Chance-Constrained Programming Method of IT Risk Countermeasures for Social Consensus Making

The authors address a social consensus making support in discussing countermeasures for information technology risks (IT risks). For supporting stakeholders' discussion on which IT risk countermeasures the stakeholders should implement, experts of the risk management estimate parameter values of the countermeasure, define a goal and constraints, and formulate the decision problem of the countermeasures to be implemented as one of 0-1 integer programming problems. Because parameter values and constraint values are uncertain, the decision problem is reformulated as a chance-constrained programming problem. The sample average approximation method is a well-known method for solving the chance-constrained programming problem. However, the computational time is still so long that the opinion leaders cannot use a solution of the chance-constrained programming problem in their discussion. The authors propose a high-speed chance-constrained programming method by aggregating the constraints that are generated by approximation of the problem in the sample average method. By applying the proposed method to real decision problems, the authors confirmed that computational time is decreased to 1 min while obtaining the same error rate and the same rate of the feasible solutions as a conventional method.

[1]  Richard F. Paige,et al.  Fault trees for security system design and analysis , 2003, Comput. Secur..

[2]  Thomas Peltier,et al.  Information Security Risk Analysis: A Pedagogic Model Based on a Teaching Hospital , 2006 .

[3]  Andrew W. Moore,et al.  X-means: Extending K-means with Efficient Estimation of the Number of Clusters , 2000, ICML.

[4]  Linda G. Wallace,et al.  Is Information Security Under Control?: Investigating Quality in Information Security Management , 2007, IEEE Security & Privacy.

[5]  A. Charnes,et al.  Chance-Constrained Programming , 1959 .

[6]  Erricos John Kontoghiorghes,et al.  Handbook of Computational Econometrics , 2009 .

[7]  Alexander Shapiro,et al.  Sample Average Approximation Method for Chance Constrained Programming: Theory and Applications , 2009, J. Optimization Theory and Applications.

[8]  Jean Cardinal,et al.  Minimum Entropy Combinatorial Optimization Problems , 2009, CiE.

[9]  Masaki Samejima,et al.  Approximation method for chance-constrained programming of social consensus formation concerning IT risk countermeasure , 2012, 2012 IEEE International Conference on Systems, Man, and Cybernetics (SMC).

[10]  G. Nemhauser,et al.  Integer Programming , 2020 .

[11]  D. Vose Risk Analysis: A Quantitative Guide , 2000 .

[12]  อนิรุธ สืบสิงห์,et al.  Data Mining Practical Machine Learning Tools and Techniques , 2014 .

[13]  Masaki Samejima,et al.  Chance-Constrained Programming Method by Constraints Aggregation for Social Consensus Making on IT Risk Countermeasure , 2013, 2013 IEEE International Conference on Systems, Man, and Cybernetics.

[14]  Manfred Morari,et al.  A tractable approximation of chance constrained stochastic MPC based on affine disturbance feedback , 2008, 2008 47th IEEE Conference on Decision and Control.

[15]  Ryôichi Sasaki,et al.  Development and Trial Application of Prototype Program for "Social-MRC": Social Consensus Formation Support System Concerning IT Risk Countermeasures , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[16]  Johnathan Mun Modeling Risk: Applying Monte Carlo Risk Simulation, Strategic Real Options, Stochastic Forecasting, and Portfolio Optimization , 2012 .

[17]  John M. Wilson,et al.  Introduction to Stochastic Programming , 1998, J. Oper. Res. Soc..

[18]  Mark Stamp,et al.  Information security - principles and practice , 2005 .

[19]  Xiang Li Credibilistic Programming: An Introduction to Models and Applications , 2013 .

[20]  Catherine A. Sugar,et al.  Finding the Number of Clusters in a Dataset , 2003 .

[21]  Alexander Shapiro,et al.  Convex Approximations of Chance Constrained Programs , 2006, SIAM J. Optim..

[22]  Ryoichi Sasaki,et al.  Application of “Multiple Risk Communicator“ to the Personal Information Leakage Problem , 2008 .

[23]  atherine,et al.  Finding the number of clusters in a data set : An information theoretic approach C , 2003 .

[24]  David L. Olson,et al.  A Linear Approximation for Chance-Constrained Programming , 1987 .

[25]  Muhammad Amer,et al.  A review of scenario planning , 2013 .