en.pdf
[10] Japan Network Security Association, "Fiscal 2003 Information Security
Incident Survey Report",
http://www.jnsa.org/houkoku2003/incident_survey1_e.pdf
[11] Hiroshi Yajima, Tomohiro Watanabe, Ryoichi Sasaki, "Evaluation of the
Participant-Support Method for Information Acquisition in the "Multiplex Risk Communicator", 12th International Conference on
Human-Computer Interaction 2007.